Improve docker caching

maxstanley · maxstanley · commit 104d1d15caf2 · 2023-11-11T18:50:43.000Z
diff --git a/.dockerignore b/.dockerignore
@@ -111,3 +111,7 @@ prime/
 
 # Manpage
 /man
+
+Dockerfile
+.dockerignore
+.github/
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -24,7 +24,6 @@ modifies/migrations:
 modifies/internal:
   - "Makefile"
   - "Dockerfile"
-  - "Dockerfile.rootless"
   - "docker/**"
   - "webpack.config.js"
   - ".eslintrc.yaml"
diff --git a/.github/workflows/files-changed.yml b/.github/workflows/files-changed.yml
@@ -78,7 +78,6 @@ jobs:
 
             docker:
               - "Dockerfile"
-              - "Dockerfile.rootless"
               - "docker/**"
               - "Makefile"
 
diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml
@@ -11,25 +11,21 @@ jobs:
   files-changed:
     uses: ./.github/workflows/files-changed.yml
 
-  regular:
+  docker:
     if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
       - uses: docker/setup-buildx-action@v3
       - uses: docker/build-push-action@v5
         with:
+          target: gitea
+          pull: true
           push: false
           tags: gitea/gitea:linux-amd64
-
-  rootless:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v3
       - uses: docker/build-push-action@v5
         with:
+          target: gitea-rootless
+          pull: true
           push: false
-          file: Dockerfile.rootless
           tags: gitea/gitea:linux-amd64
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
@@ -57,7 +57,7 @@ jobs:
       - name: upload binaries to s3
         run: |
           aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-  nightly-docker-rootful:
+  nightly-docker:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -91,44 +91,17 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
           tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
-  nightly-docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version-file: go.mod
-          check-latest: true
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          # if main then say nightly otherwise cleanup name
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "branch=nightly" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
       - name: build rootless docker image
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea-rootless
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
-          file: Dockerfile.rootless
           tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless
diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
@@ -86,7 +86,9 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -118,8 +120,9 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea-rootless
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
-          file: Dockerfile.rootless
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
@@ -95,7 +95,9 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -134,8 +136,9 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: gitea-rootless
           platforms: linux/amd64,linux/arm64
+          pull: true
           push: true
-          file: Dockerfile.rootless
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -18,59 +18,104 @@ RUN apk --no-cache add \
     && rm -rf /var/cache/apk/*
 
 # Setup repo
-COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 
+COPY ./go.mod .
+
+RUN go mod download
+
+COPY package.json .
+COPY package-lock.json .
+
+RUN npm install --no-save --verbose
+
+COPY . .
+
 # Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
  && make clean-all build
 
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-# Copy local files
-COPY docker/root /tmp/local
-
-# Set permissions
-RUN chmod 755 /tmp/local/usr/bin/entrypoint \
-              /tmp/local/usr/local/bin/gitea \
-              /tmp/local/etc/s6/gitea/* \
-              /tmp/local/etc/s6/openssh/* \
-              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-
-FROM docker.io/library/alpine:3.18
+FROM docker.io/library/alpine:3.18 AS gitea-base
 LABEL maintainer="maintainers@gitea.io"
 
-EXPOSE 22 3000
-
 RUN apk --no-cache add \
     bash \
     ca-certificates \
-    curl \
     gettext \
     git \
+    curl \
+    gnupg \
+    && rm -rf /var/cache/apk/*
+
+RUN addgroup -S -g 1000 git
+
+FROM gitea-base AS gitea-rootless
+LABEL maintainer="maintainers@gitea.io"
+
+EXPOSE 2222 3000
+
+RUN apk --no-cache add \
+    dumb-init \
+    && rm -rf /var/cache/apk/*
+
+RUN adduser \
+    -S -H -D \
+    -h /var/lib/gitea/git \
+    -s /bin/bash \
+    -u 1000 \
+    -G git \
+    git
+
+RUN mkdir -p /var/lib/gitea /etc/gitea
+RUN chown git:git /var/lib/gitea /etc/gitea
+
+# Copy local files
+COPY --chmod=755 docker/rootless /tmp/local
+
+COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+COPY --from=build-env --chmod=644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+
+# git:git
+USER 1000:1000
+ENV GITEA_WORK_DIR /var/lib/gitea
+ENV GITEA_CUSTOM /var/lib/gitea/custom
+ENV GITEA_TEMP /tmp/gitea
+ENV TMPDIR /tmp/gitea
+
+# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+ENV GITEA_APP_INI /etc/gitea/app.ini
+ENV HOME "/var/lib/gitea/git"
+VOLUME ["/var/lib/gitea", "/etc/gitea"]
+WORKDIR /var/lib/gitea
+
+ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
+CMD []
+
+FROM gitea-base AS gitea
+LABEL maintainer="maintainers@gitea.io"
+
+EXPOSE 22 3000
+
+RUN apk --no-cache add \
     linux-pam \
     openssh \
     s6 \
     sqlite \
     su-exec \
-    gnupg \
     && rm -rf /var/cache/apk/*
 
-RUN addgroup \
-    -S -g 1000 \
-    git && \
-  adduser \
+RUN adduser \
     -S -H -D \
     -h /data/git \
     -s /bin/bash \
     -u 1000 \
     -G git \
     git && \
-  echo "git:*" | chpasswd -e
+    echo "git:*" | chpasswd -e
 
 ENV USER git
 ENV GITEA_CUSTOM /data/gitea
@@ -80,7 +125,8 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]
 
-COPY --from=build-env /tmp/local /
-COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+COPY --chmod=755 docker/root /tmp/local
+
+COPY --from=build-env --chmod=755 /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env --chmod=755 /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+COPY --from=build-env --chmod=644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
