diff options
author | vnugent <public@vaughnnugent.com> | 2024-06-05 19:55:39 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-06-05 19:55:39 -0400 |
commit | 3c228b3cc5172fae398af8de72b64bd780ace20c (patch) | |
tree | 8bddd62c934a669578575313fe9f631587db7dc0 /ci/container/Dockerfile | |
parent | 21d2719701f851d4a555c363b141f289f14a5192 (diff) |
ci: Update packages and add container build
Diffstat (limited to 'ci/container/Dockerfile')
-rw-r--r-- | ci/container/Dockerfile | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile new file mode 100644 index 0000000..8e6a11e --- /dev/null +++ b/ci/container/Dockerfile @@ -0,0 +1,100 @@ +#Copyright (c) Vaughn Nugent +#Licensed under the GNU AGPL V3.0 + +#use plain alpine latest to build native libraries in +FROM alpine:3.19 as native-cont + +#install public libs and build tools +RUN apk update && apk add --no-cache build-base cmake npm git openssl +#most universal way to use Task is from NPM +RUN npm install -g @go-task/cli + +WORKDIR /build + +#include local artifacts +COPY app/ . + +#build internal libraries and copy the libraries to the /lib output directory +RUN mkdir out/ ssl/ +RUN task build-libs + +#APP CONTAINER +#move into a clean dotnet apline lean image +FROM mcr.microsoft.com/dotnet/runtime:8.0.3-alpine3.19-amd64 as app-cont + +LABEL name="vnuge/cmnext" +LABEL maintainer="Vaughn Nugent <vnpublic@proton.me>" +LABEL description="A dead-simple, multi-channel cms for your blog or podcast built for static storage like S3 or FTP" + +#copy local artifacts again in run container +COPY app/ /app + +#pull compiled libs from build container +COPY --from=native-cont /build/out /app/lib +#copy self signed ssl certs for first startup +COPY --from=native-cont /build/ssl /app/ssl + +RUN apk update && apk add --no-cache gettext icu-libs dumb-init + +#workdir +WORKDIR /app + +#default to 8080 for TLS on TCP +EXPOSE 8080/tcp + +VOLUME /app/data \ + /app/ssl \ +#expose an assets directory for custom assets install + /app/usr/assets + +#disable dotnet invariant culture on alpine +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 + +#add helper/required libraries +#ENV VNLIB_SHARED_HEAP_FILE_PATH=/app/lib/libvn_rpmalloc.so not ready yet, still need to debug +ENV VNLIB_ARGON2_DLL_PATH=/app/lib/libargon2.so + +#set default env variables +ENV MAX_CONTENT_LENGTH=204800000 \ + REG_TOKEN_DURATION_MIN=360 + +#SQL Config +ENV SQL_LIB_PATH=VNLib.Plugins.Extensions.Sql.SQLite.dll +ENV SQL_CONNECTION_STRING="Data Source=data/cmnext.db;" + +#ACCOUNTS +ENV MAX_LOGIN_ATTEMPS=10 + +#HC Vault +ENV HC_VAULT_ADDR="" \ + HC_VAULT_TOKEN="" \ + HC_VAULT_TRUST_CERT=false + +#VNCACHE (default to memory only) +ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll \ + MEMCACHE_ONLY=true \ + REDIS_CONNECTION_STRING="" \ + VNCACHE_INITIAL_NODES=[] + +#SECRETS +ENV PASSWORD_PEPPER="" \ + DATABASE_PASSWORD="" \ + REDIS_PASSWORD="" \ + VNCACHE_CLIENT_PRIVATE_KEY="" \ + VNCACHE_CACHE_PUBLIC_KEY="" + + +#HTTP/PROXY Config +ENV HTTP_DOWNSTREAM_SERVERS=[] \ + HTTP_TRACE_ON=false + +#set default certificate files to the self signed ones created in the build container +ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}' + +#disable plugin debugging by default +ENV DEBUG_PLUGINS=false + +#run the init script within dumb-init +ENTRYPOINT ["dumb-init", "--"] +CMD ["ash", "./run.sh"] + |