Dockerfile refactor and version bump

Dockerfile

@@ -1,131 +1,38 @@
-FROM node:18-bullseye-slim
+FROM ghost:5.75.3 as build
 
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.16
-# grab yq for easy parsing
-# https://github.com/mikefarah/yq/releases
-ENV YQ_VERSION v4.25.1
-RUN set -eux; \
-# save list of currently installed packages for later so we can clean up
-	savedAptMark="$(apt-mark showmanual)"; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
-	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
-    wget -O /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_$dpkgArch"; \
-	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
-	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+RUN apt-get update; apt-get install -y --no-install-recommends ca-certificates wget; \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    wget -O /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_$dpkgArch"; \
     chmod +x /usr/local/bin/yq; \
-	\
-# verify the signature
-	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
-	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
-	\
-# clean up fetch dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	\
-	chmod +x /usr/local/bin/gosu; \
-# verify that the binary works
-	gosu --version; \
-	gosu nobody true
-
-ENV NODE_ENV production
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*
 
-ENV GHOST_CLI_VERSION 1.25.3
-RUN set -eux; \
-	npm install -g "ghost-cli@$GHOST_CLI_VERSION"; \
-	npm cache clean --force
+COPY --chmod=a+x docker_entrypoint.sh /usr/local/bin
+COPY scripts/local /var/lib/ghost/current/core/built/admin/assets/local
 
-ENV GHOST_INSTALL /var/lib/ghost
-ENV GHOST_CONTENT /var/lib/ghost/content
+FROM node:18-bullseye-slim as final
 
-ENV GHOST_VERSION 5.75.2
+ENV NODE_ENV=production \
+	GHOST_CLI_VERSION=1.25.3 \
+	GHOST_INSTALL=/var/lib/ghost \
+	GHOST_CONTENT=/var/lib/ghost/content
 
 RUN set -eux; \
-	mkdir -p "$GHOST_INSTALL"; \
-	chown node:node "$GHOST_INSTALL"; \
-	\
-	savedAptMark="$(apt-mark showmanual)"; \
-	aptPurge=; \
-	\
-	installCmd='gosu node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"'; \
-	if ! eval "$installCmd"; then \
-		aptPurge=1; \
-		apt-get update; \
-		apt-get install -y --no-install-recommends g++ make python3; \
-		eval "$installCmd"; \
-	fi; \
-	\
-# Tell Ghost to listen on all ips and not prompt for additional configuration
-	cd "$GHOST_INSTALL"; \
-	gosu node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368'; \
-	gosu node ghost config paths.contentPath "$GHOST_CONTENT"; \
-	\
-# make a config.json symlink for NODE_ENV=development (and sanity check that it's correct)
-	gosu node ln -s config.production.json "$GHOST_INSTALL/config.development.json"; \
-	readlink -f "$GHOST_INSTALL/config.development.json"; \
-	\
-# need to save initial content for pre-seeding empty volumes
-	mv "$GHOST_CONTENT" "$GHOST_INSTALL/content.orig"; \
-	mkdir -p "$GHOST_CONTENT"; \
-	chown node:node "$GHOST_CONTENT"; \
-	chmod 1777 "$GHOST_CONTENT"; \
-	\
-# force install a few extra packages manually since they're "optional" dependencies
-# (which means that if it fails to install, like on ARM/ppc64le/s390x, the failure will be silently ignored and thus turn into a runtime error instead)
-# see https://github.com/TryGhost/Ghost/pull/7677 for more details
-	cd "$GHOST_INSTALL/current"; \
-# scrape the expected versions directly from Ghost/dependencies
-	packages="$(node -p ' \
-		var ghost = require("./package.json"); \
-		var transform = require("./node_modules/@tryghost/image-transform/package.json"); \
-		[ \
-			"sharp@" + transform.optionalDependencies["sharp"], \
-		].join(" ") \
-	')"; \
-	if echo "$packages" | grep 'undefined'; then exit 1; fi; \
-	for package in $packages; do \
-		installCmd='gosu node yarn add "$package" --force'; \
-		if ! eval "$installCmd"; then \
-# must be some non-amd64 architecture pre-built binaries aren't published for, so let's install some build deps and do-it-all-over-again
-			aptPurge=1; \
-			apt-get update; \
-			apt-get install -y --no-install-recommends g++ make python3; \
-			case "$package" in \
-				# TODO sharp@*) apt-get install -y --no-install-recommends libvips-dev ;; \
-				sharp@*) echo >&2 "sorry: libvips 8.10 in Debian bullseye is not new enough (8.12.2+) for sharp 0.30 😞"; continue ;; \
-			esac; \
-			\
-			eval "$installCmd --build-from-source"; \
-		fi; \
-	done; \
-	\
-	if [ -n "$aptPurge" ]; then \
-		apt-mark showmanual | xargs apt-mark auto > /dev/null; \
-		[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-		apt-get purge -y --auto-remove; \
-		rm -rf /var/lib/apt/lists/*; \
-	fi; \
-	\
-	gosu node yarn cache clean; \
-	gosu node npm cache clean --force; \
-	npm cache clean --force; \
-	rm -rv /tmp/yarn* /tmp/v8*
-RUN set -eux; \
-    apt-get update; \
-	apt-get install -y --no-install-recommends mariadb-server mariadb-client; \
+    apt-get update; apt-get install -y --no-install-recommends mariadb-server; \
     rm /etc/mysql/mariadb.conf.d/50-server.cnf; \
-	rm -rf /var/lib/apt/lists/*;
+	rm -rf /var/lib/apt/lists/*
 
 WORKDIR $GHOST_INSTALL
 VOLUME $GHOST_CONTENT
 
-COPY --chmod=a+x docker_entrypoint.sh /usr/local/bin
-COPY scripts/local /var/lib/ghost/current/core/built/admin/assets/local
+COPY --from=build $GHOST_INSTALL $GHOST_INSTALL
+COPY --from=build /usr/local/bin/yq /usr/local/bin/
+COPY --from=build /usr/local/bin/gosu /usr/local/bin/
+COPY --from=build /usr/local/bin/docker* /usr/local/bin/
+COPY --from=build /usr/local/lib/node_modules/ghost-cli /usr/local/lib/node_modules/ghost-cli
+
+RUN ln -sfn ../lib/node_modules/ghost-cli/bin/ghost /usr/local/bin/ghost; \
+	ln -sfn $GHOST_INSTALL/versions/$(ls $GHOST_INSTALL/versions/ | sort -V | tail -n 1) $GHOST_INSTALL/current; \
+	chown -R node:node $GHOST_INSTALL; \
+	chmod 1777 $GHOST_CONTENT
+

docker_entrypoint.sh

@@ -97,7 +97,7 @@ if [ "$(yq e .useTinfoil /var/lib/ghost/content/start9/config.yaml)" = "true" ];
     sed -i 's#https://ghost.org/changelog.json#/#g' /var/lib/ghost/current/core/built/admin/assets/ghost-*.js
 fi
 
-sed -i 's#https://code.jquery.com/jquery-3.5.1.min.js#/ghost/assets/local/jquery-3.5.1.min.js#g' /var/lib/ghost/current/content/themes/casper/default.hbs
+sed -i 's#https://code.jquery.com/jquery-3.5.1.min.js#/ghost/assets/local/jquery-3.5.1.min.js#g' /var/lib/ghost/current/content/themes/*/default.hbs
 sed -i 's#https://static.ghost.org/v5.0.0/images/publication-cover.jpg#'$LAN_ADDR'/ghost/assets/local/publication-cover.png#g' /var/lib/ghost/current/core/server/data/schema/default-settings/default-settings.json
 sed -i 's#https://static.ghost.org/v4.0.0/images/feature-image.jpg#'$LAN_ADDR'/ghost/assets/local/feature-image.jpg#g' /var/lib/ghost/current/core/server/data/schema/fixtures/fixtures.json
 sed -i 's#https://static.ghost.org/v4.0.0/images/ghost-orb-1.png#/ghost/assets/local/ghost-orb-1.png#g' /var/lib/ghost/current/core/built/admin/assets/ghost-*.js

manifest.yaml

@@ -1,11 +1,11 @@
 id: ghost
 title: "Ghost"
-version: 5.75.2
+version: 5.75.3
 release-notes: |
   * Fixed editor crash when typing `:,`, `:|`, or similar
   * Other minor bugfixes
   * Latest version of localy hosted scripts
-  * Latest upstream update - full changelog available [here](https://github.com/TryGhost/Ghost/compare/v5.75.1...v5.75.2)
+  * Latest upstream update - full changelog available [here](https://github.com/TryGhost/Ghost/compare/v5.75.1...v5.75.3)
 license: MIT
 wrapper-repo: "https://github.com/Start9Labs/ghost-startos"
 upstream-repo: "https://github.com/TryGhost/ghost"

scripts/procedures/migrations.ts

@@ -1,4 +1,4 @@
 import { compat, types as T } from "../deps.ts";
 
 export const migration: T.ExpectedExports.migration = compat.migrations
-    .fromMapping( {}, "5.75.2" );
+    .fromMapping( {}, "5.75.3" );