Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(docker): avoid copying volume inside container #142

Merged
merged 3 commits into from
May 18, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,26 @@ RUN cargo build --release --locked --no-default-features
RUN rm -f target/release/deps/git_cliff*

FROM debian:buster-slim as runner

# Everything inside this container will be explicitly mounted by the end user,
# so we can sidestep some Git security restrictions. This app recommends
# mounting data to /app, but this *can* be changed externally and *will* be
# changed when run by GitHub Actions, so we need to cover our bases.
RUN echo '[safe]\n\tdirectory = *' > /etc/gitconfig

COPY --from=builder /app/target/release/git-cliff /usr/local/bin
WORKDIR git-home
RUN cat <<'EOF' > entrypoint.sh
WORKDIR app

# Even if the repository as marked as safe, GitHub Actions and some other
# environments insist on running the entrypoint as root inside the container
# even when being run by a non priviledged user on their own files. Here we
# check the ownership of the workdir (which may or may not be /app) and change
# our effective user/group ID to match.
RUN cat <<'EOF' > /usr/local/bin/entrypoint.sh
#!/bin/sh
cp -r /app /git-home/app
cd /git-home/app
exec git-cliff "$@"
if [ "$(id -u)" -ne "$(stat -c '%u' .)" ]; then
orhun marked this conversation as resolved.
Show resolved Hide resolved
eids="$(stat -c '--euid %u --egid %g' .)"
fi
exec ${eids:+setpriv --clear-groups $eids} git-cliff $@
EOF
ENTRYPOINT ["sh", "entrypoint.sh"]
ENTRYPOINT ["sh", "/usr/local/bin/entrypoint.sh"]
4 changes: 2 additions & 2 deletions website/docs/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ Docker builds are [automated](https://github.com/orhun/git-cliff/tree/main/.gith
The easiest way of running **git-cliff** (in the git root directory with [configuration file](/docs/configuration) present) is to use the available tags from [Docker Hub](https://hub.docker.com/r/orhunp/git-cliff):

```bash
docker run -t -v "$(pwd)/.git":/app/ "orhunp/git-cliff:${TAG:-latest}"
docker run -t -v "$(pwd)":/app/ "orhunp/git-cliff:${TAG:-latest}"
orhun marked this conversation as resolved.
Show resolved Hide resolved
```

Or you can use the image from the [GitHub Package Registry](https://github.com/orhun/git-cliff/pkgs/container/git-cliff%2Fgit-cliff):

```bash
docker run -t -v "$(pwd)/.git":/app/ "ghcr.io/orhun/git-cliff/git-cliff:${TAG:-latest}"
docker run -t -v "$(pwd)":/app/ "ghcr.io/orhun/git-cliff/git-cliff:${TAG:-latest}"
```

### Building
Expand Down