mirror of
https://github.com/orhun/git-cliff.git
synced 2024-12-14 10:20:01 +03:00
41 lines
1.5 KiB
Docker
41 lines
1.5 KiB
Docker
# syntax=docker/dockerfile:1.4.3-labs
|
|
FROM lukemathwalker/cargo-chef:0.1.62-rust-1.72-buster AS chef
|
|
WORKDIR app
|
|
|
|
FROM chef AS planner
|
|
COPY . .
|
|
RUN cargo chef prepare --recipe-path recipe.json
|
|
|
|
FROM chef AS builder
|
|
COPY --from=planner /app/recipe.json recipe.json
|
|
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
|
|
RUN cargo chef cook --release --recipe-path recipe.json
|
|
COPY . .
|
|
RUN cargo build --release --locked --no-default-features
|
|
RUN rm -f target/release/deps/git_cliff*
|
|
|
|
FROM debian:buster-slim as runner
|
|
|
|
# Everything inside this container will be explicitly mounted by the end user,
|
|
# so we can sidestep some Git security restrictions. This app recommends
|
|
# mounting data to /app, but this *can* be changed externally and *will* be
|
|
# changed when run by GitHub Actions, so we need to cover our bases.
|
|
RUN echo '[safe]\n\tdirectory = *' > /etc/gitconfig
|
|
|
|
COPY --from=builder /app/target/release/git-cliff /usr/local/bin
|
|
WORKDIR app
|
|
|
|
# Even if the repository as marked as safe, GitHub Actions and some other
|
|
# environments insist on running the entrypoint as root inside the container
|
|
# even when being run by a non priviledged user on their own files. Here we
|
|
# check the ownership of the workdir (which may or may not be /app) and change
|
|
# our effective user/group ID to match.
|
|
RUN cat <<'EOF' > /usr/local/bin/entrypoint.sh
|
|
#!/bin/sh
|
|
if [ "$(id -u)" -ne "$(stat -c '%u' .)" ]; then
|
|
eids="$(stat -c '--euid %u --egid %g' .)"
|
|
fi
|
|
exec ${eids:+setpriv --clear-groups $eids} git-cliff $@
|
|
EOF
|
|
ENTRYPOINT ["sh", "/usr/local/bin/entrypoint.sh"]
|