Verify download, fix invidious file permission (#949)

* Fix docker
pull/1156/head
tleydxdy 5 years ago committed by GitHub
parent 9d23cf33fd
commit bd2c7e3bb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -27,8 +27,5 @@ jobs:
install: install:
- docker-compose build - docker-compose build
script: script:
- docker-compose up - docker-compose up -d
- sleep 15 # Wait for cluster to become ready, TODO: do not sleep - while curl -Isf http://localhost:3000; do sleep 1; done
- HEADERS="$(curl -I -s http://localhost:3000/)"
- STATUS="$(echo $HEADERS | head -n1)"
- if [[ "$STATUS" != *"200 OK"* ]]; then echo "$HEADERS"; exit 1; fi

@ -1,27 +1,25 @@
FROM alpine:edge AS builder FROM alpine:edge AS builder
RUN apk add --no-cache crystal shards libc-dev \ RUN apk add --no-cache curl crystal shards libc-dev \
yaml-dev libxml2-dev sqlite-dev zlib-dev openssl-dev \ yaml-dev libxml2-dev sqlite-dev zlib-dev openssl-dev \
sqlite-static zlib-static openssl-libs-static yaml-static sqlite-static zlib-static openssl-libs-static
WORKDIR /invidious WORKDIR /invidious
COPY ./shard.yml ./shard.yml RUN curl -Lo /etc/apk/keys/omarroth.rsa.pub https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/omarroth.rsa.pub && \
RUN shards update && shards install
RUN apk add --no-cache curl && \
curl -Lo /etc/apk/keys/omarroth.rsa.pub https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/omarroth.rsa.pub && \
curl -Lo boringssl-dev.apk https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/boringssl-dev-1.1.0-r0.apk && \ curl -Lo boringssl-dev.apk https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/boringssl-dev-1.1.0-r0.apk && \
curl -Lo lsquic.apk https://github.com/omarroth/lsquic-alpine/releases/download/2.6.3-r0/lsquic-2.6.3-r0.apk && \ curl -Lo lsquic.apk https://github.com/omarroth/lsquic-alpine/releases/download/2.6.3-r0/lsquic-2.6.3-r0.apk && \
tar -xf boringssl-dev.apk && \ apk verify --no-cache boringssl-dev.apk lsquic.apk && \
tar -xf lsquic.apk tar -xf boringssl-dev.apk usr/lib/libcrypto.a usr/lib/libssl.a && \
RUN mv ./usr/lib/libcrypto.a ./lib/lsquic/src/lsquic/ext/libcrypto.a && \ tar -xf lsquic.apk usr/lib/liblsquic.a && \
mv ./usr/lib/libssl.a ./lib/lsquic/src/lsquic/ext/libssl.a && \ rm /etc/apk/keys/omarroth.rsa.pub boringssl-dev.apk lsquic.apk
mv ./usr/lib/liblsquic.a ./lib/lsquic/src/lsquic/ext/liblsquic.a COPY ./shard.yml ./shard.yml
RUN shards update && shards install && \
mv ./usr/lib/* ./lib/lsquic/src/lsquic/ext && \
rm -r ./usr /root/.cache
COPY ./src/ ./src/ COPY ./src/ ./src/
# TODO: .git folder is required for building this is destructive. # TODO: .git folder is required for building this is destructive.
# See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION. # See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION.
COPY ./.git/ ./.git/ COPY ./.git/ ./.git/
RUN crystal build ./src/invidious.cr \ RUN crystal build ./src/invidious.cr \
--static --warnings all --error-on-warnings \ --static --warnings all --error-on-warnings \
# TODO: Remove next line, see https://github.com/crystal-lang/crystal/issues/7946
-Dmusl \
--link-flags "-lxml2 -llzma" --link-flags "-lxml2 -llzma"
FROM alpine:latest FROM alpine:latest
@ -30,10 +28,11 @@ WORKDIR /invidious
RUN addgroup -g 1000 -S invidious && \ RUN addgroup -g 1000 -S invidious && \
adduser -u 1000 -S invidious -G invidious adduser -u 1000 -S invidious -G invidious
COPY ./assets/ ./assets/ COPY ./assets/ ./assets/
COPY ./config/config.yml ./config/config.yml COPY --chown=invidious ./config/config.yml ./config/config.yml
RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
COPY ./config/sql/ ./config/sql/ COPY ./config/sql/ ./config/sql/
COPY ./locales/ ./locales/ COPY ./locales/ ./locales/
RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
COPY --from=builder /invidious/invidious . COPY --from=builder /invidious/invidious .
USER invidious USER invidious
CMD [ "/invidious/invidious" ] CMD [ "/invidious/invidious" ]

Loading…
Cancel
Save