# This is a helix flavoured Dockerfile for Gitea which is inspired from
# the official Dockerfile.rootless from https://github.com/go-gitea/gitea/

FROM alpine:3.14.0 AS verifier

RUN apk --no-cache add gnupg curl && \
    curl -L https://dl.gitea.io/gitea/{{ .Version }}/gitea-{{ .Version }}-linux-amd64 -o /gitea && \
    curl -L https://dl.gitea.io/gitea/{{ .Version }}/gitea-{{ .Version }}-linux-amd64.asc -o /gitea.asc && \
    gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 && \
    gpg --verify /gitea.asc /gitea


FROM alpine:3.14.0

RUN apk --no-cache add \
    bash \
    ca-certificates \
    gettext \
    git \
    curl \
    gnupg

RUN addgroup -S -g {{ .GroupId }} git && \
    adduser -S -H -D -h /helix/gitea/data/home -s /bin/bash -u {{ .UserId }} -G git git && \
    mkdir -p /helix/gitea/data /helix/gitea/tmp && \
    chown git:git /helix/gitea/data && chmod 0700 /helix/gitea/data && \
    chown git:git /helix/gitea/tmp && chmod 0700 /helix/gitea/tmp

COPY --from=verifier --chown=root:root /gitea /usr/local/bin/gitea
ADD app.ini /helix/gitea/config/
ADD entrypoint.sh /usr/local/bin/entrypoint.sh
ADD --chown={{ .UserId }}:{{ .GroupId }} dynamic_git.yaml /helix/gitea/tmp/

RUN chown -R git:git /helix/gitea/config/app.ini && \
    chmod 0400 /helix/gitea/config/app.ini && \
    chmod a+x /usr/local/bin/gitea && \
    chmod a+x /usr/local/bin/entrypoint.sh

ENV GITEA_WORK_DIR=/helix/gitea/data \
    GITEA_CUSTOM=/helix/gitea/data/custom \
    GITEA_APP_INI=/helix/gitea/config/app.ini \
    GITEA_BIN=/usr/local/bin/gitea \
    HOME=/helix/gitea/data/home

USER {{ .UserId }}:{{ .GroupId }}

WORKDIR /helix/gitea/data

VOLUME ["/helix/gitea/data"]

EXPOSE {{ .HttpPort }} {{ .SshPort }}

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

CMD []