Skip to content

Commit

Permalink
Bring back In-house build
Browse files Browse the repository at this point in the history
  • Loading branch information
@k0gen
k0gen committed Jan 5, 2024
1 parent 599fea8 commit cb0d11d
Showing 1 changed file with 111 additions and 5 deletions.
116 changes: 111 additions & 5 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,131 @@
FROM ghost:5.75.1
FROM node:18-bullseye-slim

# grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.16
# grab yq for easy parsing
# https://github.com/mikefarah/yq/releases
ENV YQ_VERSION v4.25.1
RUN set -eux; \
apt-get update; \
# save list of currently installed packages for later so we can clean up
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_$dpkgArch"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
chmod +x /usr/local/bin/yq; \
apt-get remove --purge -y ca-certificates gnupg wget; \
apt-mark auto '.*' > /dev/null; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false;
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true

ENV NODE_ENV production

ENV GHOST_CLI_VERSION 1.25.3
RUN set -eux; \
npm install -g "ghost-cli@$GHOST_CLI_VERSION"; \
npm cache clean --force

ENV GHOST_INSTALL /var/lib/ghost
ENV GHOST_CONTENT /var/lib/ghost/content

ENV GHOST_VERSION 5.75.2

RUN set -eux; \
mkdir -p "$GHOST_INSTALL"; \
chown node:node "$GHOST_INSTALL"; \
\
savedAptMark="$(apt-mark showmanual)"; \
aptPurge=; \
\
installCmd='gosu node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"'; \
if ! eval "$installCmd"; then \
aptPurge=1; \
apt-get update; \
apt-get install -y --no-install-recommends g++ make python3; \
eval "$installCmd"; \
fi; \
\
# Tell Ghost to listen on all ips and not prompt for additional configuration
cd "$GHOST_INSTALL"; \
gosu node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368'; \
gosu node ghost config paths.contentPath "$GHOST_CONTENT"; \
\
# make a config.json symlink for NODE_ENV=development (and sanity check that it's correct)
gosu node ln -s config.production.json "$GHOST_INSTALL/config.development.json"; \
readlink -f "$GHOST_INSTALL/config.development.json"; \
\
# need to save initial content for pre-seeding empty volumes
mv "$GHOST_CONTENT" "$GHOST_INSTALL/content.orig"; \
mkdir -p "$GHOST_CONTENT"; \
chown node:node "$GHOST_CONTENT"; \
chmod 1777 "$GHOST_CONTENT"; \
\
# force install a few extra packages manually since they're "optional" dependencies
# (which means that if it fails to install, like on ARM/ppc64le/s390x, the failure will be silently ignored and thus turn into a runtime error instead)
# see https://github.com/TryGhost/Ghost/pull/7677 for more details
cd "$GHOST_INSTALL/current"; \
# scrape the expected versions directly from Ghost/dependencies
packages="$(node -p ' \
var ghost = require("./package.json"); \
var transform = require("./node_modules/@tryghost/image-transform/package.json"); \
[ \
"sharp@" + transform.optionalDependencies["sharp"], \
].join(" ") \
')"; \
if echo "$packages" | grep 'undefined'; then exit 1; fi; \
for package in $packages; do \
installCmd='gosu node yarn add "$package" --force'; \
if ! eval "$installCmd"; then \
# must be some non-amd64 architecture pre-built binaries aren't published for, so let's install some build deps and do-it-all-over-again
aptPurge=1; \
apt-get update; \
apt-get install -y --no-install-recommends g++ make python3; \
case "$package" in \
# TODO sharp@*) apt-get install -y --no-install-recommends libvips-dev ;; \
sharp@*) echo >&2 "sorry: libvips 8.10 in Debian bullseye is not new enough (8.12.2+) for sharp 0.30 😞"; continue ;; \
esac; \
\
eval "$installCmd --build-from-source"; \
fi; \
done; \
\
if [ -n "$aptPurge" ]; then \
apt-mark showmanual | xargs apt-mark auto > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
apt-get purge -y --auto-remove; \
rm -rf /var/lib/apt/lists/*; \
fi; \
\
gosu node yarn cache clean; \
gosu node npm cache clean --force; \
npm cache clean --force; \
rm -rv /tmp/yarn* /tmp/v8*
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends mariadb-server mariadb-client; \
rm /etc/mysql/mariadb.conf.d/50-server.cnf; \
rm -rf /var/lib/apt/lists/*;

WORKDIR $GHOST_INSTALL
VOLUME $GHOST_CONTENT

COPY --chmod=a+x docker_entrypoint.sh /usr/local/bin
COPY scripts/local /var/lib/ghost/current/core/built/admin/assets/local

0 comments on commit cb0d11d

Please sign in to comment.