-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
56 lines (41 loc) · 1.45 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
FROM golang:1.22-alpine as builder
# https://github.com/syncthing/syncthing/releases
ENV VERSION=v1.27.6
# Add unprivileged user
RUN echo "syncthing:x:1000:1000:syncthing:/:" > /etc_passwd
RUN echo "syncthing:x:1000:syncthing" > /etc_group
# Install build needs
RUN apk add --no-cache \
git \
upx
# Get syncthing from Github
RUN git clone --depth 1 --branch "${VERSION}" https://github.com/syncthing/syncthing.git /syncthing
WORKDIR /syncthing
# Compile static syncthing
# https://github.com/syncthing/syncthing/blob/main/Dockerfile#L10
RUN --mount=type=cache,target=/root/.cache \
CGO_ENABLED=0 go run build.go -no-upgrade build syncthing
# Minify binaries and create config folder
# no upx: 23.6M
# upx: 9.4M
# --best: 9.1M
# --brute: breaks the binary
RUN upx --best syncthing && \
upx -t syncthing && \
mkdir /config
FROM scratch
# Force GUI on 0.0.0.0
ENV STGUIADDRESS=0.0.0.0:8384
# Copy the unprivileged user
COPY --from=builder /etc_passwd /etc/passwd
COPY --from=builder /etc_group /etc/group
# ca-certificates are required to resolve https// syncthing domains:
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Add static syncthing binary
COPY --from=builder /syncthing/syncthing /usr/bin/syncthing
# Add /config placeholder (empty dir)
COPY --from=builder --chown=syncthing /config /config
USER syncthing
ENTRYPOINT ["/usr/bin/syncthing", "-home", "/config"]
# Expose the webinterface and the protocol ports
EXPOSE 8384 22000