FROM node:20-bookworm # Install golang (Source: https://github.com/docker-library/golang) RUN set -eux; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ url=; \ case "$arch" in \ 'amd64') \ url='https://dl.google.com/go/go1.23.0.linux-amd64.tar.gz'; \ sha256='905a297f19ead44780548933e0ff1a1b86e8327bb459e92f9c0012569f76f5e3'; \ ;; \ 'arm64') \ url='https://dl.google.com/go/go1.23.0.linux-arm64.tar.gz'; \ sha256='62788056693009bcf7020eedc778cdd1781941c6145eab7688bd087bce0f8659'; \ ;; \ *) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \ esac; \ \ wget -O go.tgz.asc "$url.asc"; \ wget -O go.tgz "$url" --progress=dot:giga; \ echo "$sha256 *go.tgz" | sha256sum -c -; \ \ # https://github.com/golang/go/issues/14739#issuecomment-324767697 GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ # https://www.google.com/linuxrepositories/ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \ # let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \ gpg --batch --verify go.tgz.asc go.tgz; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" go.tgz.asc; \ \ tar -C /usr/local -xzf go.tgz; \ rm go.tgz; \ \ /usr/local/go/bin/go version # Install other tools RUN set -eux; \ curl -SsL --output /usr/share/keyrings/thetadev.gpg "https://thetadev.de/repo/thetadev.gpg"; \ echo "2cca310dec333631005b6c033715e5b25e305e33be66eb4ba924619dab94d539 /usr/share/keyrings/thetadev.gpg" | sha256sum -c; \ echo "deb [signed-by=/usr/share/keyrings/thetadev.gpg] https://thetadev.de/repo universal main\ndeb [signed-by=/usr/share/keyrings/thetadev.gpg] https://thetadev.de/repo bookworm main" > /etc/apt/sources.list.d/thetadev.list; \ dpkg --add-architecture amd64; \ dpkg --add-architecture arm64; \ apt-get update; \ apt-get upgrade -y; \ apt-get install -y --no-install-recommends sudo python-is-python3 python3-pip python3-poetry nano tree zip zstd brotli zopfli jq yq golangci-lint \ rustup cargo-audit cargo-deny cargo-sqlx cargo-nextest git-cliff just task pre-commit mdbook shellcheck ffmpeg \ libssl-dev:amd64 libssl-dev:arm64; \ \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ case "$arch" in \ 'amd64') \ apt-get install -y gcc-aarch64-linux-gnu; \ ;; \ 'arm64') \ apt-get install -y gcc-x86-64-linux-gnu; \ ;; \ *) echo >&2 "error: unsupported architecture '$arch'"; exit 1 ;; \ esac; \ \ apt-get clean; \ printf 'fund=false\nupdate-notifier=false' > /root/.npmrc; \ npm install -g pnpm tsx # User setup RUN userdel -r node && useradd -m ci && echo 'ci ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers USER ci # Install Rust RUN set -eux; \ rustup install stable; \ rustup target add x86_64-unknown-linux-gnu x86_64-unknown-linux-musl aarch64-unknown-linux-gnu aarch64-unknown-linux-musl # User account setup RUN set -eux; \ gpg --batch --keyserver keys.openpgp.org --recv-keys 86b02e72397343b766f005dd649ca4ebdc338394; \ echo -e "5\ny\n" | gpg --no-tty --command-fd=0 --edit-key 86b02e72397343b766f005dd649ca4ebdc338394 trust; \ git config --global user.name "Forgejo Actions"; \ git config --global user.email "forgejo.actions@example.com"; \ git config --global init.defaultBranch main; \ mkdir -p /home/ci/.cargo /home/ci/.config; \ arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \ case "$arch" in \ 'amd64') \ printf '[target.aarch64-unknown-linux-gnu]\nlinker = "aarch64-linux-gnu-gcc"' > /home/ci/.cargo/config.toml; \ ;; \ 'arm64') \ printf '[target.x86_64-unknown-linux-gnu]\nlinker = "x86_64-linux-gnu-gcc"' > /home/ci/.cargo/config.toml; \ ;; \ *) echo >&2 "error: unsupported architecture '$arch'"; exit 1 ;; \ esac; \ printf 'fund=false\nupdate-notifier=false' > /home/ci/.npmrc; \ printf '[profile.ci]\nfailure-output = "immediate-final"\nfail-fast = false\n\n[profile.ci.junit]\npath = "junit.xml"' > /home/ci/.config/nextest.toml; ENV PATH /usr/local/go/bin:/home/ci/go/bin:/home/ci/.cargo/bin:$PATH ENV NEXTEST_PROFILE ci ENTRYPOINT /usr/bin/bash