diff --git a/.circleci/config.yml b/.circleci/config.yml index 747df192c..47204bf3d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,7 +11,7 @@ commands: Build and optionally deploy a Docker images parameters: dockerfile: - default: Dockerfile + default: Dockerfile.multistage description: 'Name of dockerfile to use, defaults to Dockerfile' type: string extra_build_args: diff --git a/Dockerfile.multistage b/Dockerfile.multistage new file mode 100644 index 000000000..ff329f043 --- /dev/null +++ b/Dockerfile.multistage @@ -0,0 +1,327 @@ +#---------------------------- +# base-builder +#---------------------------- +FROM ubuntu:jammy-20250126 AS base-builder + +ARG VERSION=17.9.0 + +ENV GITLAB_VERSION=${VERSION} \ + RUBY_VERSION=3.2.6 \ + RUBY_SOURCE_SHA256SUM="d9cb65ecdf3f18669639f2638b63379ed6fbb17d93ae4e726d4eb2bf68a48370" \ + RUBYGEMS_VERSION=3.5.23 \ + GOLANG_VERSION=1.24.0 \ + GITLAB_SHELL_VERSION=14.40.0 \ + GITLAB_PAGES_VERSION=17.9.0 \ + GITALY_SERVER_VERSION=17.9.0 \ + GITLAB_USER="git" \ + GITLAB_HOME="/home/git" \ + GITLAB_LOG_DIR="/var/log/gitlab" \ + GITLAB_CACHE_DIR="/etc/docker-gitlab" \ + RAILS_ENV=production \ + NODE_ENV=production + +ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \ + GITLAB_SHELL_INSTALL_DIR="${GITLAB_HOME}/gitlab-shell" \ + GITLAB_GITALY_INSTALL_DIR="${GITLAB_HOME}/gitaly" \ + GITLAB_DATA_DIR="${GITLAB_HOME}/data" \ + GITLAB_BUILD_DIR="${GITLAB_CACHE_DIR}/build" \ + GITLAB_RUNTIME_DIR="${GITLAB_CACHE_DIR}/runtime" + +ENV GITLAB_CLONE_URL="https://gitlab.com/gitlab-org/gitlab-foss.git" \ + GITLAB_SHELL_URL="https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v${GITLAB_SHELL_VERSION}/gitlab-shell-v${GITLAB_SHELL_VERSION}.tar.bz2" \ + GITLAB_PAGES_URL="https://gitlab.com/gitlab-org/gitlab-pages.git" \ + GITLAB_GITALY_URL="https://gitlab.com/gitlab-org/gitaly.git" \ + GITLAB_WORKHORSE_BUILD_DIR="${GITLAB_INSTALL_DIR}/workhorse" \ + GITLAB_PAGES_BUILD_DIR="/tmp/gitlab-pages" \ + GITLAB_GITALY_BUILD_DIR="/tmp/gitaly" \ + GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache" \ + RUBY_SRC_URL="https://cache.ruby-lang.org/pub/ruby/3.2/ruby-${RUBY_VERSION}.tar.gz" + +ENV BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \ + libc6-dev \ + libpq-dev zlib1g-dev libssl-dev \ + libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \ + libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev \ + gettext libkrb5-dev \ + libexpat1-dev libz-dev libpcre2-dev build-essential git" + +ARG BUILD_DATE +ARG VCS_REF + +LABEL \ + maintainer="sameer@damagehead.com" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date=${BUILD_DATE} \ + org.label-schema.name=gitlab \ + org.label-schema.vendor=damagehead \ + org.label-schema.url="https://github.com/sameersbn/docker-gitlab" \ + org.label-schema.vcs-url="https://github.com/sameersbn/docker-gitlab.git" \ + org.label-schema.vcs-ref=${VCS_REF} \ + com.damagehead.gitlab.license=MIT + +ENV GOROOT=/tmp/go +ENV PATH=${GOROOT}/bin:$PATH + +# install build dependencies for gem installation +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${BUILD_DEPENDENCIES} \ + && apt-get upgrade -y + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + wget ca-certificates apt-transport-https gnupg2 curl \ + && apt-get upgrade -y + +#---------------------------- +# base-builder-extended +#---------------------------- +FROM base-builder AS base-builder-extended + +RUN set -ex && \ + mkdir -p /etc/apt/keyrings \ + && wget --quiet -O - https://keyserver.ubuntu.com/pks/lookup?op=get\&search=0xe1dd270288b4e6030699e45fa1715d88e1df1f24 | gpg --dearmor -o /etc/apt/keyrings/git-core.gpg \ + && echo "deb [signed-by=/etc/apt/keyrings/git-core.gpg] http://ppa.launchpad.net/git-core/ppa/ubuntu jammy main" >> /etc/apt/sources.list \ + && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgres.gpg \ + && echo 'deb [signed-by=/etc/apt/keyrings/postgres.gpg] http://apt.postgresql.org/pub/repos/apt/ jammy-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ + && wget --quiet -O - https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \ + && echo 'deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main' > /etc/apt/sources.list.d/nodesource.list \ + && wget --quiet -O - https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarn.gpg \ + && echo 'deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list \ + && wget --quiet -O - https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/keyrings/nginx-archive-keyring.gpg \ + && echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu jammy nginx" >> /etc/apt/sources.list.d/nginx.list \ + && printf "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" >> /etc/apt/preferences.d/99nginx \ + && set -ex \ + && apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + sudo supervisor logrotate locales curl \ + nginx openssh-server postgresql-contrib redis-tools \ + postgresql-client-13 postgresql-client-14 postgresql-client-15 postgresql-client-16 postgresql-client-17 \ + python3 python3-docutils nodejs yarn gettext-base graphicsmagick \ + libpq5 zlib1g libyaml-dev libssl-dev libgdbm-dev libre2-dev \ + libreadline-dev libncurses5-dev libffi-dev curl openssh-server libxml2-dev libxslt-dev \ + libcurl4-openssl-dev libicu-dev libkrb5-dev rsync python3-docutils pkg-config cmake \ + runit-systemd \ + tzdata unzip libimage-exiftool-perl libmagic1 \ + && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ + && locale-gen en_US.UTF-8 \ + && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales \ + && rm -rf /var/lib/apt/lists/* /etc/nginx/conf.d/default.conf + +# add ${GITLAB_USER} user +RUN adduser --disabled-login --gecos 'GitLab' $GITLAB_USER \ + && passwd -d $GITLAB_USER + +#---------------------------- +# golang +#---------------------------- +FROM base-builder AS golang + +RUN echo "Downloading Go $GOLANG_VERSION..." \ + && dpkgArch="$(dpkg-architecture -qDEB_HOST_ARCH)" \ + && wget -cnv https://storage.googleapis.com/golang/go$GOLANG_VERSION.linux-${dpkgArch}.tar.gz -P $GITLAB_BUILD_DIR/ \ + && tar -xf $GITLAB_BUILD_DIR/go$GOLANG_VERSION.linux-${dpkgArch}.tar.gz -C /tmp/ + +#---------------------------- +# ruby +#---------------------------- +FROM ruby:3.2.7-bookworm AS ruby-inst + +ENV RUBYGEMS_VERSION=3.5.14 +# upgrade rubygems on demand +RUN gem update --no-document --system "$RUBYGEMS_VERSION" + +#---------------------------- +# gitlab-pages +#---------------------------- +FROM base-builder AS gitlab-pages + +RUN mkdir /tmp/go +COPY --from=golang /tmp/go /tmp/go + +# download gitlab-pages +RUN echo "Downloading gitlab-pages v.$GITLAB_PAGES_VERSION..." \ + && git clone -q -b v$GITLAB_PAGES_VERSION --depth 1 $GITLAB_PAGES_URL $GITLAB_PAGES_BUILD_DIR + +# install gitlab-pages +RUN make -C $GITLAB_PAGES_BUILD_DIR -j"$(nproc)" \ + && cp -a ${GITLAB_PAGES_BUILD_DIR}/gitlab-pages /usr/local/bin/ + +#---------------------------- +# gitaly +#---------------------------- +FROM base-builder AS gitaly + +RUN mkdir /tmp/go +COPY --from=golang /tmp/go /tmp/go + +# download and build gitaly +RUN echo "Downloading gitaly v.$GITALY_SERVER_VERSION..." \ + && git clone -q -b v$GITALY_SERVER_VERSION --depth 1 $GITLAB_GITALY_URL $GITLAB_GITALY_BUILD_DIR + +# install gitaly +RUN make -C $GITLAB_GITALY_BUILD_DIR install -j"$(nproc)" \ + && mkdir -p ${GITLAB_GITALY_INSTALL_DIR} +# The following line causes some issues. However, according to +# and +# there seems to +# be some attempts to remove ruby from gitaly. +# +# cp -a ${GITLAB_GITALY_BUILD_DIR}/ruby ${GITLAB_GITALY_INSTALL_DIR}/ + +# install git bundled with gitaly. +RUN make -C $GITLAB_GITALY_BUILD_DIR git GIT_PREFIX=/usr/local -j"$(nproc)" + +#---------------------------- +# gitlab-foss-source +#---------------------------- +FROM base-builder-extended AS gitlab-foss-source +# shallow clone gitlab-foss +USER git +RUN echo "Cloning gitlab-foss v.$GITLAB_VERSION..." \ + && git clone -q -b v$GITLAB_VERSION --depth 1 $GITLAB_CLONE_URL $GITLAB_INSTALL_DIR + +COPY assets/build/ ${GITLAB_BUILD_DIR}/ + +RUN find "$GITLAB_BUILD_DIR/patches/gitlabhq" -name "*.patch" | while read -r patch_file; do \ + printf "Applying patch %s for gitlab-foss...\n" "${patch_file}"; \ + git -C $GITLAB_INSTALL_DIR apply --ignore-whitespace < "${patch_file}"; \ + done +USER root + +RUN mkdir -p ${GITLAB_BUILD_DIR} + +#---------------------------- +# ruby-inst-extended +#---------------------------- +FROM gitlab-foss-source AS ruby-inst-extended + +COPY --from=ruby-inst /usr/local /usr/local + +# install bundler: use version specified in Gemfile.lock +RUN export BUNDLER_VERSION=$(grep "BUNDLED WITH" $GITLAB_INSTALL_DIR/Gemfile.lock -A 1 | grep -v "BUNDLED WITH" | tr -d "[:space:]"); \ + gem install bundler:"$BUNDLER_VERSION" + +#---------------------------- +# gitlab-shell +#---------------------------- +FROM gitlab-foss-source AS gitlab-shell + +RUN mkdir /tmp/go +COPY --from=golang /tmp/go /tmp/go + +COPY --from=ruby-inst-extended /usr/local /usr/local + +# download gitlab-shell +RUN echo "Downloading gitlab-shell v.$GITLAB_SHELL_VERSION..." \ + && mkdir -p $GITLAB_SHELL_INSTALL_DIR \ + && wget -cq $GITLAB_SHELL_URL -O $GITLAB_BUILD_DIR/gitlab-shell-$GITLAB_SHELL_VERSION.tar.bz2 \ + && tar xf $GITLAB_BUILD_DIR/gitlab-shell-$GITLAB_SHELL_VERSION.tar.bz2 --strip 1 -C $GITLAB_SHELL_INSTALL_DIR \ + && rm -rf $GITLAB_BUILD_DIR/gitlab-shell-$GITLAB_SHELL_VERSION.tar.bz2 \ + && chown -R $GITLAB_USER: $GITLAB_SHELL_INSTALL_DIR + +USER git + +RUN cd $GITLAB_SHELL_INSTALL_DIR \ + && cp -a config.yml.example config.yml \ + && echo "Compiling gitlab-shell golang executables..." \ + && bundle config set --local deployment 'true' \ + && bundle config set --local with 'development test' \ + && bundle install -j"$(nproc)" \ + && make verify setup + + # remove unused repositories directory created by gitlab-shell install + #rm -rf ${GITLAB_HOME}/repositories + + USER root + + # build gitlab-workhorse + RUN echo "Build gitlab-workhorse" \ + && git config --global --add safe.directory /home/git/gitlab \ + && make -C $GITLAB_WORKHORSE_BUILD_DIR install -j"$(nproc)" + # clean up + #rm -rf ${GITLAB_WORKHORSE_BUILD_DIR} + +#---------------------------- +# yarn +#---------------------------- +FROM gitlab-foss-source AS yarn + +USER git +RUN cd $GITLAB_INSTALL_DIR; yarn install --production --pure-lockfile +USER root + +#---------------------------- +# gitlab-foss-build +#---------------------------- +FROM gitlab-foss-source AS gitlab-foss-build + +COPY --from=ruby-inst-extended /usr/local /usr/local + +USER git + +RUN cd $GITLAB_INSTALL_DIR \ + && bundle config set --local deployment 'true' \ + && bundle config set --local without 'development test mysql aws' \ + && bundle install -j"$(nproc)" + +#---------------------------- +# final +#---------------------------- +FROM base-builder-extended AS final + +RUN mkdir $GITLAB_CACHE_DIR; mkdir $GITLAB_BUILD_DIR; mkdir $GITLAB_BUILD_DIR/build + +COPY --from=ruby-inst-extended /usr/local/bin /usr/local/bin +COPY --from=ruby-inst-extended /usr/local/lib /usr/local/lib + +COPY --from=gitlab-pages /usr/local/bin/gitlab-pages /usr/local/bin + +COPY --from=gitaly ${GITLAB_GITALY_BUILD_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml +COPY --from=gitaly /usr/local /usr/local + +COPY --from=gitlab-foss-source ${GITLAB_INSTALL_DIR} ${GITLAB_INSTALL_DIR} + +#COPY --from=gitlab-shell ${GITLAB_INSTALL_DIR} ${GITLAB_INSTALL_DIR} +COPY --from=gitlab-shell ${GITLAB_SHELL_INSTALL_DIR} ${GITLAB_SHELL_INSTALL_DIR} +COPY --from=gitlab-shell /usr/local /usr/local + +COPY --from=yarn ${GITLAB_INSTALL_DIR}/node_modules ${GITLAB_INSTALL_DIR}/node_modules + +COPY --from=gitlab-foss-build ${GITLAB_INSTALL_DIR} ${GITLAB_INSTALL_DIR} +COPY --from=gitlab-foss-build /usr/local /usr/local + +COPY assets/build/ ${GITLAB_BUILD_DIR}/ + +# gitlab.yml and database.yml are required for `assets:precompile` +USER git + +RUN cp ${GITLAB_INSTALL_DIR}/config/resque.yml.example ${GITLAB_INSTALL_DIR}/config/resque.yml \ + && cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml + +USER root + +# # +# # Temporary workaround, see +# # +# # exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml +RUN cp ${GITLAB_BUILD_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml \ + && chown ${GITLAB_USER}: ${GITLAB_INSTALL_DIR}/config/database.yml + +#======================================= +RUN bash ${GITLAB_BUILD_DIR}/install2.sh +#======================================= + +COPY assets/runtime/ ${GITLAB_RUNTIME_DIR}/ +COPY entrypoint.sh /sbin/entrypoint.sh +RUN chmod 755 /sbin/entrypoint.sh + +ENV prometheus_multiproc_dir="/dev/shm" + +EXPOSE 22/tcp 80/tcp 443/tcp + +RUN ln -s /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem + +VOLUME ["${GITLAB_DATA_DIR}", "${GITLAB_LOG_DIR}","${GITLAB_HOME}/gitlab/node_modules"] +WORKDIR ${GITLAB_INSTALL_DIR} +ENTRYPOINT ["/sbin/entrypoint.sh"] +CMD ["app:start"] diff --git a/assets/build/install2.sh b/assets/build/install2.sh new file mode 100755 index 000000000..7489063d1 --- /dev/null +++ b/assets/build/install2.sh @@ -0,0 +1,491 @@ +#!/bin/bash +set -e + +#GITLAB_CLONE_URL=https://gitlab.com/gitlab-org/gitlab-foss.git +#GITLAB_SHELL_URL=https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v${GITLAB_SHELL_VERSION}/gitlab-shell-v${GITLAB_SHELL_VERSION}.tar.bz2 +#GITLAB_PAGES_URL=https://gitlab.com/gitlab-org/gitlab-pages.git +#GITLAB_GITALY_URL=https://gitlab.com/gitlab-org/gitaly.git + +#GITLAB_WORKHORSE_BUILD_DIR=${GITLAB_INSTALL_DIR}/workhorse +#GITLAB_PAGES_BUILD_DIR=/tmp/gitlab-pages +#GITLAB_GITALY_BUILD_DIR=/tmp/gitaly + +#RUBY_SRC_URL=https://cache.ruby-lang.org/pub/ruby/${RUBY_VERSION%.*}/ruby-${RUBY_VERSION}.tar.gz + +GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache" + +#GOROOT=/tmp/go +#PATH=${GOROOT}/bin:$PATH + +export GOROOT PATH + +#BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \ +# libc6-dev \ +# libpq-dev zlib1g-dev libyaml-dev libssl-dev \ +# libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \ +# libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev \ +# gettext libkrb5-dev \ +# libexpat1-dev libz-dev libpcre2-dev build-essential git" + +## Execute a command as GITLAB_USER +exec_as_git() { + if [[ $(whoami) == "${GITLAB_USER}" ]]; then + "$@" + else + sudo -HEu ${GITLAB_USER} "$@" + fi +} + +# install build dependencies for gem installation +#apt-get update +#DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${BUILD_DEPENDENCIES} + +# build ruby from source +#echo "Building ruby v${RUBY_VERSION} from source..." +#PWD_ORG="$PWD" +#mkdir /tmp/ruby && cd /tmp/ruby +#curl --remote-name -Ss "${RUBY_SRC_URL}" +#printf '%s ruby-%s.tar.gz' "${RUBY_SOURCE_SHA256SUM}" "${RUBY_VERSION}" | sha256sum -c - +#tar xzf ruby-"${RUBY_VERSION}".tar.gz && cd ruby-"${RUBY_VERSION}" +#find "${GITLAB_BUILD_DIR}/patches/ruby" -name "*.patch" | while read -r patch_file; do +# echo "Applying patch ${patch_file}" +# patch -p1 -i "${patch_file}" +#done +#./configure --disable-install-rdoc --enable-shared +#make -j"$(nproc)" +#make install +#cd "$PWD_ORG" && rm -rf /tmp/ruby + +# upgrade rubygems on demand +#gem update --no-document --system "${RUBYGEMS_VERSION}" + +# PaX-mark ruby +# Applying the mark late here does make the build usable on PaX kernels, but +# still the build itself must be executed on a non-PaX kernel. It's done here +# only for simplicity. +paxctl -cvm "$(command -v ruby)" +# https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js +paxctl -cvm "$(command -v node)" + +# remove the host keys generated during openssh-server installation +rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub + +# add ${GITLAB_USER} user +#adduser --disabled-login --gecos 'GitLab' ${GITLAB_USER} +#passwd -d ${GITLAB_USER} + +# set PATH (fixes cron job PATH issues) +cat >> ${GITLAB_HOME}/.profile < and +# there seems to +# be some attempts to remove ruby from gitaly. +# +# cp -a ${GITLAB_GITALY_BUILD_DIR}/ruby ${GITLAB_GITALY_INSTALL_DIR}/ +#cp -a ${GITLAB_GITALY_BUILD_DIR}/config.toml.example ${GITLAB_GITALY_INSTALL_DIR}/config.toml +#rm -rf ${GITLAB_GITALY_INSTALL_DIR}/ruby/vendor/bundle/ruby/**/cache +#chown -R ${GITLAB_USER}: ${GITLAB_GITALY_INSTALL_DIR} + +# install git bundled with gitaly. +#make -C ${GITLAB_GITALY_BUILD_DIR} git GIT_PREFIX=/usr/local -j"$(nproc)" + +# clean up +#rm -rf ${GITLAB_GITALY_BUILD_DIR} + +# remove go +#go clean --modcache +#rm -rf ${GITLAB_BUILD_DIR}/go${GOLANG_VERSION}.linux-amd64.tar.gz ${GOROOT} + +# remove HSTS config from the default headers, we configure it in nginx +exec_as_git sed -i "/headers\['Strict-Transport-Security'\]/d" ${GITLAB_INSTALL_DIR}/app/controllers/application_controller.rb + +# revert `rake gitlab:setup` changes from gitlabhq/gitlabhq@a54af831bae023770bf9b2633cc45ec0d5f5a66a +exec_as_git sed -i 's/db:reset/db:setup/' ${GITLAB_INSTALL_DIR}/lib/tasks/gitlab/setup.rake + +# change SSH_ALGORITHM_PATH - we have moved host keys in ${GITLAB_DATA_DIR}/ssh/ to persist them +exec_as_git sed -i "s:/etc/ssh/:/${GITLAB_DATA_DIR}/ssh/:g" ${GITLAB_INSTALL_DIR}/app/models/instance_configuration.rb + +cd ${GITLAB_INSTALL_DIR} + +# install gems, use local cache if available +if [[ -d ${GEM_CACHE_DIR} ]]; then + echo "Found local npm package cache..." + mv ${GEM_CACHE_DIR} ${GITLAB_INSTALL_DIR}/vendor/cache + chown -R ${GITLAB_USER}: ${GITLAB_INSTALL_DIR}/vendor/cache +fi + +#exec_as_git bundle config set --local deployment 'true' +#exec_as_git bundle config set --local without 'development test mysql aws' +#exec_as_git bundle install -j"$(nproc)" + +# make sure everything in ${GITLAB_HOME} is owned by ${GITLAB_USER} user +chown -R ${GITLAB_USER}: ${GITLAB_HOME} + +# gitlab.yml and database.yml are required for `assets:precompile` +#exec_as_git cp ${GITLAB_INSTALL_DIR}/config/resque.yml.example ${GITLAB_INSTALL_DIR}/config/resque.yml +#exec_as_git cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml +# +# Temporary workaround, see +# +#exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml +#cp ${GITLAB_BUILD_DIR}/config/database.yml.postgresql ${GITLAB_INSTALL_DIR}/config/database.yml +#chown ${GITLAB_USER}: ${GITLAB_INSTALL_DIR}/config/database.yml + +# Installs nodejs packages required to compile webpack +#exec_as_git yarn install --production --pure-lockfile + +echo "Compiling assets. Please be patient, this could take a while..." +exec_as_git bundle exec rake gitlab:assets:compile USE_DB=false SKIP_STORAGE_VALIDATION=true NODE_OPTIONS="--max-old-space-size=8192" + +# remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml +rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml + +# remove gitlab shell and workhorse secrets +rm -f ${GITLAB_INSTALL_DIR}/.gitlab_shell_secret ${GITLAB_INSTALL_DIR}/.gitlab_workhorse_secret + +exec_as_git mkdir -p ${GITLAB_INSTALL_DIR}/tmp/pids/ ${GITLAB_INSTALL_DIR}/tmp/sockets/ +chmod -R u+rwX ${GITLAB_INSTALL_DIR}/tmp + +# symlink ${GITLAB_HOME}/.ssh -> ${GITLAB_LOG_DIR}/gitlab +rm -rf ${GITLAB_HOME}/.ssh +exec_as_git ln -sf ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh + +# symlink ${GITLAB_INSTALL_DIR}/log -> ${GITLAB_LOG_DIR}/gitlab +rm -rf ${GITLAB_INSTALL_DIR}/log +ln -sf ${GITLAB_LOG_DIR}/gitlab ${GITLAB_INSTALL_DIR}/log + +# symlink ${GITLAB_INSTALL_DIR}/public/uploads -> ${GITLAB_DATA_DIR}/uploads +rm -rf ${GITLAB_INSTALL_DIR}/public/uploads +exec_as_git ln -sf ${GITLAB_DATA_DIR}/uploads ${GITLAB_INSTALL_DIR}/public/uploads + +# symlink ${GITLAB_INSTALL_DIR}/.secret -> ${GITLAB_DATA_DIR}/.secret +rm -rf ${GITLAB_INSTALL_DIR}/.secret +exec_as_git ln -sf ${GITLAB_DATA_DIR}/.secret ${GITLAB_INSTALL_DIR}/.secret + +# WORKAROUND for https://github.com/sameersbn/docker-gitlab/issues/509 +rm -rf ${GITLAB_INSTALL_DIR}/builds +rm -rf ${GITLAB_INSTALL_DIR}/shared + +# install gitlab bootscript, to silence gitlab:check warnings +cp ${GITLAB_INSTALL_DIR}/lib/support/init.d/gitlab /etc/init.d/gitlab +chmod +x /etc/init.d/gitlab + +# disable default nginx configuration and enable gitlab's nginx configuration +rm -rf /etc/nginx/sites-enabled/default + +# configure sshd +sed -i \ + -e "s|^[#]*UsePAM yes|UsePAM no|" \ + -e "s|^[#]*UsePrivilegeSeparation yes|UsePrivilegeSeparation no|" \ + -e "s|^[#]*PasswordAuthentication yes|PasswordAuthentication no|" \ + -e "s|^[#]*LogLevel INFO|LogLevel VERBOSE|" \ + -e "s|^[#]*AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_proxy|" \ + /etc/ssh/sshd_config +echo "AcceptEnv GIT_PROTOCOL" >> /etc/ssh/sshd_config # Allow clients to explicitly set the Git transfer protocol, e.g. to enable version 2. +echo "UseDNS no" >> /etc/ssh/sshd_config + +# move supervisord.log file to ${GITLAB_LOG_DIR}/supervisor/ +sed -i "s|^[#]*logfile=.*|logfile=${GITLAB_LOG_DIR}/supervisor/supervisord.log ;|" /etc/supervisor/supervisord.conf + +# silence "CRIT Server 'unix_http_server' running without any HTTP authentication checking" message +# https://github.com/Supervisor/supervisor/issues/717 +sed -i '/\.sock/a password=dummy' /etc/supervisor/supervisord.conf +sed -i '/\.sock/a username=dummy' /etc/supervisor/supervisord.conf +# prevent confusing warning "CRIT Supervisor running as root" by clarify run as root +# user not defined in supervisord.conf by default, so just append it after [supervisord] block +sed -i "/\[supervisord\]/a user=root" /etc/supervisor/supervisord.conf + +# move nginx logs to ${GITLAB_LOG_DIR}/nginx +sed -i \ + -e "s|access_log /var/log/nginx/access.log;|access_log ${GITLAB_LOG_DIR}/nginx/access.log;|" \ + -e "s|error_log /var/log/nginx/error.log;|error_log ${GITLAB_LOG_DIR}/nginx/error.log;|" \ + /etc/nginx/nginx.conf + +# fix "unknown group 'syslog'" error preventing logrotate from functioning +sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf + +# configure supervisord log rotation +cat > /etc/logrotate.d/supervisord < /etc/logrotate.d/gitlab < /etc/logrotate.d/gitlab-shell < /etc/logrotate.d/gitaly < /etc/logrotate.d/gitlab-nginx < /etc/supervisor/conf.d/puma.conf < /etc/supervisor/conf.d/sidekiq.conf < /etc/supervisor/conf.d/gitlab-workhorse.conf < /etc/supervisor/conf.d/gitaly.conf < /etc/supervisor/conf.d/mail_room.conf < /etc/supervisor/conf.d/sshd.conf < /etc/supervisor/conf.d/nginx.conf < /etc/supervisor/conf.d/cron.conf < /etc/supervisor/conf.d/groups.conf </dev/null 2>&1 + exec_as_git bundle exec rake gitlab:assets:compile NODE_OPTIONS="--max-old-space-size=8192" >/dev/null 2>&1 fi echo "Clearing cache..."