Dockerfile.rootless

# syntax=docker/dockerfile:1
# Build frontend on the native platform to avoid QEMU-related issues with nodejs ecosystem
FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26-alpine3.23 AS frontend-build
RUN apk --no-cache add build-base git nodejs pnpm
WORKDIR /src
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
RUN --mount=type=cache,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile
COPY --exclude=.git/ . .
RUN make frontend

# Build backend for each target platform
FROM docker.io/library/golang:1.26-alpine3.23 AS build-env

ARG GITEA_VERSION
ARG TAGS=""
ENV TAGS="bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS

# Build deps
RUN apk --no-cache add \
    build-base \
    git

WORKDIR ${GOPATH}/src/gitea.dev
COPY go.mod go.sum ./
RUN go mod download
# See the comments in Dockerfile
COPY --exclude=.git/ . .
COPY --from=frontend-build /src/public/assets public/assets

# Build gitea, .git mount is required for version data
RUN --mount=type=cache,target="/root/.cache/go-build" \
    --mount=type=bind,source=".git/",target=".git/" \
    make backend

COPY docker/rootless /tmp/local

# Set permissions for builds that made under windows which strips the executable bit from file
RUN chmod 755 /tmp/local/usr/local/bin/* \
              /go/src/gitea.dev/gitea

FROM docker.io/library/alpine:3.23 AS gitea-rootless

EXPOSE 2222 3000

RUN apk --no-cache add \
    bash \
    ca-certificates \
    dumb-init \
    gettext \
    git \
    curl \
    gnupg \
    openssh-keygen

RUN addgroup \
    -S -g 1000 \
    git && \
  adduser \
    -S -H -D \
    -h /var/lib/gitea/git \
    -s /bin/bash \
    -u 1000 \
    -G git \
    git

RUN mkdir -p /var/lib/gitea /etc/gitea
RUN chown git:git /var/lib/gitea /etc/gitea

COPY --from=build-env /tmp/local /
COPY --from=build-env --chown=root:root /go/src/gitea.dev/gitea /app/gitea/gitea

# git:git
USER 1000:1000
ENV GITEA_WORK_DIR=/var/lib/gitea
ENV GITEA_CUSTOM=/var/lib/gitea/custom
ENV GITEA_TEMP=/tmp/gitea
ENV TMPDIR=/tmp/gitea

# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
ENV GITEA_APP_INI=/etc/gitea/app.ini
ENV HOME="/var/lib/gitea/git"
VOLUME ["/var/lib/gitea", "/etc/gitea"]
WORKDIR /var/lib/gitea

# HINT: HEALTH-CHECK-ENDPOINT: don't use HEALTHCHECK, search this hint keyword for more information
ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
CMD []
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`# syntax=docker/dockerfile:1`
Migrate from webpack to vite (#37002 ) 2026-03-29 12:24:30 +02:00			`# Build frontend on the native platform to avoid QEMU-related issues with nodejs ecosystem`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00			`FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26-alpine3.23 AS frontend-build`
			`RUN apk --no-cache add build-base git nodejs pnpm`
			`WORKDIR /src`
build: update pnpm to v11 (#37591 ) 2026-05-08 06:17:20 +02:00			`COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./`
Optimize Docker build with dependency layer caching (#36864 ) 2026-03-08 16:58:21 +01:00			`RUN --mount=type=cache,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00			`COPY --exclude=.git/ . .`
Optimize Docker build with dependency layer caching (#36864 ) 2026-03-08 16:58:21 +01:00			`RUN make frontend`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00
			`# Build backend for each target platform`
Update to go 1.26.0 and golangci-lint 2.9.0 (#36588 ) 2026-02-11 18:37:13 +01:00			`FROM docker.io/library/golang:1.26-alpine3.23 AS build-env`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
			`ARG GITEA_VERSION`
refactor: use modernc sqlite driver as default (#37562 ) 2026-05-07 02:57:59 +08:00			`ARG TAGS=""`
Fix deprecated Dockerfile ENV format (#31450 ) 2024-06-21 17:08:42 +02:00			`ENV TAGS="bindata timetzdata $TAGS"`
chmod executables when copying to the docker (#17423 ) 2021-10-25 19:32:03 +01:00			`ARG CGO_EXTRA_CFLAGS`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`# Build deps`
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`RUN apk --no-cache add \`
			`build-base \`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00			`git`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873 ) 2026-05-26 15:49:31 -07:00			`WORKDIR ${GOPATH}/src/gitea.dev`
Optimize Docker build with dependency layer caching (#36864 ) 2026-03-08 16:58:21 +01:00			`COPY go.mod go.sum ./`
			`RUN go mod download`
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`# See the comments in Dockerfile`
			`COPY --exclude=.git/ . .`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00			`COPY --from=frontend-build /src/public/assets public/assets`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`# Build gitea, .git mount is required for version data`
Optimize Docker build with dependency layer caching (#36864 ) 2026-03-08 16:58:21 +01:00			`RUN --mount=type=cache,target="/root/.cache/go-build" \`
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`--mount=type=bind,source=".git/",target=".git/" \`
Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646 ) 2026-02-17 09:25:07 +01:00			`make backend`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`COPY docker/rootless /tmp/local`

Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`# Set permissions for builds that made under windows which strips the executable bit from file`
Intorduce "config edit-ini" sub command to help maintaining INI config file (#35735 ) 2025-10-25 10:54:55 +08:00			`RUN chmod 755 /tmp/local/usr/local/bin/* \`
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873 ) 2026-05-26 15:49:31 -07:00			`/go/src/gitea.dev/gitea`
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00
Bump alpine to 3.23, add platforms to `docker-dryrun` (#36379 ) 2026-02-01 10:36:43 +01:00			`FROM docker.io/library/alpine:3.23 AS gitea-rootless`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
			`EXPOSE 2222 3000`

			`RUN apk --no-cache add \`
			`bash \`
			`ca-certificates \`
Add dumb-init to rootless docker (#21775 ) 2022-12-04 12:12:06 +01:00			`dumb-init \`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00			`gettext \`
			`git \`
Add curl to rootless docker image (#15908 ) 2021-05-21 06:03:41 +02:00			`curl \`
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`gnupg \`
Add cache to container build (#35697 ) 2025-11-02 10:42:25 +01:00			`openssh-keygen`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
			`RUN addgroup \`
			`-S -g 1000 \`
			`git && \`
			`adduser \`
			`-S -H -D \`
			`-h /var/lib/gitea/git \`
			`-s /bin/bash \`
			`-u 1000 \`
			`-G git \`
Remove random password in Dockerfiles (#15362 ) 2021-04-29 19:48:52 +02:00			`git`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
			`RUN mkdir -p /var/lib/gitea /etc/gitea`
			`RUN chown git:git /var/lib/gitea /etc/gitea`

Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`COPY --from=build-env /tmp/local /`
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873 ) 2026-05-26 15:49:31 -07:00			`COPY --from=build-env --chown=root:root /go/src/gitea.dev/gitea /app/gitea/gitea`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`# git:git`
Fix #16387 - rootless Docker user (#16388 ) 2021-07-09 09:08:22 -05:00			`USER 1000:1000`
Fix deprecated Dockerfile ENV format (#31450 ) 2024-06-21 17:08:42 +02:00			`ENV GITEA_WORK_DIR=/var/lib/gitea`
			`ENV GITEA_CUSTOM=/var/lib/gitea/custom`
			`ENV GITEA_TEMP=/tmp/gitea`
			`ENV TMPDIR=/tmp/gitea`
Change default TMPDIR path in rootless containers (#16077 ) 2021-06-06 00:04:56 +02:00
Dockerfile small refactor (#27757 ) 2023-10-29 02:44:06 +01:00			`# TODO add to docs the ability to define the ini to load (useful to test and revert a config)`
Fix deprecated Dockerfile ENV format (#31450 ) 2024-06-21 17:08:42 +02:00			`ENV GITEA_APP_INI=/etc/gitea/app.ini`
			`ENV HOME="/var/lib/gitea/git"`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00			`VOLUME ["/var/lib/gitea", "/etc/gitea"]`
			`WORKDIR /var/lib/gitea`

chore: add comments for "api/healthz", clean up test env (#36481 ) 2026-01-30 10:23:38 +08:00			`# HINT: HEALTH-CHECK-ENDPOINT: don't use HEALTHCHECK, search this hint keyword for more information`
Add dumb-init to rootless docker (#21775 ) 2022-12-04 12:12:06 +01:00			`ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]`
docker: rootless image (#10154 ) 2020-11-01 01:58:22 +01:00			`CMD []`