Initial commit
All checks were successful
Build / Build & push new image (push) Successful in 11m21s
All checks were successful
Build / Build & push new image (push) Successful in 11m21s
This commit is contained in:
109
.gitea/workflows/build.yml
Normal file
109
.gitea/workflows/build.yml
Normal file
@@ -0,0 +1,109 @@
|
||||
name: Build
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- development
|
||||
# Ignore Markdown files
|
||||
paths-ignore:
|
||||
- '**.md'
|
||||
schedule:
|
||||
# Build the image daily
|
||||
- cron: '15 0 * * *'
|
||||
|
||||
env:
|
||||
REGISTRY: git.conorz.at
|
||||
IMAGE_NAME: titanz-containers/ghost
|
||||
TAG: latest
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build & push new image
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
timeout-minutes: 10
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Add support for more platforms with QEMU
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Login to registry
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.ACTIONS_TOKEN }}
|
||||
|
||||
- name: Set Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
tags: |
|
||||
${{ env.TAG }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
# trivy:
|
||||
# name: Scan current image with Trivy
|
||||
# needs: build
|
||||
# permissions:
|
||||
# security-events: write
|
||||
# timeout-minutes: 10
|
||||
# runs-on: ubuntu-24.04
|
||||
# steps:
|
||||
# - name: Run Trivy vulnerability scanner
|
||||
# uses: aquasecurity/trivy-action@master
|
||||
# with:
|
||||
# image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}
|
||||
# format: template
|
||||
# template: '@/contrib/sarif.tpl'
|
||||
# output: trivy-results.sarif
|
||||
# severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
||||
# vuln-type: os,library
|
||||
|
||||
# - name: Upload Trivy scan results to GitHub Security tab
|
||||
# uses: github/codeql-action/upload-sarif@v3
|
||||
# with:
|
||||
# sarif_file: trivy-results.sarif
|
||||
# category: trivy
|
||||
|
||||
# grype:
|
||||
# name: Scan current image with Grype
|
||||
# needs: build
|
||||
# permissions:
|
||||
# security-events: write
|
||||
# timeout-minutes: 10
|
||||
# runs-on: ubuntu-24.04
|
||||
# steps:
|
||||
# - name: Run Grype vulnerability scanner
|
||||
# uses: anchore/scan-action@v6
|
||||
# id: grype
|
||||
# with:
|
||||
# image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}
|
||||
# fail-build: false
|
||||
|
||||
# - name: Upload Grype scan results to GitHub Security tab
|
||||
# uses: github/codeql-action/upload-sarif@v3
|
||||
# with:
|
||||
# sarif_file: ${{ steps.grype.outputs.sarif }}
|
||||
# category: grype
|
||||
22
Dockerfile
Normal file
22
Dockerfile
Normal file
@@ -0,0 +1,22 @@
|
||||
ARG VERSION=5.109.2
|
||||
ARG UID=200003
|
||||
ARG GID=200003
|
||||
|
||||
FROM ghost:${VERSION}-alpine
|
||||
|
||||
LABEL maintainer="Lukas Raub titanz@pm.me"
|
||||
|
||||
ARG UID
|
||||
ARG GID
|
||||
|
||||
RUN apk -U upgrade \
|
||||
&& apk add libstdc++ shadow
|
||||
|
||||
RUN --network=none \
|
||||
addgroup -g ${GID} ghost \
|
||||
&& adduser -g ${GID} --ingroup ghost --disabled-password --system ghost
|
||||
|
||||
USER ghost
|
||||
|
||||
COPY --from=git.conorz.at/titanz-containers/hardened_malloc:latest /install /usr/local/lib/
|
||||
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
|
||||
15
README.md
Normal file
15
README.md
Normal file
@@ -0,0 +1,15 @@
|
||||
# ghost
|
||||
|
||||
|
||||
|
||||
### Features & usage
|
||||
- Built on the [official Alpine-based image](https://github.com/docker-library/ghost/tree/master/5/alpine), to be used as a drop-in replacement.
|
||||
- Unprivileged image: you should check your volumes' permissions (eg `/var/lib/ghost/content`), default UID/GID is 200003. Default port is 2368/tcp.
|
||||
|
||||
### Sample Docker Compose config
|
||||
|
||||
See this [link](https://git.conorz.at/titanz/Docker-Compose-Files/src/branch/development/ghost).
|
||||
|
||||
### Licensing
|
||||
- ghost is under the MIT license. Copyright to ghost belongs to Ghost Foundation.
|
||||
- Any image built by titanz containers is provided under the combination of license terms resulting from the use of individual packages.
|
||||
Reference in New Issue
Block a user