Docker multi-stage

[sapk]

Permit to do directly docker build . in repo root. since binary is build at first stage and COPY in the exported image. Resolve #2879

In addition :

• permit to chose the version of the binary build via --build-arg GITEA_VERSION=v1.2.3
• permit to chose the tags of the binary build via --build-arg TAGS="bindata sqlite"

I kept make docker-build if some people use docker to build the binary.

[codecov-io]

Codecov Report

Merging #2927 into master will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           master   #2927      +/-   ##
=========================================
+ Coverage   35.89%   35.9%   +0.01%     
=========================================
  Files         286     286              
  Lines       41312   41312              
=========================================
+ Hits        14830   14835       +5     
+ Misses      24300   24297       -3     
+ Partials     2182    2180       -2

Impacted Files	Coverage Δ
models/repo_indexer.go	49.57% <0%> (+1.27%)	⬆️
models/repo_list.go	67.18% <0%> (+1.56%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b333e71...25d4d4f. Read the comment docs.

[appleboy]

remove -ti?

[sapk]

make generate can use go get that can ask the user for git access maybe ? Don't really know, I kept it as before only if some people use it for building the binary inside docker (if go is not available on host). But looking more at it we could totally remove docker-build target ?

[0rzech]

And even if this target will stay in Makefile, I think it would be reasonable to switch it to golang:1.9-alpine3.6 with content trust enabled as well.

[sapk]

@0rzech for docker-build it is not possible golang:1.9-alpine3.6 is missing some build tools. I get them in the build stage of the Dockerfile.

[0rzech]

@sapk You're right. I forgot it misses gcc, git, make and musl-dev.

[lunny]

@appleboy maybe this should be in v1.4.0?

[appleboy]

@lunny OK. changed.

[0rzech]

The .dockerignore file should not be removed, but repurposed to exclude anything not needed to compile the binary. Otherwise everything will be unnecessarily sent to Docker build context, thus will reduce build performance.

[sapk]

@0rzech I know this is intended to be able to build any version/tag/commit via build arg.

[0rzech]

AFAIU this and this, netgo build tag is no longer necessary and is also redundant due to ENV GODEBUG=netdns=go presence in Dockerfile (which seems no longer necessary either, btw).

[sapk]

@0rzech good catch, I will clean it up and rebase on your PR(that has been merge) for content trust.

[sapk]

@0rzech netgo tag removed.

[0rzech]

I think it is always better to sort packages alphabetically. Not a blocker.

[0rzech]

AFAIR, when you don't write RUN set -eu; <some other commands>, each run will exit without error. The build will fail anyways of course, but stdout will be polluted with more errors due to each subsequent command printing fails instead of first failed only. Not a blocker.

[0rzech]

@sapk Thanks. I've made two more suggestions, but it is your choice whether to apply them or not.

[0rzech]

LGTM

[0rzech]

This way gitea binary will become writable for user git. This is out of scope for this PR - I'm just writing it for future reference. Not a blocker.

[sapk]

Are you sure ? I haven't tested but that should be root the owner and permissions should be the same as go build result.

[0rzech]

I'm sure. It's because of this.

[sapk]

Ok that should be fix but it was already the case before and not introduce by this PR.

[0rzech]

I agree. This is exactly why I wrote:

This is out of scope for this PR - I'm just writing it for future reference. Not a blocker.

;)

[sapk]

Sorry misread, and thinking that specific line introduce that XD.

[0rzech]

No problem. ;)

[lafriks]

LGTM

[0rzech]

It is a bad practice not to fix on specific version number. Besides, golang:alpine is the same as golang:1.9-alpine3.6. You can change it to alpine:3.7 and install go package with apk from Alpine's community repository.

[sapk]

I know, I hesitate on that part and thinking that we it's not that bad since it is only for build.
You are rigth, I will fix to 3.7 and use in go alpine packages (1.9.2) and when golang:1.10-alpine-3.7 is release I will update. It's too bad that official image doesn't offer a golang:1.9-alpine-3.7 tag.

[sapk]

A golang:1.9-alpine-3.7 tag should be release soon. ^^

[0rzech]

LGTM

[0rzech]

We wait for something, not wait of. ;) Not a blocker.

[sapk]

Should be release monday on docker hub. Could be merge before and fix after. ^^

[lafriks]

@sapk please resolve conflicts

[sapk]

Codacy is complaining about maintainers because doesn't contains email. but I don't think we have a email address for it.

[lafriks]

@sapk please use [email protected] for that

[sapk]

@lafriks Done + squashed and rebased

[lafriks]

@sapk still fails

[sapk]

@lafriks I can't figure out what codacy wants but it doesn't validate the format documented here : https://docs.docker.com/engine/reference/builder/#maintainer-deprecated.
I follow the docker documentation please ignore Codacy error.

[lafriks]

Maybe it does not understand new format

[jagu-sayan]

@sapk @lafriks We can ignore this error. Fixed on hadolint (Dockerfile linter used by codacy) in v1.2.3. But it seems that Codacy use an older version.