Upstream

alpine-base/Dockerfile

@@ -0,0 +1,4 @@
+FROM docker.registry/alpine:3.8
+
+COPY repositories /etc/apk/repositories
+

alpine-base/repositories

@@ -0,0 +1,2 @@
+https://mirrors.aliyun.com/alpine/v3.8/main/
+https://mirrors.aliyun.com/alpine/v3.8/community/

alpine-bash/Dockerfile

@@ -0,0 +1,3 @@
+FROM alpine:3.6
+
+RUN apk add --no-cache bash gawk sed grep bc coreutils

alpine-docker/Dockerfile

@@ -0,0 +1,11 @@
+FROM docker.registry/alpine:3.8
+
+COPY repositories /etc/apk/repositories
+
+RUN apk --no-cache --upgrade add docker coreutils openrc
+
+COPY daemon.json /etc/docker/daemon.json
+
+RUN echo "192.168.58.121  docker.registry docker-local.registry docker-remote.registry">>/etc/hosts \
+	&& rc-update add docker && /etc/init.d/docker restart
+

alpine-docker/daemon.json

@@ -0,0 +1 @@
+{"insecure-registries":["docker.registry","docker-local.registry","docker-remote.registry"]}

alpine-docker/repositories

@@ -0,0 +1,2 @@
+https://mirrors.aliyun.com/alpine/v3.8/main/
+https://mirrors.aliyun.com/alpine/v3.8/community/

alpine-elk/Dockerfile

@@ -18,21 +18,21 @@ ENV KIBANA_URL https://download.elastic.co/$KIBANA_NAME/$KIBANA_NAME/$KIBANA_PKG
 
 
 # Download Elasticsearch
-RUN apk add --update openssl nodejs bash \
+RUN apk add --update openssl nodejs bash curl \
     && mkdir -p /opt \  
     && echo "[i] Building elasticsearch" \
     && echo -O /tmp/$ES_NAME-$ELASTICSEARCH_VERSION.tar.gz $ELASTICSEARCH_URL \
-    && wget -O /tmp/$ES_NAME-$ELASTICSEARCH_VERSION.tar.gz $ELASTICSEARCH_URL \
+    && curl -fsSL -o  /tmp/$ES_NAME-$ELASTICSEARCH_VERSION.tar.gz $ELASTICSEARCH_URL \
     && tar -xzf /tmp/$ES_NAME-$ELASTICSEARCH_VERSION.tar.gz -C /opt/ \
     && ln -s /opt/$ES_NAME-$ELASTICSEARCH_VERSION /opt/$ES_NAME \
     && mkdir /var/lib/elasticsearch \
     && echo "[i] Building logstash" \
-    && wget -O /tmp/$LOGSTASH_NAME-$LOGSTASH_VERSION.tar.gz $LOGSTASH_URL \
+    && curl -fsSL -o  /tmp/$LOGSTASH_NAME-$LOGSTASH_VERSION.tar.gz $LOGSTASH_URL \
     && tar xzf /tmp/$LOGSTASH_NAME-$LOGSTASH_VERSION.tar.gz -C /opt/ \
     && ln -s /opt/$LOGSTASH_NAME-$LOGSTASH_VERSION /opt/$LOGSTASH_NAME \
     && mkdir /etc/$LOGSTASH_NAME \
     && echo "[i] Building kibana" \
-    && wget -O /tmp/$KIBANA_PKG.tar.gz $KIBANA_URL \
+    && curl -fsSL -o  /tmp/$KIBANA_PKG.tar.gz $KIBANA_URL \
     && tar -xzf /tmp/$KIBANA_PKG.tar.gz -C /opt/ \
     && ln -s /opt/$KIBANA_PKG /opt/$KIBANA_NAME \
     && rm -rf /opt/$KIBANA_PKG/node/ \

alpine-env/Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine-bash:latest
+
+COPY ./etc/inputrc /etc/inputrc
+
+# perl is required by git-submodule
+# less makes git log/diff colorful
+RUN apk add --no-cache bash-completion docker-bash-completion openssh-client git perl make vim less htop iftop && \
+    echo '\
+        . /etc/profile ; \
+        PS1='\''\[\e[01;33m\][\h \u:\[\e[01;34m\]\w\[\e[01;33m\]]\[\e[00m\]\$ '\'' ; \
+        eval `dircolors -b` ; \
+        alias ls="ls --color=auto" ; \
+        alias l="ls -lah" ; \
+        alias ll="ls -lh" ; \
+    ' >> /etc/bash.bashrc && \
+    ln -sf vim /usr/bin/vi
+
+CMD ["bash", "--rcfile", "/etc/bash.bashrc"]

alpine-env/etc/inputrc

@@ -0,0 +1,37 @@
+# do not bell on tab-completion
+# #set bell-style none
+
+set meta-flag on
+set input-meta on
+set convert-meta off
+set output-meta on
+
+$if mode=emacs
+
+# for linux console and RH/Debian xterm
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+"\e[5~": beginning-of-history
+"\e[6~": end-of-history
+"\e[7~": beginning-of-line
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e\e[C": forward-word
+"\e\e[D": backward-word
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+
+# for rxvt
+"\e[8~": end-of-line
+
+# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
+"\eOH": beginning-of-line
+"\eOF": end-of-line
+
+# for freebsd console
+"\e[H": beginning-of-line
+"\e[F": end-of-line
+$endif
+

alpine-gcc/Dockerfile

@@ -0,0 +1,3 @@
+FROM alpine:3.6
+
+RUN apk add --no-cache gcc musl-dev

alpine-gcc/README.md

@@ -0,0 +1,27 @@
+[![Docker Stars](https://img.shields.io/docker/stars/frolvlad/alpine-gcc.svg?style=flat-square)](https://hub.docker.com/r/frolvlad/alpine-gcc/)
+[![Docker Pulls](https://img.shields.io/docker/pulls/frolvlad/alpine-gcc.svg?style=flat-square)](https://hub.docker.com/r/frolvlad/alpine-gcc/)
+
+
+C (GCC) Docker image
+====================
+
+This image is based on Alpine Linux image, which is only a 5MB image, and contains
+[C compiler](https://gcc.gnu.org/) (GCC package).
+
+Download size of this image is only:
+
+[![](https://images.microbadger.com/badges/image/frolvlad/alpine-gcc.svg)](http://microbadger.com/images/frolvlad/alpine-gcc "Get your own image badge on microbadger.com")
+
+NOTE: If you are looking for C++ (GCC) Docker image, there is one: [`frolvlad/alpine-gxx`](https://hub.docker.com/r/frolvlad/alpine-gxx/)
+
+Usage Example
+-------------
+
+```bash
+$ echo -e '#include <stdio.h>\nint main() { printf("Hello World\\n"); }' > qq.c
+$ docker run --rm -v `pwd`:/tmp frolvlad/alpine-gcc gcc --static /tmp/qq.c -o /tmp/qq
+```
+
+Once you have run these commands you will have `qq` executable in your current directory and if you
+execute it, you will get printed 'Hello World'!
+

alpine-gcc/license

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Vlad
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

alpine-gitlab/Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:3.6
+
+ARG VERSION=10.0.0
+ARG DOMAIN=example.com
+
+COPY build.sh /docker/
+RUN chmod +x /docker/build.sh
+RUN /docker/build.sh
+COPY entrypoint.sh /docker/
+RUN chmod +x /docker/entrypoint.sh
+VOLUME /var/opt/gitlab /var/log
+ENTRYPOINT ["/docker/entrypoint.sh"]

alpine-gitlab/build.sh

@@ -0,0 +1,211 @@
+#!/bin/sh
+
+USER=git
+DIR=/var/opt/gitlab
+
+# show execution, stop on error
+set -xe
+
+apk update && apk upgrade
+
+# busybox contains bug in env command preventing gitaly setup, downgrade it
+apk add busybox --no-cache 
+
+# install runtime deps
+apk add --no-cache openssh git nginx postgresql redis nodejs-current icu-libs libre2
+apk add --no-cache postgresql-contrib # required for extensions
+apk add --no-cache ruby ruby-irb ruby-io-console
+apk add --no-cache sudo # considered bad practice but we really need it
+apk add --no-cache procps # to replace busybox pkill
+
+# install build deps
+apk add --no-cache --virtual .build-deps \
+gcc g++ make cmake linux-headers \
+icu-dev ruby-dev musl-dev postgresql-dev zlib-dev libffi-dev libre2-dev \
+python2 go
+
+# yarn has bug preventing installation, upgrade to version 1.0.2-r0
+apk add yarn --no-cache 
+
+ssh-keygen -A # generate server keys
+
+# create gitlab user
+adduser -D -g 'GitLab' $USER
+# $DIR is main mountpoint for gitlab data volume
+mkdir $DIR && cd $DIR && mkdir data repo config
+chown -R $USER:$USER $DIR
+# openssh daemon does not allow locked user to login, change ! to *
+sed -i "s/$USER:!/$USER:*/" /etc/shadow
+echo "$USER ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers # sudo no tty fix
+
+# configure nginx
+mkdir /run/nginx
+CONFIG=$DIR/config/nginx
+mv /etc/nginx $CONFIG
+ln -s $CONFIG /etc/nginx
+DEFAULT=/etc/nginx/conf.d/default.conf
+mv $DEFAULT $DEFAULT.bak
+
+# configure postgres
+mkdir /run/postgresql
+chown postgres:postgres $DIR/data /run/postgresql
+sudo -u postgres pg_ctl initdb --pgdata $DIR/data
+sudo -u postgres pg_ctl start --pgdata $DIR/data
+sleep 5 # wait postgres starting
+sudo -u postgres psql -d template1 -c "CREATE USER $USER CREATEDB;"
+sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
+sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER $USER;"
+# install extension
+sudo -u $USER -H psql --dbname gitlabhq_production <<CMD
+SELECT true AS enabled
+FROM pg_available_extensions
+WHERE name = 'pg_trgm'
+AND installed_version IS NOT NULL;
+CMD
+
+# configure redis
+CONFIG=$DIR/config/redis.conf
+SOCKET=/var/run/redis/redis.sock
+cp /etc/redis.conf $CONFIG
+sed --in-place "s/^port .*/port 0/" $CONFIG
+echo "unixsocket $SOCKET" >>$CONFIG
+echo "unixsocketperm 770" >>$CONFIG
+# !--following 3 lines not needed, socket dir set up correctly by alpine redis package
+# !--mkdir /var/run/redis
+# !--chown redis:redis /var/run/redis
+# !--chmod 755 /var/run/redis
+sed --in-place "s/^redis:.*/&,git/" /etc/group # add git user to redis group
+sudo -u redis redis-server $CONFIG # start redis
+
+# adjust git settings
+sudo -u $USER -H git config --global gc.auto 0
+sudo -u $USER -H git config --global core.autocrlf input
+sudo -u $USER -H git config --global repack.writeBitmaps true
+
+# pull gitlab
+cd /home/$USER
+sudo -u $USER -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git gitlab
+cd /home/$USER/gitlab
+sudo -u $USER -H git checkout -b docker-build-temporary v$VERSION
+
+# configure gitlab
+CONFIG=$DIR/config/gitlab
+sudo -u $USER -H mkdir $CONFIG
+sudo -u $USER -H cp config/gitlab.yml.example $CONFIG/gitlab.yml
+sudo -u $USER -H cp config/unicorn.rb.example $CONFIG/unicorn.rb
+sudo -u $USER -H cp config/resque.yml.example $CONFIG/resque.yml
+sudo -u $USER -H cp config/secrets.yml.example $CONFIG/secrets.yml
+sudo -u $USER -H cp config/database.yml.postgresql $CONFIG/database.yml
+sudo -u $USER -H cp config/initializers/rack_attack.rb.example $CONFIG/rack_attack.rb
+
+sudo -u $USER -H ln -s $CONFIG/* config
+sudo -u $USER -H mv config/rack_attack.rb config/initializers
+
+sed --in-place "s/# user:.*/user: $USER/" config/gitlab.yml
+sed --in-place "s/host: localhost/host: $DOMAIN/" config/gitlab.yml
+sed --in-place "s:/home/git/repositories:$DIR/repo:" config/gitlab.yml
+sed --in-place "s:/home/git:/home/$USER:g" config/unicorn.rb
+sed --in-place "s/YOUR_SERVER_FQDN/$DOMAIN/" lib/support/nginx/gitlab
+
+# move log dir to /var/log data volume mount point
+mv log /var/log/gitlab
+sudo -u $USER -H ln -s /var/log/gitlab log
+
+# set permissions
+chmod o-rwx config/database.yml
+chmod 0600 config/secrets.yml
+chown -R $USER log/
+chown -R $USER tmp/
+chmod -R u+rwX,go-w log/
+chmod -R u+rwX tmp/
+chmod -R u+rwX tmp/pids/
+chmod -R u+rwX tmp/sockets/
+chmod -R u+rwX builds/
+chmod -R u+rwX shared/artifacts/
+chmod -R ug+rwX shared/pages/
+
+# set repo permissions
+chmod -R ug+rwX,o-rwx $DIR/repo
+chmod -R ug-s $DIR/repo
+find $DIR/repo -type d -print0 | sudo xargs -0 chmod g+s
+
+# create uploads dir
+sudo -u $USER -H mkdir public/uploads
+chmod 0700 public/uploads
+
+# install bundler
+gem install bundler --no-ri --no-rdoc
+
+# add lacking gems for gitlab-shell
+gem install json --no-ri --no-rdoc
+sudo -u $USER -H bundle inject 'bigdecimal' '> 0'
+sudo -u $USER -H bundle inject 'tzinfo-data' '> 0'
+
+# to parallelize bundler jobs
+CPU_COUNT=`awk '/^processor/{n+=1}END{print n}' /proc/cpuinfo`
+
+# use no deployment option first cause we changed gemfile
+sudo -u $USER -H bundle install --jobs=$CPU_COUNT --no-deployment --path vendor/bundle --without development test mysql aws kerberos
+
+# install gems
+sudo -u $USER -H bundle install --jobs=$CPU_COUNT --deployment --without development test mysql aws kerberos
+
+# install gitlab shell
+sudo -u $USER -H bundle exec rake gitlab:shell:install REDIS_URL=unix:$SOCKET RAILS_ENV=production SKIP_STORAGE_VALIDATION=true
+
+# install gitlab-workhorse
+sudo -u $USER -H bundle exec rake "gitlab:workhorse:install[/home/$USER/gitlab-workhorse]" RAILS_ENV=production
+
+# initialize database
+echo yes | sudo -u $USER -H bundle exec rake gitlab:setup RAILS_ENV=production
+
+# install gitaly
+sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly]" RAILS_ENV=production
+chmod 0700 /home/git/gitlab/tmp/sockets/private
+chown $USER /home/git/gitlab/tmp/sockets/private
+
+# compile GetText PO files
+sudo -u $USER -H bundle exec rake gettext:pack RAILS_ENV=production
+sudo -u $USER -H bundle exec rake gettext:po_to_json RAILS_ENV=production
+
+# compile assets
+sudo -u $USER -H yarn install --production --pure-lockfile
+sudo -u $USER -H bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production
+
+# busybox pkill not compatible with -- syntax
+rm /usr/bin/pkill
+ln -s /bin/pkill /usr/bin/pkill
+sed --in-place 's/kill --/kill/' lib/support/init.d/gitlab
+
+# install support scripts
+cp lib/support/init.d/gitlab /etc/init.d/gitlab
+cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
+cp lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf
+
+# create defaults file
+DEFAULTS=/etc/default/gitlab
+mkdir /etc/default && touch $DEFAULTS
+# for entrypoint script
+echo "DOMAIN=$DOMAIN" >>$DEFAULTS
+echo "USER=$USER" >>$DEFAULTS
+echo "DIR=$DIR" >>$DEFAULTS
+echo "SOCKET=$SOCKET" >>$DEFAULTS
+# for gitlab init script
+echo "app_user=$USER" >>$DEFAULTS
+echo "shell_path=/bin/sh" >>$DEFAULTS
+
+# cleanup build deps
+apk del .build-deps
+apk del yarn
+
+# these dirs waste a lot of space and not needed in runtime, remove them
+rm -rf node_modules .git
+rm -rf /home/$USER/.cache/yarn
+
+# cleanup sudo no tty fix
+sed --in-place "/$USER.*/d" /etc/sudoers
+
+# stop services
+sudo -u postgres pg_ctl stop --mode smart --pgdata $DIR/data
+sudo -u redis redis-cli -s $SOCKET shutdown
+sleep 5 # wait services stopping