casjaysdevdocker/gitea
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/gitea synced 2026-06-24 02:01:03 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
ae8a7583a8456db9bca25205fdc4b046120f9a8c
gitea/rootfs/root/docker/setup/05-custom.sh
T
jason ae8a7583a8 🔧 Harden gitea binary download in 05-custom.sh 🔧 
Fix SSL and rate-limit failures when downloading gitea during docker build.
The GitHub REST API is rate-limited at 60 req/hour for unauthenticated
requests from Docker BuildKit's outgoing IP. Additionally, BuildKit resolves
github.com via the host DNS which may return an IPv6 address served by a
transparent proxy, causing TLS cert verification failures (error 60: "no
alternative certificate subject name matches target hostname 'github.com'").
Changes:
- rootfs/root/docker/setup/05-custom.sh: replace JSON API version lookup
with a redirect-follow approach (curl -4sfL -o /dev/null -w %{url_effective})
that avoids the rate-limited /releases/latest API endpoint entirely
- rootfs/root/docker/setup/05-custom.sh: add -4 (IPv4-only) flag to all
github.com curl calls to bypass intercepted IPv6 DNS resolutions
- rootfs/root/docker/setup/05-custom.sh: add explicit ca-certificates
install and update-ca-certificates before any HTTPS downloads, since
the base image cert bundle may be stale after system upgrade

rootfs/root/docker/setup/05-custom.sh
2026-05-24 20:53:40 -04:00

83 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# shellcheck shell=bash
# - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202605241158-git
# @@Author : CasjaysDev
# @@Contact : CasjaysDev <docker-admin@casjaysdev.pro>
# @@License : MIT
# @@Copyright : Copyright 2026 CasjaysDev
# @@Created : Sun May 24 11:58:45 AM EDT 2026
# @@File : 05-custom.sh
# @@Description : script to run custom
# @@Changelog : newScript
# @@TODO : Refactor code
# @@Other : N/A
# @@Resource : N/A
# @@Terminal App : yes
# @@sudo/root : yes
# @@Template : templates/dockerfiles/init_scripts/05-custom.sh
# - - - - - - - - - - - - - - - - - - - - - - - - -
# shellcheck disable=SC1001,SC1003,SC2001,SC2003,SC2016,SC2031,SC2090,SC2115,SC2120,SC2155,SC2199,SC2229,SC2317,SC2329
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Set bash options
set -o pipefail
[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -x$DEBUGGER_OPTIONS
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Set env variables
exitCode=0
apk add --no-cache ca-certificates 2>/dev/null || true
update-ca-certificates 2>/dev/null || true
GITEA_VERSION="${GITEA_VERSION:-latest}"
GITEA_BIN_FILE="/usr/local/bin/gitea"
ACT_BIN_FILE="/usr/local/bin/act_runner"
ARCH="$(uname -m | tr '[:upper]' '[:lower]')"
case "$ARCH" in x86_64) ARCH="amd64" ;; aarch64) ARCH="arm64" ;; *) echo "$ARCH is not supported by this script" >&2 && exit 1 ;; esac
ACT_VERSIONS="$(curl -q -LSsf 'https://gitea.com/api/v1/repos/gitea/act_runner/releases' -H 'accept: application/json' | jq -r '.[].tag_name' | sort -Vr | head -n1)"
ACT_URL="$(curl -q -LSsf "https://gitea.com/api/v1/repos/gitea/act_runner/releases/tags/$ACT_VERSIONS" -H 'accept: application/json' | jq -rc '.assets|.[]|.browser_download_url' | grep "linux.*$ARCH$")"
if [ -z "$GITEA_VERSION" ] || [ "$GITEA_VERSION" = "latest" ] || [ "$GITEA_VERSION" = "current" ]; then
_latest_url="$(curl -4sfL -o /dev/null -w '%{url_effective}' https://github.com/go-gitea/gitea/releases/latest 2>/dev/null)"
GITEA_VERSION="$(printf '%s\n' "$_latest_url" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')"
fi
if [ -z "$GITEA_VERSION" ]; then
echo "Failed to resolve gitea latest version from GitHub" >&2
exit 1
fi
GITEA_URL="https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-${ARCH}"
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Predefined actions
echo "Downloading gitea from $GITEA_URL"
if curl -4 -q -LSsf "$GITEA_URL" -o "/tmp/gitea.$$"; then
mv -f "/tmp/gitea.$$" "$GITEA_BIN_FILE"
echo "gitea has been installed to: $GITEA_BIN_FILE"
chmod +x "$GITEA_BIN_FILE"
if [ -d "/etc/sudoers.d" ]; then
echo "root ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers.d/root"
echo "git ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers.d/git"
echo "docker ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers.d/docker"
fi
else
echo "Failed to download gitea" >&2
exitCode=$((exitCode + 1))
fi
echo "Downloading act_runner from $ACT_URL"
if curl -q -LSsf "$ACT_URL" -o "/tmp/act_runner.$$"; then
mv -f "/tmp/act_runner.$$" "$ACT_BIN_FILE"
echo "act_runner has been installed to: $ACT_BIN_FILE"
chmod +x "$ACT_BIN_FILE"
else
echo "Failed to download act_runner" >&2
exitCode=$((exitCode + 1))
fi
[ -x "$ACT_BIN_FILE" ] && [ -x "$GITEA_BIN_FILE" ] && exitCode=0
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Main script
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Set the exit code
#exitCode=$?
# - - - - - - - - - - - - - - - - - - - - - - - - -
exit $exitCode
# - - - - - - - - - - - - - - - - - - - - - - - - -
# ex: ts=2 sw=2 et filetype=sh
# - - - - - - - - - - - - - - - - - - - - - - - - -
Reference in New Issue View Git Blame Copy Permalink