zhengchen.tao
bbe1ccecd1
Debian bookworm-slim 不带 adduser(perl wrapper 包), 导致 build 阶段 exit 127 (command not found)。 改用预装 passwd 包提供的 useradd,语义等价。
41 lines
1.5 KiB
Docker
41 lines
1.5 KiB
Docker
# ── Stage 1: build ──────────────────────────────────────────────
|
||
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS builder
|
||
|
||
WORKDIR /src
|
||
|
||
# 先复制 csproj,单独 restore(利用层缓存)
|
||
COPY gitea-mcp.csproj .
|
||
RUN dotnet restore gitea-mcp.csproj
|
||
|
||
# 复制剩余源码并发布
|
||
COPY . .
|
||
RUN dotnet publish gitea-mcp.csproj \
|
||
-c Release \
|
||
-o /app/publish \
|
||
--no-restore
|
||
|
||
# ── Stage 2: runtime ────────────────────────────────────────────
|
||
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime
|
||
|
||
# OCI 标签(CI 会在 build-push 时注入 revision)
|
||
LABEL org.opencontainers.image.title="gitea-mcp"
|
||
LABEL org.opencontainers.image.description="MCP server exposing Gitea REST API to Claude via nas-auth JWT"
|
||
LABEL org.opencontainers.image.source="https://git.zhengchentao.win/zhengchen.tao/gitea-mcp"
|
||
LABEL org.opencontainers.image.licenses="MIT"
|
||
|
||
WORKDIR /app
|
||
|
||
# 非 root 用户运行(最小权限)。
|
||
# 先建用户、再 COPY --chown,确保拷进来的文件归属正确(不能依赖默认 644 让 appuser 兜底读)。
|
||
RUN useradd --system --no-create-home --shell /usr/sbin/nologin appuser
|
||
COPY --from=builder --chown=appuser:appuser /app/publish .
|
||
USER appuser
|
||
|
||
# 容器内监听 0.0.0.0:8080,宿主机映射到 9092
|
||
ENV ASPNETCORE_URLS=http://0.0.0.0:8080
|
||
ENV ASPNETCORE_ENVIRONMENT=Production
|
||
|
||
EXPOSE 8080
|
||
|
||
ENTRYPOINT ["dotnet", "gitea-mcp.dll"]
|