meshtasticd-docker: Alpine container (#5659)

2025-02-01 02:09:57 +00:00 · 2024-12-26 14:00:50 -05:00 · 2024-12-26 14:00:50 -05:00 · b12ac6d564
commit b12ac6d564
parent 33d2f78d21
1 changed files with 42 additions and 0 deletions
--- a/alpine.Dockerfile
+++ b/alpine.Dockerfile
@ -0,0 +1,42 @@
+# trunk-ignore-all(trivy/DS002): We must run as root for this container
+# trunk-ignore-all(checkov/CKV_DOCKER_8): We must run as root for this container
+# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
+
+FROM python:3.12-alpine3.21 AS builder
+
+ENV PIP_ROOT_USER_ACTION=ignore
+RUN apk add bash g++ libstdc++-dev linux-headers zip git ca-certificates libgpiod-dev yaml-cpp-dev bluez-dev \
+        libusb-dev i2c-tools-dev openssl-dev pkgconf argp-standalone && \
+    pip install --no-cache-dir -U platformio==6.1.16 && \
+    mkdir /tmp/firmware
+
+WORKDIR /tmp/firmware
+COPY . /tmp/firmware
+
+# Create small package (no debugging symbols)
+# Add `argp` for musl
+ENV PLATFORMIO_BUILD_FLAGS="-Os -ffunction-sections -fdata-sections -Wl,--gc-sections -largp"
+
+RUN bash ./bin/build-native.sh && \
+    cp "/tmp/firmware/release/meshtasticd_linux_$(uname -m)" "/tmp/firmware/release/meshtasticd"
+
+# ##### PRODUCTION BUILD #############
+
+FROM alpine:3.21
+
+# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root
+USER root
+
+RUN apk add libstdc++ libgpiod yaml-cpp libusb i2c-tools \
+    && mkdir -p /var/lib/meshtasticd \
+    && mkdir -p /etc/meshtasticd/config.d
+COPY --from=builder /tmp/firmware/release/meshtasticd /usr/sbin/
+
+WORKDIR /var/lib/meshtasticd
+VOLUME /var/lib/meshtasticd
+
+EXPOSE 4403
+
+CMD [ "sh",  "-cx", "meshtasticd --fsdir=/var/lib/meshtasticd" ]
+
+HEALTHCHECK NONE