mirror of
https://github.com/meshtastic/firmware.git
synced 2025-04-22 16:56:53 +00:00
0d800b7a22
Some checks are pending
CI / setup (check) (push) Waiting to run
CI / setup (esp32) (push) Waiting to run
CI / setup (esp32c3) (push) Waiting to run
CI / setup (esp32c6) (push) Waiting to run
CI / setup (esp32s3) (push) Waiting to run
CI / setup (nrf52840) (push) Waiting to run
CI / setup (rp2040) (push) Waiting to run
CI / setup (stm32) (push) Waiting to run
CI / check (push) Blocked by required conditions
CI / build-esp32 (push) Blocked by required conditions
CI / build-esp32-s3 (push) Blocked by required conditions
CI / build-esp32-c3 (push) Blocked by required conditions
CI / build-esp32-c6 (push) Blocked by required conditions
CI / build-nrf52 (push) Blocked by required conditions
CI / build-rpi2040 (push) Blocked by required conditions
CI / build-stm32 (push) Blocked by required conditions
CI / build-debian-src (push) Waiting to run
CI / package-pio-deps-native-tft (push) Waiting to run
CI / test-native (push) Waiting to run
CI / docker-debian-amd64 (push) Waiting to run
CI / docker-alpine-amd64 (push) Waiting to run
CI / docker-debian-arm64 (push) Waiting to run
CI / docker-debian-armv7 (push) Waiting to run
CI / after-checks (push) Blocked by required conditions
CI / gather-artifacts (esp32) (push) Blocked by required conditions
CI / gather-artifacts (esp32c3) (push) Blocked by required conditions
CI / gather-artifacts (esp32c6) (push) Blocked by required conditions
CI / gather-artifacts (esp32s3) (push) Blocked by required conditions
CI / gather-artifacts (nrf52840) (push) Blocked by required conditions
CI / gather-artifacts (rp2040) (push) Blocked by required conditions
CI / gather-artifacts (stm32) (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
CI / release-firmware (esp32) (push) Blocked by required conditions
CI / release-firmware (esp32c3) (push) Blocked by required conditions
CI / release-firmware (esp32c6) (push) Blocked by required conditions
CI / release-firmware (esp32s3) (push) Blocked by required conditions
CI / release-firmware (nrf52840) (push) Blocked by required conditions
CI / release-firmware (rp2040) (push) Blocked by required conditions
CI / release-firmware (stm32) (push) Blocked by required conditions
70 lines
2.4 KiB
Docker
70 lines
2.4 KiB
Docker
# trunk-ignore-all(terrascan/AC_DOCKER_0002): Known terrascan issue
|
|
# trunk-ignore-all(trivy/DS002): We must run as root for this container
|
|
# trunk-ignore-all(checkov/CKV_DOCKER_8): We must run as root for this container
|
|
# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
|
|
# trunk-ignore-all(hadolint/DL3008): Do not pin apt package versions
|
|
# trunk-ignore-all(hadolint/DL3013): Do not pin pip package versions
|
|
|
|
FROM python:3.13-bookworm AS builder
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV TZ=Etc/UTC
|
|
|
|
# Install Dependencies
|
|
ENV PIP_ROOT_USER_ACTION=ignore
|
|
RUN apt-get update && apt-get install --no-install-recommends -y \
|
|
curl wget g++ zip git ca-certificates \
|
|
libgpiod-dev libyaml-cpp-dev libbluetooth-dev libi2c-dev libuv1-dev \
|
|
libusb-1.0-0-dev libulfius-dev liborcania-dev libssl-dev pkg-config \
|
|
&& apt-get clean && rm -rf /var/lib/apt/lists/* \
|
|
&& pip install --no-cache-dir -U platformio \
|
|
&& mkdir /tmp/firmware
|
|
|
|
# Copy source code
|
|
WORKDIR /tmp/firmware
|
|
COPY . /tmp/firmware
|
|
|
|
# Build
|
|
RUN bash ./bin/build-native.sh && \
|
|
cp "/tmp/firmware/release/meshtasticd_linux_$(uname -m)" "/tmp/firmware/release/meshtasticd"
|
|
|
|
# Fetch web assets
|
|
RUN curl -L "https://github.com/meshtastic/web/releases/download/v$(cat /tmp/firmware/bin/web.version)/build.tar" -o /tmp/web.tar \
|
|
&& mkdir -p /tmp/web \
|
|
&& tar -xf /tmp/web.tar -C /tmp/web/ \
|
|
&& gzip -dr /tmp/web \
|
|
&& rm /tmp/web.tar
|
|
|
|
##### PRODUCTION BUILD #############
|
|
|
|
FROM debian:bookworm-slim
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV TZ=Etc/UTC
|
|
|
|
# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root
|
|
USER root
|
|
|
|
RUN apt-get update && apt-get --no-install-recommends -y install \
|
|
libc-bin libc6 libgpiod2 libyaml-cpp0.7 libi2c0 libuv1 libusb-1.0-0-dev liborcania2.3 libulfius2.7 libssl3 \
|
|
&& apt-get clean && rm -rf /var/lib/apt/lists/* \
|
|
&& mkdir -p /var/lib/meshtasticd \
|
|
&& mkdir -p /etc/meshtasticd/config.d \
|
|
&& mkdir -p /etc/meshtasticd/ssl
|
|
|
|
# Fetch compiled binary from the builder
|
|
COPY --from=builder /tmp/firmware/release/meshtasticd /usr/sbin/
|
|
COPY --from=builder /tmp/web /usr/share/meshtasticd/
|
|
# Copy config templates
|
|
COPY ./bin/config.d /etc/meshtasticd/available.d
|
|
|
|
WORKDIR /var/lib/meshtasticd
|
|
VOLUME /var/lib/meshtasticd
|
|
|
|
# Expose Meshtastic TCP API port from the host
|
|
EXPOSE 4403
|
|
# Expose Meshtastic Web UI port from the host
|
|
EXPOSE 443
|
|
|
|
CMD [ "sh", "-cx", "meshtasticd -d /var/lib/meshtasticd" ]
|
|
|
|
HEALTHCHECK NONE
|