mirror of
https://github.com/meeb/tubesync.git
synced 2026-04-06 00:01:50 +08:00
794 lines
28 KiB
Docker
794 lines
28 KiB
Docker
# syntax=docker/dockerfile:1
|
|
# check=error=true
|
|
|
|
ARG BGUTIL_YTDLP_POT_PROVIDER_VERSION="1.3.1"
|
|
ARG FFMPEG_VERSION="N"
|
|
ARG YTDLP_EJS_VERSION="0.3.2"
|
|
|
|
ARG ASFALD_VERSION="0.6.0"
|
|
|
|
ARG SHA256_ASFALD_AMD64="017cdc44d767bb4733a3bd3fa5f97719e3f58236d006321dfae1924fdda3de9d"
|
|
ARG SHA256_ASFALD_ARM64="4fc112617a71f97592b8760b98c16339d5243577186c970c784fbcab2ef8abd1"
|
|
|
|
ARG S6_VERSION="3.2.2.0"
|
|
|
|
ARG SHA256_S6_AMD64="5a09e2f1878dc5f7f0211dd7bafed3eee1afe4f813e872fff2ab1957f266c7c0"
|
|
ARG SHA256_S6_ARM64="50a5d4919e688fafc95ce9cf0055a46f74847517bcf08174bac811de234ec7d2"
|
|
ARG SHA256_S6_NOARCH="85848f6baab49fb7832a5557644c73c066899ed458dd1601035cf18e7c759f26"
|
|
|
|
ARG QJS_VERSION="2025-09-13"
|
|
|
|
ARG SHA256_QJS="fed9715220d616d1a178e1c2e6bd62e8e850626b4fe337cf417940fd32b35802"
|
|
|
|
ARG ALPINE_VERSION="latest"
|
|
ARG DEBIAN_VERSION="13-slim"
|
|
ARG OPENRESTY_DEBIAN_VERSION="bookworm"
|
|
|
|
ARG FFMPEG_PREFIX_FILE="ffmpeg-${FFMPEG_VERSION}"
|
|
ARG FFMPEG_SUFFIX_FILE=".tar.xz"
|
|
|
|
ARG ASFALD_CHECKSUM_ALGORITHM="sha256"
|
|
ARG FFMPEG_CHECKSUM_ALGORITHM="sha256"
|
|
ARG S6_CHECKSUM_ALGORITHM="sha256"
|
|
ARG QJS_CHECKSUM_ALGORITHM="sha256"
|
|
|
|
|
|
FROM debian:${DEBIAN_VERSION} AS tubesync-prepare-etc
|
|
|
|
COPY patches/ /var/tmp/patches/
|
|
RUN --mount=type=tmpfs,target=/cache \
|
|
set -eux && cd /var/tmp/patches/ && \
|
|
./fettle.pl --dry-run ./docker/tubesync-base/debconf.diff && \
|
|
./fettle.pl ./docker/tubesync-base/debconf.diff && \
|
|
./fettle.pl --clean ./docker/tubesync-base/debconf.diff
|
|
|
|
FROM scratch AS tubesync-etc
|
|
|
|
COPY --from=tubesync-prepare-etc /etc/ /etc/
|
|
|
|
FROM debian:${DEBIAN_VERSION} AS tubesync-base
|
|
|
|
ARG TARGETARCH
|
|
|
|
ENV DEBIAN_FRONTEND="noninteractive" \
|
|
APT_KEEP_ARCHIVES=1 \
|
|
EDITOR="editor" \
|
|
HOME="/root" \
|
|
LANGUAGE="en_US.UTF-8" \
|
|
LANG="en_US.UTF-8" \
|
|
LC_ALL="en_US.UTF-8" \
|
|
TERM="xterm" \
|
|
# Do not include compiled byte-code
|
|
PIP_NO_COMPILE=1 \
|
|
PIP_ROOT_USER_ACTION='ignore'
|
|
|
|
COPY --from=tubesync-etc /etc/debconf.conf /etc/debconf.conf
|
|
|
|
RUN --mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
# to be careful, ensure that these files aren't from a different architecture
|
|
rm -f /var/cache/apt/*cache.bin ; \
|
|
# Update from the network and keep cache
|
|
rm -f /etc/apt/apt.conf.d/docker-clean ; \
|
|
# Do not generate more /var/cache/apt/*cache.bin files
|
|
# hopefully soon, this will be included in Debian images
|
|
printf -- >| /etc/apt/apt.conf.d/docker-disable-pkgcache \
|
|
'Dir::Cache::%spkgcache "";\n' '' src ; \
|
|
chmod a+r /etc/apt/apt.conf.d/docker-disable-pkgcache ; \
|
|
# Create the directory for debconf
|
|
mkdir -v /var/cache/debconf/docker-templates ; \
|
|
set -x && \
|
|
# When a new release is out but the debian image hasn't
|
|
# updated yet, upgrades cause more wasted space than
|
|
# we want to accept. This should prevent apt from
|
|
# upgrading packages that shipped with the image.
|
|
dpkg -s | \
|
|
grep -B 3 -e '^Status: install ok installed$' | \
|
|
grep -e '^Package: ' | \
|
|
cut -d : -f 2- | \
|
|
xargs -r -t apt-mark hold && \
|
|
# We must allow these upgrades
|
|
apt-mark unhold libc6 libssl3t64 && \
|
|
apt-get update && \
|
|
# Install locales
|
|
LC_ALL='C.UTF-8' LANG='C.UTF-8' LANGUAGE='C.UTF-8' \
|
|
apt-get -y --no-install-recommends install locales && \
|
|
# localedef -v -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 && \
|
|
printf -- "en_US.UTF-8 UTF-8\n" > /etc/locale.gen && \
|
|
locale-gen && \
|
|
# Clean up
|
|
apt-get -y autopurge && \
|
|
apt-get -y autoclean
|
|
|
|
FROM alpine:${ALPINE_VERSION} AS asfald-download
|
|
ARG ASFALD_VERSION
|
|
ARG SHA256_ASFALD_AMD64
|
|
ARG SHA256_ASFALD_ARM64
|
|
|
|
ARG DESTDIR="/downloaded"
|
|
ARG ASFALD_CHECKSUM_ALGORITHM
|
|
ARG CHECKSUM_ALGORITHM="${ASFALD_CHECKSUM_ALGORITHM}"
|
|
|
|
ARG ASFALD_CHECKSUM_AMD64="${CHECKSUM_ALGORITHM}:${SHA256_ASFALD_AMD64}"
|
|
ARG ASFALD_CHECKSUM_ARM64="${CHECKSUM_ALGORITHM}:${SHA256_ASFALD_ARM64}"
|
|
|
|
ARG ASFALD_DOWNLOAD_URI="asfaload/asfald/releases/download/v${ASFALD_VERSION}"
|
|
ARG ASFALD_URL="https://github.com/${ASFALD_DOWNLOAD_URI}"
|
|
ARG ASFALD_SUMS_URL="https://gh.checksums.asfaload.com/github.com/${ASFALD_DOWNLOAD_URI}/checksums.txt"
|
|
ARG ASFALD_PREFIX_FILE="asfald-"
|
|
ARG ASFALD_SUFFIX_FILE="-unknown-linux-musl"
|
|
|
|
ARG ASFALD_FILE_AMD64="${ASFALD_PREFIX_FILE}x86_64${ASFALD_SUFFIX_FILE}"
|
|
ARG ASFALD_FILE_ARM64="${ASFALD_PREFIX_FILE}aarch64${ASFALD_SUFFIX_FILE}"
|
|
|
|
ADD "${ASFALD_SUMS_URL}" "${DESTDIR}/"
|
|
ADD "${ASFALD_URL}/${ASFALD_FILE_AMD64}" "${DESTDIR}/"
|
|
ADD "${ASFALD_URL}/${ASFALD_FILE_ARM64}" "${DESTDIR}/"
|
|
|
|
##ADD --checksum="${ASFALD_CHECKSUM_AMD64}" "${ASFALD_URL}/${ASFALD_FILE_AMD64}" "${DESTDIR}/"
|
|
##ADD --checksum="${ASFALD_CHECKSUM_ARM64}" "${ASFALD_URL}/${ASFALD_FILE_ARM64}" "${DESTDIR}/"
|
|
|
|
# --checksum wasn't recognized, so use busybox to check the sums instead
|
|
ARG TARGETARCH
|
|
RUN set -eu ; \
|
|
apk --no-cache --no-progress add "cmd:${CHECKSUM_ALGORITHM}sum" ; \
|
|
\
|
|
decide_expected() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- '%s' "${ASFALD_CHECKSUM_AMD64}" ;; \
|
|
(arm64) printf -- '%s' "${ASFALD_CHECKSUM_ARM64}" ;; \
|
|
(*) exit 1 ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
decide_fn() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- '%s\n' "${ASFALD_FILE_AMD64}" ;; \
|
|
(arm64) printf -- '%s\n' "${ASFALD_FILE_ARM64}" ;; \
|
|
(*) exit 1 ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
checksum="$(decide_expected)" ; \
|
|
file="$(decide_fn)" ; \
|
|
mkdir -v -p "/verified/${TARGETARCH}" ; \
|
|
cd "${DESTDIR}/" && \
|
|
"${CHECKSUM_ALGORITHM}sum" --check --warn --strict --ignore-missing checksums.txt && \
|
|
printf -- '%s *%s\n' "$(printf -- '%s' "${checksum}" | cut -d : -f 2-)" "${file}" | "${CHECKSUM_ALGORITHM}sum" -cw && \
|
|
mv -v "${file}" "/verified/${TARGETARCH}/asfald" && \
|
|
chmod -v 00755 "/verified/${TARGETARCH}/asfald" && \
|
|
chown -v root:root "/verified/${TARGETARCH}/asfald"
|
|
|
|
FROM scratch AS asfald
|
|
ARG TARGETARCH
|
|
COPY --from=asfald-download "/verified/${TARGETARCH}/asfald" /usr/local/sbin/
|
|
|
|
FROM tubesync-base AS tubesync-asfald
|
|
COPY --from=asfald /usr/local/sbin/ /usr/local/sbin/
|
|
|
|
ARG TARGETARCH
|
|
RUN set -eu ; \
|
|
\
|
|
decide_arch() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- 'x86_64' ;; \
|
|
(arm64) printf -- 'aarch64' ;; \
|
|
(*) exit 1 ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
set -x ; arch="$(decide_arch)" ; \
|
|
dest='/usr/local/sbin/asfald-latest' ; \
|
|
TMPDIR="$(dirname "${dest}")" \
|
|
asfald --overwrite --output "${dest}" \
|
|
--pattern '${path}/checksums.txt' -- \
|
|
"https://github.com/asfaload/asfald/releases/latest/download/asfald-${arch}-unknown-linux-musl" && \
|
|
chmod -c 00755 "${dest}" && chown -c root:root "${dest}"
|
|
|
|
FROM tubesync-asfald AS tailwindcss-download
|
|
|
|
ARG DESTDIR="/downloaded"
|
|
ARG TAILWINDCSS_URL="https://github.com/tailwindlabs/tailwindcss/releases/latest/download"
|
|
|
|
ARG TARGETARCH
|
|
RUN set -eu ; \
|
|
\
|
|
decide_arch() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- 'x64' ;; \
|
|
(arm64) printf -- 'arm64' ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
arch="$(decide_arch)" ; \
|
|
apt-get update && \
|
|
apt-get -y --no-install-recommends install busybox-static && \
|
|
mkdir -p "${DESTDIR}" && \
|
|
cd "${DESTDIR}" && \
|
|
try_url="$(busybox wget -S -O - "${TAILWINDCSS_URL}/sha256sums.txt" 2>&1 | grep -ie '^ Location: ' | head -n 1 | cut -d ' ' -f 4-)" && \
|
|
for url in 'sha256sums.txt' "tailwindcss-linux-${arch}" "tailwindcss-linux-${arch}-musl" ; \
|
|
do \
|
|
case "${try_url}" in \
|
|
(*githubusercontent.com/*) url="${TAILWINDCSS_URL}/${url}" ;; \
|
|
(*github.com/*) url="${try_url%/sha256sums.txt}/${url}" ;; \
|
|
esac ; \
|
|
TMPDIR="${DESTDIR}" asfald-latest -v -- "${url}" ; \
|
|
done ; \
|
|
unset -v arch try_url url ; \
|
|
cksum -a sha256 --check --warn --strict --ignore-missing sha256sums.txt && \
|
|
mkdir -v -p "/verified/${TARGETARCH}" && \
|
|
for binary in tailwindcss-linux-* ; \
|
|
do \
|
|
chmod -c 00755 "${binary}" && chown -c root:root "${binary}" && \
|
|
test -x "/verified/${TARGETARCH}/tailwindcss" || ln -v "${binary}" "/verified/${TARGETARCH}/tailwindcss" ; \
|
|
done ; \
|
|
unset -v binary ; \
|
|
rm -rf "${DESTDIR}" ;
|
|
|
|
FROM scratch AS tailwindcss
|
|
ARG TARGETARCH
|
|
COPY --from=tailwindcss-download "/verified/${TARGETARCH}/tailwindcss" /usr/local/bin/
|
|
|
|
FROM tubesync-base AS tubesync-tailwindcss
|
|
COPY --from=tailwindcss /usr/local/bin/ /usr/local/bin/
|
|
|
|
FROM ghcr.io/astral-sh/uv:latest AS uv-binaries
|
|
|
|
FROM scratch AS uv
|
|
COPY --from=uv-binaries /uv /uvx /usr/local/bin/
|
|
|
|
FROM denoland/deno:bin AS deno-binaries
|
|
|
|
FROM scratch AS deno
|
|
COPY --from=deno-binaries /deno /usr/local/bin/
|
|
|
|
FROM alpine:${ALPINE_VERSION} AS openresty-debian
|
|
ARG OPENRESTY_DEBIAN_VERSION
|
|
ARG TARGETARCH
|
|
ADD 'https://openresty.org/package/pubkey.gpg' '/downloaded/pubkey.gpg'
|
|
RUN set -eu ; \
|
|
decide_arch() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- '' ;; \
|
|
(arm64) printf -- 'arm64/' ;; \
|
|
esac ; \
|
|
} ; \
|
|
set -x ; \
|
|
mkdir -v -p '/etc/apt/trusted.gpg.d' && \
|
|
apk --no-cache --no-progress add cmd:gpg2 && \
|
|
gpg2 --dearmor \
|
|
-o '/etc/apt/trusted.gpg.d/openresty.gpg' \
|
|
< '/downloaded/pubkey.gpg' && \
|
|
mkdir -v -p '/etc/apt/sources.list.d' && \
|
|
printf -- >| '/etc/apt/sources.list.d/openresty.list' \
|
|
'deb http://openresty.org/package/%sdebian %s openresty' \
|
|
"$(decide_arch)" "${OPENRESTY_DEBIAN_VERSION}"
|
|
|
|
FROM tubesync-asfald AS ffmpeg-download
|
|
ARG FFMPEG_DATE
|
|
ARG FFMPEG_VERSION
|
|
ARG FFMPEG_PREFIX_FILE
|
|
ARG FFMPEG_SUFFIX_FILE
|
|
ARG SHA256_FFMPEG_AMD64
|
|
ARG SHA256_FFMPEG_ARM64
|
|
ARG FFMPEG_CHECKSUM_ALGORITHM
|
|
ARG CHECKSUM_ALGORITHM="${FFMPEG_CHECKSUM_ALGORITHM}"
|
|
ARG FFMPEG_CHECKSUM_AMD64="${SHA256_FFMPEG_AMD64}"
|
|
ARG FFMPEG_CHECKSUM_ARM64="${SHA256_FFMPEG_ARM64}"
|
|
|
|
ARG FFMPEG_FILE_SUMS="checksums.${CHECKSUM_ALGORITHM}"
|
|
ARG FFMPEG_URL="https://github.com/yt-dlp/FFmpeg-Builds/releases/download/autobuild-${FFMPEG_DATE}"
|
|
|
|
ARG DESTDIR="/downloaded"
|
|
ARG TARGETARCH
|
|
ADD "${FFMPEG_URL}/${FFMPEG_FILE_SUMS}" "${DESTDIR}/"
|
|
RUN set -eu ; \
|
|
\
|
|
decide_arch() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- 'linux64' ;; \
|
|
(arm64) printf -- 'linuxarm64' ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
FFMPEG_ARCH="$(decide_arch)" ; \
|
|
FFMPEG_PREFIX_FILE="$( printf -- '%s' "${FFMPEG_PREFIX_FILE}" | cut -d '-' -f 1,2 )" ; \
|
|
cd "${DESTDIR}" && \
|
|
for url in $(awk ' \
|
|
$2 ~ /^[*]?'"${FFMPEG_PREFIX_FILE}"'/ && /-'"${FFMPEG_ARCH}"'-/ { $1=""; print; } \
|
|
' "${DESTDIR}/${FFMPEG_FILE_SUMS}") ; \
|
|
do \
|
|
url="${FFMPEG_URL}/${url# }" ; \
|
|
TMPDIR="${DESTDIR}" asfald-latest -qv -- "${url}" ; \
|
|
done ; \
|
|
unset -v url ; \
|
|
\
|
|
decide_expected() { \
|
|
case "${TARGETARCH}" in \
|
|
(amd64) printf -- '%s' "${FFMPEG_CHECKSUM_AMD64}" ;; \
|
|
(arm64) printf -- '%s' "${FFMPEG_CHECKSUM_ARM64}" ;; \
|
|
esac ; \
|
|
} ; \
|
|
\
|
|
FFMPEG_HASH="$(decide_expected)" ; \
|
|
\
|
|
if [ -n "${FFMPEG_HASH}" ] ; \
|
|
then \
|
|
printf -- '%s *%s\n' "${FFMPEG_HASH}" "${FFMPEG_PREFIX_FILE}"*-"${FFMPEG_ARCH}"-*"${FFMPEG_SUFFIX_FILE}" >> /tmp/SUMS ; \
|
|
"${CHECKSUM_ALGORITHM}sum" --check --warn --strict /tmp/SUMS || exit ; \
|
|
fi ; \
|
|
"${CHECKSUM_ALGORITHM}sum" --check --warn --strict --ignore-missing "${DESTDIR}/${FFMPEG_FILE_SUMS}" ; \
|
|
\
|
|
mkdir -v -p "/verified/${TARGETARCH}" ; \
|
|
ln -v "${FFMPEG_PREFIX_FILE}"*-"${FFMPEG_ARCH}"-*"${FFMPEG_SUFFIX_FILE}" "/verified/${TARGETARCH}/" ; \
|
|
rm -rf "${DESTDIR}" ;
|
|
|
|
FROM alpine:${ALPINE_VERSION} AS ffmpeg-extracted
|
|
COPY --from=ffmpeg-download /verified /verified
|
|
|
|
ARG FFMPEG_PREFIX_FILE
|
|
ARG FFMPEG_SUFFIX_FILE
|
|
ARG TARGETARCH
|
|
RUN set -eux ; \
|
|
mkdir -v /extracted ; \
|
|
cd /extracted ; \
|
|
ln -s "/verified/${TARGETARCH}"/"${FFMPEG_PREFIX_FILE}"*"${FFMPEG_SUFFIX_FILE}" "/tmp/ffmpeg${FFMPEG_SUFFIX_FILE}" ; \
|
|
tar -tf "/tmp/ffmpeg${FFMPEG_SUFFIX_FILE}" | grep '/bin/\(ffmpeg\|ffprobe\)' > /tmp/files ; \
|
|
tar -xop \
|
|
--strip-components=2 \
|
|
-f "/tmp/ffmpeg${FFMPEG_SUFFIX_FILE}" \
|
|
-T /tmp/files ; \
|
|
\
|
|
ls -AlR /extracted ;
|
|
|
|
FROM scratch AS ffmpeg
|
|
COPY --from=ffmpeg-extracted /extracted /usr/local/bin/
|
|
|
|
FROM tubesync-asfald AS s6-overlay-download
|
|
ARG S6_VERSION
|
|
ARG SHA256_S6_AMD64
|
|
ARG SHA256_S6_ARM64
|
|
ARG SHA256_S6_NOARCH
|
|
|
|
ARG DESTDIR="/downloaded"
|
|
ARG S6_CHECKSUM_ALGORITHM
|
|
ARG CHECKSUM_ALGORITHM="${S6_CHECKSUM_ALGORITHM}"
|
|
|
|
ARG S6_CHECKSUM_AMD64="${CHECKSUM_ALGORITHM}:${SHA256_S6_AMD64}"
|
|
ARG S6_CHECKSUM_ARM64="${CHECKSUM_ALGORITHM}:${SHA256_S6_ARM64}"
|
|
ARG S6_CHECKSUM_NOARCH="${CHECKSUM_ALGORITHM}:${SHA256_S6_NOARCH}"
|
|
|
|
ARG S6_OVERLAY_URL="https://github.com/just-containers/s6-overlay/releases/download/v${S6_VERSION}"
|
|
ARG S6_PREFIX_FILE="s6-overlay-"
|
|
ARG S6_SUFFIX_FILE=".tar.xz"
|
|
|
|
ARG S6_FILE_AMD64="${S6_PREFIX_FILE}x86_64${S6_SUFFIX_FILE}"
|
|
ARG S6_FILE_ARM64="${S6_PREFIX_FILE}aarch64${S6_SUFFIX_FILE}"
|
|
ARG S6_FILE_NOARCH="${S6_PREFIX_FILE}noarch${S6_SUFFIX_FILE}"
|
|
|
|
ADD "${S6_OVERLAY_URL}/${S6_FILE_AMD64}.${CHECKSUM_ALGORITHM}" "${DESTDIR}/"
|
|
ADD "${S6_OVERLAY_URL}/${S6_FILE_ARM64}.${CHECKSUM_ALGORITHM}" "${DESTDIR}/"
|
|
ADD "${S6_OVERLAY_URL}/${S6_FILE_NOARCH}.${CHECKSUM_ALGORITHM}" "${DESTDIR}/"
|
|
|
|
##ADD --checksum="${S6_CHECKSUM_AMD64}" "${S6_OVERLAY_URL}/${S6_FILE_AMD64}" "${DESTDIR}/"
|
|
##ADD --checksum="${S6_CHECKSUM_ARM64}" "${S6_OVERLAY_URL}/${S6_FILE_ARM64}" "${DESTDIR}/"
|
|
##ADD --checksum="${S6_CHECKSUM_NOARCH}" "${S6_OVERLAY_URL}/${S6_FILE_NOARCH}" "${DESTDIR}/"
|
|
|
|
# --checksum wasn't recognized, so use asfald to check the sums instead
|
|
RUN set -eux ; TMPDIR="${DESTDIR}" ; export TMPDIR ; cd "${DESTDIR}/" && \
|
|
asfald --hash="${SHA256_S6_AMD64}" -- "${S6_OVERLAY_URL}/${S6_FILE_AMD64}" && \
|
|
asfald --hash="${SHA256_S6_ARM64}" -- "${S6_OVERLAY_URL}/${S6_FILE_ARM64}" && \
|
|
asfald --hash="${SHA256_S6_NOARCH}" -- "${S6_OVERLAY_URL}/${S6_FILE_NOARCH}"
|
|
|
|
FROM alpine:${ALPINE_VERSION} AS s6-overlay-extracted
|
|
COPY --from=s6-overlay-download /downloaded /downloaded
|
|
|
|
ARG S6_CHECKSUM_ALGORITHM
|
|
ARG CHECKSUM_ALGORITHM="${S6_CHECKSUM_ALGORITHM}"
|
|
|
|
ARG TARGETARCH
|
|
|
|
RUN set -eu ; \
|
|
\
|
|
decide_arch() { \
|
|
local arg1 ; \
|
|
arg1="${1:-$(uname -m)}" ; \
|
|
\
|
|
case "${arg1}" in \
|
|
(amd64) printf -- 'x86_64' ;; \
|
|
(arm64) printf -- 'aarch64' ;; \
|
|
(arm|armv7l) printf -- 'armhf' ;; \
|
|
(*) printf -- '%s' "${arg1}" ;; \
|
|
esac ; \
|
|
unset -v arg1 ; \
|
|
} ; \
|
|
\
|
|
file_ext="${CHECKSUM_ALGORITHM}" ; \
|
|
apk --no-cache --no-progress add "cmd:${CHECKSUM_ALGORITHM}sum" ; \
|
|
mkdir -v /verified ; \
|
|
cd /downloaded ; \
|
|
for f in *."${file_ext}" ; \
|
|
do \
|
|
"${CHECKSUM_ALGORITHM}sum" --check --warn --strict "${f}" || exit ; \
|
|
ln -v "${f%.${file_ext}}" /verified/ || exit ; \
|
|
done ; \
|
|
unset -v f file_ext ; \
|
|
\
|
|
S6_ARCH="$(decide_arch "${TARGETARCH}")" ; \
|
|
set -x ; \
|
|
mkdir -v /s6-overlay-rootfs ; \
|
|
cd /s6-overlay-rootfs ; \
|
|
for f in /verified/*.tar* ; \
|
|
do \
|
|
case "${f}" in \
|
|
(*-noarch.tar*|*-"${S6_ARCH}".tar*) \
|
|
tar -xpf "${f}" || exit ;; \
|
|
esac ; \
|
|
done ; \
|
|
set +x ; \
|
|
unset -v f ;
|
|
|
|
## FROM scratch AS s6-overlay
|
|
## COPY --from=s6-overlay-extracted /s6-overlay-rootfs /
|
|
FROM ghcr.io/meeb/s6-overlay:v${S6_VERSION} AS s6-overlay
|
|
|
|
FROM tubesync-asfald AS quickjs-extracted
|
|
ARG QJS_VERSION
|
|
ARG SHA256_QJS
|
|
|
|
ARG DESTDIR="/downloaded"
|
|
ARG QJS_CHECKSUM_ALGORITHM
|
|
ARG CHECKSUM_ALGORITHM="${QJS_CHECKSUM_ALGORITHM}"
|
|
|
|
ARG QJS_CHECKSUM="${CHECKSUM_ALGORITHM}:${SHA256_QJS}"
|
|
|
|
ARG QJS_URL="https://bellard.org/quickjs/binary_releases"
|
|
ARG QJS_PREFIX_FILE="quickjs-cosmo-"
|
|
ARG QJS_SUFFIX_FILE=".zip"
|
|
|
|
ARG QJS_FILE="${QJS_PREFIX_FILE}${QJS_VERSION}${QJS_SUFFIX_FILE}"
|
|
|
|
##ADD --checksum="${QJS_CHECKSUM}" "${QJS_URL}/${QJS_FILE}" "${DESTDIR}/"
|
|
|
|
# --checksum wasn't recognized, so use asfald to check the sums instead
|
|
RUN set -eux ; TMPDIR="${DESTDIR}" ; export TMPDIR ; \
|
|
mkdir -v -p "${DESTDIR}" && cd "${DESTDIR}/" && \
|
|
asfald --hash="${SHA256_QJS}" -- "${QJS_URL}/${QJS_FILE}"
|
|
|
|
RUN --mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
set -eux ; \
|
|
apt-get update ; \
|
|
apt-get -y --no-install-recommends install unzip ; \
|
|
mkdir -v /extracted ; \
|
|
cd /extracted ; \
|
|
for f in /downloaded/*.zip ; \
|
|
do \
|
|
unzip "${f}" || exit ; \
|
|
done ; \
|
|
unset -v f ; \
|
|
mkdir -v /assimilated ; \
|
|
install -v -p -t /assimilated /extracted/qjs ; \
|
|
/assimilated/qjs --assimilate
|
|
|
|
FROM scratch AS quickjs
|
|
COPY --from=quickjs-extracted /assimilated/qjs /usr/local/sbin/
|
|
|
|
FROM tubesync-base AS tubesync-prepare-app
|
|
|
|
COPY tubesync /app
|
|
|
|
RUN --mount=type=bind,source=fontawesome-free,target=/fontawesome-free \
|
|
set -x && \
|
|
# turn any symbolic links into files
|
|
( \
|
|
cd /app && \
|
|
find . -type l -print0 | \
|
|
tar --null -ch --files-from=- | \
|
|
tar --unlink-first -xvp ; \
|
|
) && \
|
|
rm -v /app/tubesync/local_settings.py.example && \
|
|
mv -v /app/tubesync/local_settings.py.container /app/tubesync/local_settings.py
|
|
|
|
ARG BGUTIL_YTDLP_POT_PROVIDER_VERSION
|
|
ADD "https://github.com/Brainicism/bgutil-ytdlp-pot-provider/archive/refs/tags/${BGUTIL_YTDLP_POT_PROVIDER_VERSION}.tar.gz" /tmp/
|
|
RUN mkdir -v /tmp/extracted && \
|
|
tar -C /tmp/extracted/ -xvvpf "/tmp/${BGUTIL_YTDLP_POT_PROVIDER_VERSION}.tar.gz" && \
|
|
mv -v /tmp/extracted/*/server /app/bgutil-ytdlp-pot-provider/ && \
|
|
ls -alR /app/bgutil-ytdlp-pot-provider && \
|
|
rm -rf /tmp/extracted
|
|
|
|
ARG YTDLP_EJS_VERSION
|
|
ADD "https://github.com/yt-dlp/ejs/archive/refs/tags/${YTDLP_EJS_VERSION}.tar.gz" /tmp/ejs.tar.gz
|
|
ADD 'https://github.com/kikkia/yt-cipher/archive/refs/heads/master.tar.gz' /tmp/yt-cipher-master.tar.gz
|
|
RUN mkdir -v /tmp/extracted && \
|
|
tar -C /tmp/extracted/ -xvvpf '/tmp/yt-cipher-master.tar.gz' && \
|
|
tar -C /tmp/extracted/ -xvvpf '/tmp/ejs.tar.gz' && \
|
|
mkdir -v -p /app/yt-cipher/ejs && \
|
|
( cd /tmp/extracted/ejs-*/ && mv -v * /app/yt-cipher/ejs/ ; ) && \
|
|
( cd /tmp/extracted/yt-cipher-*/ && : >> deno.jsonc && mv -v src deno.* *.ts /app/yt-cipher/ ; ) && \
|
|
( test -s /app/yt-cipher/deno.jsonc || rm -f /app/yt-cipher/deno.jsonc ; ) && \
|
|
ls -alR /app/yt-cipher && \
|
|
rm -rf /tmp/extracted
|
|
|
|
FROM scratch AS tubesync-app
|
|
COPY --from=tubesync-prepare-app /app /app
|
|
|
|
FROM tubesync-base AS tubesync-openresty
|
|
|
|
COPY --from=openresty-debian \
|
|
/etc/apt/trusted.gpg.d/openresty.gpg /etc/apt/trusted.gpg.d/openresty.gpg
|
|
COPY --from=openresty-debian \
|
|
/etc/apt/sources.list.d/openresty.list /etc/apt/sources.list.d/openresty.list
|
|
|
|
RUN mkdir -v -p /etc/crypto-policies/back-ends && \
|
|
cp -v -p /usr/share/apt/default-sequoia.config \
|
|
/etc/crypto-policies/back-ends/apt-sequoia.config && \
|
|
sed -i -e '/^sha1\./s/2026-/2027-/;' \
|
|
/etc/crypto-policies/back-ends/apt-sequoia.config
|
|
|
|
RUN --mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
set -x && \
|
|
apt-get update && \
|
|
apt-get -y --no-install-recommends install \
|
|
nginx-common \
|
|
openresty \
|
|
&& \
|
|
# Clean up
|
|
apt-get -y autopurge && \
|
|
apt-get -y autoclean
|
|
|
|
FROM tubesync-openresty AS tubesync
|
|
|
|
ARG S6_VERSION
|
|
|
|
ARG FFMPEG_DATE
|
|
ARG FFMPEG_VERSION
|
|
|
|
ARG TARGETARCH
|
|
|
|
ENV S6_VERSION="${S6_VERSION}" \
|
|
FFMPEG_DATE="${FFMPEG_DATE}" \
|
|
FFMPEG_VERSION="${FFMPEG_VERSION}" \
|
|
DENO_NO_PROMPT=1 \
|
|
DENO_NO_UPDATE_CHECK=1
|
|
|
|
# Reminder: the SHELL handles all variables
|
|
RUN --mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
set -x && \
|
|
apt-get update && \
|
|
# Install dependencies we keep
|
|
# Install required distro packages
|
|
apt-get -y --no-install-recommends install \
|
|
libmariadb3 \
|
|
libonig5 \
|
|
pkgconf \
|
|
python3 \
|
|
python3-libsass \
|
|
python3-pip-whl \
|
|
python3-socks \
|
|
curl \
|
|
indent \
|
|
less \
|
|
lua-lpeg \
|
|
tre-agrep \
|
|
vis \
|
|
xxd \
|
|
&& \
|
|
# Link to the current python3 version
|
|
ln -v -s -f -T "$(find /usr/local/lib -name 'python3.[0-9]*' -type d -printf '%P\n' | sort -r -V | head -n 1)" /usr/local/lib/python3 && \
|
|
# Configure the editor alternatives
|
|
touch /usr/local/bin/babi /bin/nano /usr/bin/vim.tiny && \
|
|
update-alternatives --install /usr/bin/editor editor /usr/local/bin/babi 50 && \
|
|
update-alternatives --install /usr/local/bin/nano nano /bin/nano 10 && \
|
|
update-alternatives --install /usr/local/bin/nano nano /usr/local/bin/babi 20 && \
|
|
update-alternatives --install /usr/local/bin/vim vim /usr/bin/vim.tiny 15 && \
|
|
update-alternatives --install /usr/local/bin/vim vim /usr/bin/vis 35 && \
|
|
rm -v /usr/local/bin/babi /bin/nano /usr/bin/vim.tiny && \
|
|
printf >| /usr/local/bin/sqlite3 -- '%s\n' '#!/usr/bin/env sh' '' \
|
|
'if [ -x /usr/bin/sqlite3 ]; then exec /usr/bin/sqlite3 "$@" ; fi;' '' \
|
|
'exec /usr/bin/env python3 -m sqlite3 "$@"' && \
|
|
chmod -c 00755 /usr/local/bin/sqlite3 && \
|
|
# Create a 'app' user which the application will run as
|
|
groupadd app && \
|
|
useradd -M -d /app -s /bin/false -g app app && \
|
|
# Clean up
|
|
apt-get -y autopurge && \
|
|
apt-get -y autoclean
|
|
|
|
# Install third party software
|
|
COPY --from=s6-overlay / /
|
|
COPY --from=ffmpeg /usr/local/bin/ /usr/local/bin/
|
|
COPY --from=quickjs /usr/local/sbin/ /usr/local/sbin/
|
|
|
|
RUN --mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
set -x && \
|
|
apt-get update && \
|
|
# Install file
|
|
apt-get -y --no-install-recommends install file && \
|
|
# Installed s6 (using COPY earlier)
|
|
file -L /command/s6-overlay-suexec && \
|
|
# Installed ffmpeg (using COPY earlier)
|
|
/usr/local/bin/ffmpeg -version && \
|
|
file /usr/local/bin/ff* && \
|
|
# Installed quickjs (using COPY earlier)
|
|
/usr/local/sbin/qjs --help | grep -Fe 'QuickJS version' && \
|
|
file /usr/local/sbin/qjs && \
|
|
# Clean up file
|
|
apt-get -y autoremove --purge file && \
|
|
# Clean up
|
|
apt-get -y autopurge && \
|
|
apt-get -y autoclean
|
|
|
|
# Switch workdir to the the app
|
|
WORKDIR /app
|
|
|
|
ARG YTDLP_DATE
|
|
|
|
# Set up the app
|
|
RUN --mount=type=tmpfs,target=/cache \
|
|
--mount=type=cache,id=deno-cache,sharing=locked,target=/cache/deno \
|
|
--mount=type=cache,id=uv-cache,sharing=locked,target=/cache/uv \
|
|
--mount=type=cache,id=pipenv-cache,sharing=locked,target=/cache/pipenv \
|
|
--mount=type=cache,id=apt-lib-cache-${TARGETARCH},sharing=private,target=/var/lib/apt \
|
|
--mount=type=cache,id=apt-cache-cache,sharing=private,target=/var/cache/apt \
|
|
--mount=type=bind,source=/usr/local/bin/deno,target=/usr/local/bin/deno,from=deno \
|
|
--mount=type=bind,source=/usr/local/bin/uv,target=/usr/local/bin/uv,from=uv \
|
|
--mount=type=bind,source=/usr/local/bin/uvx,target=/usr/local/bin/uvx,from=uv \
|
|
--mount=type=bind,source=Pipfile,target=/app/Pipfile \
|
|
set -x && \
|
|
DENO_DIR=/cache/deno && export DENO_DIR && \
|
|
deno --version && \
|
|
uv --version && \
|
|
apt-get update && \
|
|
# Install required build packages
|
|
apt-get -y --no-install-recommends install \
|
|
default-libmysqlclient-dev \
|
|
g++ \
|
|
gcc \
|
|
libjpeg-dev \
|
|
libonig-dev \
|
|
libpq-dev \
|
|
libwebp-dev \
|
|
make \
|
|
postgresql-common \
|
|
python3-dev \
|
|
zlib1g-dev \
|
|
&& \
|
|
# Install non-distro packages
|
|
mkdir -v -p /cache/.home-directories && \
|
|
cp -at /cache/.home-directories/ "${HOME}" && \
|
|
HOME="/cache/.home-directories/${HOME#/}" \
|
|
XDG_CACHE_HOME='/cache' \
|
|
PIPENV_VERBOSITY=64 \
|
|
PYTHONPYCACHEPREFIX=/cache/pycache \
|
|
uv tool run --no-config --no-progress --no-managed-python -- \
|
|
pipenv lock && \
|
|
HOME="/cache/.home-directories/${HOME#/}" \
|
|
XDG_CACHE_HOME='/cache' \
|
|
PIPENV_VERBOSITY=1 \
|
|
PYTHONPYCACHEPREFIX=/cache/pycache \
|
|
uv tool run --no-config --no-progress --no-managed-python -- \
|
|
pipenv requirements --from-pipfile --hash >| /cache/requirements.txt && \
|
|
rm -v Pipfile.lock && \
|
|
cat -v /cache/requirements.txt && \
|
|
HOME="/cache/.home-directories/${HOME#/}" \
|
|
UV_LINK_MODE='copy' \
|
|
XDG_CACHE_HOME='/cache' \
|
|
PYTHONPYCACHEPREFIX=/cache/pycache \
|
|
uv --no-config --no-progress --no-managed-python \
|
|
pip install --strict --system --break-system-packages \
|
|
--requirements /cache/requirements.txt && \
|
|
# Clean up
|
|
apt-get -y autoremove --purge \
|
|
default-libmysqlclient-dev \
|
|
g++ \
|
|
gcc \
|
|
libjpeg-dev \
|
|
libonig-dev \
|
|
libpq-dev \
|
|
libwebp-dev \
|
|
make \
|
|
postgresql-common \
|
|
python3-dev \
|
|
zlib1g-dev \
|
|
&& \
|
|
apt-get -y autopurge && \
|
|
apt-get -y autoclean && \
|
|
LD_LIBRARY_PATH=/usr/local/lib/python3/dist-packages/pillow.libs:/usr/local/lib/python3/dist-packages/psycopg_binary.libs \
|
|
find /usr/local/lib/python3/dist-packages/ \
|
|
-name '*.so*' -print \
|
|
-exec du -h '{}' ';' \
|
|
-exec ldd '{}' ';' \
|
|
>| /cache/python-shared-objects 2>&1 && \
|
|
rm -v -rf /tmp/* ; \
|
|
if grep >/dev/null -Fe ' => not found' /cache/python-shared-objects ; \
|
|
then \
|
|
cat -v /cache/python-shared-objects ; \
|
|
printf -- 1>&2 '%s\n' \
|
|
ERROR: ' An unresolved shared object was found.' ; \
|
|
exit 1 ; \
|
|
fi
|
|
|
|
# Bundle deno with the image
|
|
##COPY --from=deno /usr/local/bin/ /usr/local/bin/
|
|
|
|
# Copy root
|
|
COPY config/root /
|
|
|
|
# patch yt_dlp
|
|
COPY patches/yt_dlp/ \
|
|
/usr/local/lib/python3/dist-packages/yt_dlp/
|
|
|
|
# Copy app
|
|
COPY --from=tubesync-app /app /app
|
|
|
|
# Build the bgutil-ytdlp-pot-provider server when deno is bundled
|
|
RUN --mount=type=tmpfs,target=/cache \
|
|
--mount=type=cache,id=deno-cache,sharing=locked,target=/cache/deno \
|
|
command -v deno || exit 0 ; \
|
|
# python might be used, so keep the .pyc files in /cache
|
|
PYTHONPYCACHEPREFIX='/cache/pycache' && export PYTHONPYCACHEPREFIX && \
|
|
set -x && \
|
|
XDG_CACHE_HOME='/cache' && export XDG_CACHE_HOME && \
|
|
DENO_DIR='/cache/deno' && export DENO_DIR && \
|
|
cd /app/bgutil-ytdlp-pot-provider/server && \
|
|
install -v -t /usr/local/bin ../node && \
|
|
mkdir -v -p /cache/.home-directories && \
|
|
cp -at /cache/.home-directories/ "${HOME}" && \
|
|
HOME="/cache/.home-directories/${HOME#/}" && \
|
|
DENO_COMPAT=1 deno run --no-config -A npm:npm ci --no-audit --no-fund && \
|
|
DENO_COMPAT=1 deno run --no-config -A npm:npm audit fix && \
|
|
node npm:typescript/tsc
|
|
|
|
# Build app
|
|
RUN set -x && \
|
|
# Record the bundled deno version when it was included
|
|
( deno_binary="$(command -v deno)" ; \
|
|
test '!' -n "${deno_binary}" || \
|
|
/app/install_deno.sh --only-record-version ; \
|
|
) && \
|
|
# Make absolutely sure we didn't accidentally bundle a SQLite dev database
|
|
test '!' -e /app/db.sqlite3 && \
|
|
# Run any required app commands
|
|
/usr/bin/python3 -B /app/manage.py compilescss && \
|
|
/usr/bin/python3 -B /app/manage.py collectstatic --no-input --link && \
|
|
rm -rf /config /downloads /run/app && \
|
|
# Create config, downloads and run dirs
|
|
mkdir -v -p /run/app && \
|
|
mkdir -v -p /config/media /config/tasks && \
|
|
mkdir -v -p /config/cache/pycache && \
|
|
mkdir -v -p /downloads/audio && \
|
|
mkdir -v -p /downloads/video && \
|
|
# Check nginx configuration copied from config/root/etc
|
|
openresty -c /etc/nginx/nginx.conf -e stderr -t && \
|
|
# Append software versions
|
|
ffmpeg_version=$(/usr/local/bin/ffmpeg -version | awk -v 'ev=31' '1 == NR && "ffmpeg" == $1 { print $3; ev=0; } END { exit ev; }') && \
|
|
test -n "${ffmpeg_version}" && \
|
|
printf -- "ffmpeg_version = '%s'\n" "${ffmpeg_version}" >> /app/common/third_party_versions.py && \
|
|
qjs_version=$(/usr/local/sbin/qjs --help | awk -v 'ev=31' '1 == NR && "version" == $2 { print $3; ev=0; } END { exit ev; }') && \
|
|
test -n "${qjs_version}" && \
|
|
printf -- "qjs_version = '%s'\n" "${qjs_version}" >> /app/common/third_party_versions.py
|
|
|
|
# Create a healthcheck
|
|
HEALTHCHECK --interval=1m --timeout=10s --start-period=3m CMD ["/app/healthcheck.py", "http://127.0.0.1:8080/healthcheck"]
|
|
|
|
# ENVS and ports
|
|
ENV DENO_DIR="/config/cache/deno" \
|
|
PYTHONPATH="/app" \
|
|
PYTHONPYCACHEPREFIX="/config/cache/pycache" \
|
|
S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
|
|
XDG_CACHE_HOME="/config/cache" \
|
|
XDG_CONFIG_HOME="/config/tubesync" \
|
|
XDG_STATE_HOME="/config/state"
|
|
EXPOSE 4848
|
|
|
|
# Volumes
|
|
VOLUME ["/config", "/downloads"]
|
|
|
|
# Entrypoint, start s6 init
|
|
ENTRYPOINT ["/init"]
|