diff --git a/.github/workflows/__package.yml b/.github/workflows/__package.yml index 5b936acdc6b..503609080a2 100644 --- a/.github/workflows/__package.yml +++ b/.github/workflows/__package.yml @@ -239,7 +239,9 @@ jobs: - name: Extract built client from Docker image 🗜️ run: | docker load < docker_image.tar - docker cp $(docker create --name jf $(docker images --filter=reference='${{ env.REGISTRY_IMAGE }}' -q | head -n 1)):/usr/share/nginx/html/ ./dist + IMAGE_SHA=$(docker images --filter=reference='${{ env.REGISTRY_IMAGE }}' -q | head -n 1) + ASSETS=$(docker inspect $IMAGE_SHA --format='{{range .Config.Env}}{{println .}}{{end}}' | grep ^ASSETS= | cut -d '=' -f2-) + docker cp $(docker create --name jf $IMAGE_SHA):$ASSETS/ ./dist - name: Create provenance attestation 🔏 uses: actions/attest-build-provenance@v1.4.4 diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile index 3f2b29d88ee..dddbbbd2ea0 100644 --- a/packaging/docker/Dockerfile +++ b/packaging/docker/Dockerfile @@ -21,14 +21,18 @@ RUN npm ci --no-audit && npm run build # Deploy built distribution to nginx FROM nginx:stable-alpine-slim -COPY packaging/docker/contents/nginx.conf /etc/nginx/conf.d/default.conf +ENV ASSETS=/usr/share/nginx/html +ENV NGINX_DEFAULT_SITE_CONFIG=/etc/nginx/conf.d/default.conf + +COPY packaging/docker/contents/nginx.conf "$NGINX_DEFAULT_SITE_CONFIG" COPY packaging/docker/contents/*.sh / -COPY LICENSE /usr/share/licenses/jellyfin-vue.LICENSE +COPY LICENSE /usr/share/licenses/jellyfin-vue -RUN rm -rf /usr/share/nginx/html/* -COPY --from=build /app/frontend/dist/ /usr/share/nginx/html/ +RUN rm -rf "$ASSETS"/* +COPY --from=build /app/frontend/dist/ "$ASSETS" RUN chmod +x /*.sh && /postunpack.sh && rm /postunpack.sh USER nginx +WORKDIR "$ASSETS" EXPOSE 80 diff --git a/packaging/docker/contents/docker-entrypoint.sh b/packaging/docker/contents/docker-entrypoint.sh index 52e520d1633..0ff1b1bf8f8 100755 --- a/packaging/docker/contents/docker-entrypoint.sh +++ b/packaging/docker/contents/docker-entrypoint.sh @@ -1,14 +1,10 @@ #!/bin/sh -## If the command has not been replaced by the user (i.e docker run image /bin/sh), -## follow through the setup process -if [[ "$*" = "nginx -g daemon off;" ]]; then - echo "==== Starting Jellyfin Vue setup ====" - echo - /setup.sh - echo - echo "==== Setup finished! ====" - echo -e "\n" -fi +echo "==== Starting Jellyfin Vue setup ====" +echo +/setup.sh +echo +echo "==== Setup finished! ====" +echo exec "$@" diff --git a/packaging/docker/contents/nginx.conf b/packaging/docker/contents/nginx.conf index 5b4dcd3d7c7..c59720080c0 100644 --- a/packaging/docker/contents/nginx.conf +++ b/packaging/docker/contents/nginx.conf @@ -1,6 +1,6 @@ server { listen 80; - root /usr/share/nginx/html; + root ${ASSETS}; location / { # First attempt to serve request as file, then as directory, then fall back to redirecting to index.html # This is needed for history mode in Vue router: https://router.vuejs.org/guide/essentials/history-mode.html#nginx diff --git a/packaging/docker/contents/postunpack.sh b/packaging/docker/contents/postunpack.sh index c250049146c..216016679c2 100644 --- a/packaging/docker/contents/postunpack.sh +++ b/packaging/docker/contents/postunpack.sh @@ -9,8 +9,10 @@ apk add --no-cache jq # CONTAINER ROOTLESS SETUP ### Set correct permissions and make frontend config.json file editable for the runtime user mkdir -p /run/nginx -chown nginx:nginx -R /run/nginx /var/cache/nginx /usr/share/nginx/html/config.json +chown nginx:nginx -R /run/nginx /var/cache/nginx "$ASSETS"/config.json sed -i 's|/var/run|/var/run/nginx|g' $NGINX_CONFIG_FILE +## Replaces the 'root' directive with the value of $ASSETS +sed -i "s|\${ASSETS}|${ASSETS}|g" "$NGINX_DEFAULT_SITE_CONFIG" ## The 'user' config option is useless when running rootless and gives a warning sed -i '/^user /d' $NGINX_CONFIG_FILE ## Allow to open privileged ports @@ -21,7 +23,10 @@ apk --purge del libcap # Trim image apk --purge del apk-tools rm -rf /docker-entrypoint.d /.dockerenv /usr/sbin/nginx-debug -rm -rf /usr/share/zoneinfo -rm -rf /sbin/apk /etc/apk /lib/apk /usr/share/apk /var/lib/apk -rm -rf /usr/lib/libcrypto* /usr/lib/libintl* /usr/lib/libssl* \ - /usr/lib/engines-3 /usr/lib/modules-load.d /usr/lib/nginx /usr/lib/ossl-modules +rm -rf /usr/share/zoneinfo /usr/share/man +rm -rf /var/cache/apk +rm -rf /etc/nginx/fast* /etc/nginx/*_params /etc/nginx/modules +rm -rf /sbin/apk /etc/apk /lib/apk /usr/share/apk /var/lib/apk /lib/libapk* +rm -rf /usr/lib/libintl* /lib/libintl* +rm -rf /usr/lib/engines-3 /usr/lib/modules-load.d /usr/lib/nginx /usr/lib/ossl-modules +rm -rf /etc/ssl diff --git a/packaging/docker/contents/setup.sh b/packaging/docker/contents/setup.sh index db907ecbdb1..a72ed278d88 100755 --- a/packaging/docker/contents/setup.sh +++ b/packaging/docker/contents/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh -CONFIG_FILE_PATH="/usr/share/nginx/html/config.json" +CONFIG_FILE_PATH="$ASSETS/config.json" echo "Writing data to $CONFIG_FILE_PATH..." if [[ "$HISTORY_ROUTER_MODE" == "0" ]]; then @@ -15,7 +15,12 @@ else ALLOW_SERVER_SELECTION=true fi -echo "DEFAULT_SERVERS value: $DEFAULT_SERVERS" +if [ -n "$DEFAULT_SERVERS" ]; then + echo "DEFAULT_SERVERS value: $DEFAULT_SERVERS" +else + echo "No DEFAULT_SERVERS value specified" +fi + echo "ALLOW_SERVER_SELECTION value: $ALLOW_SERVER_SELECTION" echo "ROUTER_MODE value: $ROUTER_MODE"