a6b2cea31f
Container: - Dockerfile → Containerfile; drop gosu, entrypoint, PUID/PGID user-switching - HOME=/config so Path.home()/.aws resolves to runtime-mounted credentials - docker-compose.yml → compose.yml with userns_mode: keep-id for Podman rootless - .dockerignore → .containerignore - boto3 unpinned from 1.34.0 to >=1.34.0 CI: - Remove Woodpecker (.woodpecker.yml, .woodpecker/) - Add Forgejo Actions (.forgejo/workflows/ci.yml, publish.yml) - CI: syntax check, security scan, container lint (hadolint), build test - Publish: build and push to Quay.io on main push and version tags Cleanup: - Remove entrypoint.sh (no longer needed) - Remove scripts/build-and-push.sh and PUBLISHING.md (superseded by CI) - All docker → podman command references updated Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
687 B
YAML
23 lines
687 B
YAML
services:
|
|
sgo:
|
|
build: .
|
|
container_name: sgo
|
|
ports:
|
|
- "${SGO_PORT:-5000}:5000"
|
|
# keep-id maps your host UID into the container — no root, no user switching needed.
|
|
# Podman only; remove this line if using Docker.
|
|
userns_mode: keep-id
|
|
volumes:
|
|
# Your AWS credentials, read-only. Set AWS_CONFIG_PATH in .env or shell.
|
|
# Defaults to ~/.aws if not set.
|
|
- ${AWS_CONFIG_PATH:-${HOME}/.aws}:/config/.aws:ro,z
|
|
# Persistent database storage
|
|
- sgo-data:/app/data
|
|
environment:
|
|
- DEBUG=${DEBUG:-false}
|
|
- FLASK_ENV=${FLASK_ENV:-production}
|
|
- PYTHONUNBUFFERED=1
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
sgo-data:
|