feat: Move to Gitlab CI builds

.gitlab-ci.yml

@@ -0,0 +1,26 @@
+---
+services:
+  - docker:19.03-dind
+
+include:
+  - template: Container-Scanning.gitlab-ci.yml
+  - remote: https://raw.githubusercontent.com/LANsible/gitlab-includes/master/docker-login.yml
+  - remote: https://raw.githubusercontent.com/LANsible/gitlab-includes/master/docker-build.yml
+  - remote: https://raw.githubusercontent.com/LANsible/gitlab-includes/master/sast-cis-benchmark.yml
+
+stages:
+  - build
+  - test
+  - publish
+
+publish_branch:
+  variables:
+    DOCKER_IMAGE_NAME: lansible/zigbee2mqtt
+
+publish_tag:
+  variables:
+    DOCKER_IMAGE_NAME: lansible/zigbee2mqtt
+
+publish_latest:
+  variables:
+    DOCKER_IMAGE_NAME: lansible/zigbee2mqtt

Dockerfile

@@ -1,13 +1,14 @@
+# syntax=docker/dockerfile:experimental
+
 FROM alpine:3.10 as builder
 
-ARG VERSION=master
+ENV VERSION=1.7.1
 
 LABEL maintainer="wilmardo" \
   description="Zigbee2MQTT from scratch"
 
-RUN addgroup -S -g 1000 zigbee2mqtt 2>/dev/null && \
-  adduser -S -u 1000 -D -H -h /dev/shm -s /sbin/nologin -G zigbee2mqtt -g zigbee2mqtt zigbee2mqtt 2>/dev/null && \
-  addgroup zigbee2mqtt dialout
+# Add unprivileged user
+RUN echo "zigbee2mqtt:x:1000:1000:zigbee2mqtt:/:" > /etc_passwd
 
 # See the upstream Dockerfile for reference:
 # https://github.com/Koenkk/zigbee2mqtt/blob/dev/docker/Dockerfile
@@ -22,43 +23,42 @@ RUN apk --no-cache add \
   npm \
   upx
 
-RUN git clone --depth 1 --single-branch --branch dev-stateless https://github.com/wilmardo/zigbee2mqtt.git /zigbee2mqtt
+RUN git clone --depth 1 --single-branch --branch ${VERSION} https://github.com/Koenkk/zigbee2mqtt.git /zigbee2mqtt
 
 WORKDIR /zigbee2mqtt
 
 # Makeflags source: https://math-linux.com/linux/tip-of-the-day/article/speedup-gnu-make-build-and-compilation-process
-# NOTE(wilmardo): --build is needed for dynamic require that serialport/bindings seems to use
-# NOTE(wilmardo): For the upx steps and why --empty see: https://github.com/nexe/nexe/issues/366
 RUN CORES=$(grep -c '^processor' /proc/cpuinfo); \
   export MAKEFLAGS="-j$((CORES+1)) -l${CORES}"; \
   npm install --unsafe-perm && \
-  npm install --unsafe-perm --global nexe && \
-  nexe \
-  --build \
-  --empty \
-  --output zigbee2mqtt && \
-  upx --best /root/.nexe/*/out/Release/node && \
-  nexe \
-  --build \
-  --output zigbee2mqtt
+  npm install --unsafe-perm --global nexe
+
+# NOTE(wilmardo): --build is needed for dynamic require that serialport/bindings seems to use
+# NOTE(wilmardo): For the upx steps and why --empty see: https://github.com/nexe/nexe/issues/366
+RUN nexe \
+    --build \
+    --empty \
+    --output zigbee2mqtt && \
+  upx --best /root/.nexe/*/out/Release/node
+
+RUN nexe \
+    --build \
+    --output zigbee2mqtt
 
 FROM scratch
 
 ENV ZIGBEE2MQTT_DATA=/data
 
+# Copy the unprivileged user
+COPY --from=builder /etc_passwd /etc/passwd
+
 # Copy /bin/busybox to be able to use an entrypoint
 # Entrypoint uses basename, mkdir and ln
 COPY --from=builder \
   /bin/busybox \
   /bin/udevadm \
   /bin/
 
-# Copy users from builder
-COPY --from=builder \
-  /etc/passwd \
-  /etc/group \
-  /etc/
-
 # Copy needed libs
 COPY --from=builder \
   /lib/ld-musl-*.so.1 \

entrypoint.sh

@@ -3,7 +3,6 @@
 # Create aliases to busybox
 alias basename="/bin/busybox basename"
 alias ln="/bin/busybox ln"
-alias mkdir="/bin/busybox mkdir"
 
 # Create symlinks when config mounted, else exit
 if [ ! -d "/data" ]; then
@@ -21,7 +20,7 @@ if [ -d "/config" ]; then
       ln -sf "/config/$filename" "/data/$filename"
     fi
   done
-else 
+else
   # Print warning when no config was found, could be intentional
   echo "No /config found, no symlink will be created"
 fi