Added dockerfile etc from Bitnami

Signed-off-by: Marcus Noble <[email protected]>

Author: AverageMarcus

.github/workflows/docker-publish.yml

@@ -0,0 +1,83 @@
+name: Docker
+
+on:
+  push:
+    branches: [ "main" ]
+    tags: [ 'v*.*.*' ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

Dockerfile

@@ -0,0 +1,63 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+FROM docker.io/bitnami/minideb:bookworm
+
+ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
+ARG TARGETARCH
+
+LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
+      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
+      org.opencontainers.image.created="2025-08-18T11:35:17Z" \
+      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
+      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ghost/README.md" \
+      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ghost" \
+      org.opencontainers.image.title="ghost" \
+      org.opencontainers.image.vendor="Broadcom, Inc." \
+      org.opencontainers.image.version="6.0.4"
+
+ENV HOME="/" \
+    OS_ARCH="${TARGETARCH:-amd64}" \
+    OS_FLAVOUR="debian-12" \
+    OS_NAME="linux"
+
+COPY prebuildfs /
+SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
+# Install required system packages and dependencies
+RUN install_packages acl ca-certificates curl jq libaudit1 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libicu72 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncurses6 libncursesw6 libnsl2 libpam0g libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 libxml2 procps zlib1g
+RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
+    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
+    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
+    COMPONENTS=( \
+      "python-3.12.11-9-linux-${OS_ARCH}-debian-12" \
+      "node-22.18.0-0-linux-${OS_ARCH}-debian-12" \
+      "mysql-client-12.0.2-0-linux-${OS_ARCH}-debian-12" \
+      "ghost-6.0.4-0-linux-${OS_ARCH}-debian-12" \
+    ) ; \
+    for COMPONENT in "${COMPONENTS[@]}"; do \
+      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
+        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
+        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
+      fi ; \
+      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
+      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
+      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
+    done
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+RUN chmod g+rwX /opt/bitnami
+RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
+
+COPY rootfs /
+RUN /opt/bitnami/scripts/ghost/postunpack.sh
+RUN /opt/bitnami/scripts/mysql-client/postunpack.sh
+ENV APP_VERSION="6.0.4" \
+    BITNAMI_APP_NAME="ghost" \
+    PATH="/opt/bitnami/python/bin:/opt/bitnami/node/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ghost/bin:$PATH"
+
+EXPOSE 2368 3000
+
+WORKDIR /opt/bitnami/ghost
+USER 1001
+ENTRYPOINT [ "/opt/bitnami/scripts/ghost/entrypoint.sh" ]
+CMD [ "/opt/bitnami/scripts/ghost/run.sh" ]

README.md

@@ -1,2 +1,9 @@
 # ghost-container
+
 Fork of the Bitnami Ghost container image
+
+---
+
+Pinned at the latest, at time of commit, version available for this container image.
+
+This is then available from GHCR as: `ghcr.io/namelessplanet/ghost-container:6.0.4-debian-12-r1`

prebuildfs/opt/bitnami/.bitnami_components.json

@@ -0,0 +1,26 @@
+{
+    "ghost": {
+        "arch": "amd64",
+        "distro": "debian-12",
+        "type": "NAMI",
+        "version": "6.0.4-0"
+    },
+    "mysql-client": {
+        "arch": "amd64",
+        "distro": "debian-12",
+        "type": "NAMI",
+        "version": "12.0.2-0"
+    },
+    "node": {
+        "arch": "amd64",
+        "distro": "debian-12",
+        "type": "NAMI",
+        "version": "22.18.0-0"
+    },
+    "python": {
+        "arch": "amd64",
+        "distro": "debian-12",
+        "type": "NAMI",
+        "version": "3.12.11-9"
+    }
+}

prebuildfs/opt/bitnami/licenses/licenses.txt

@@ -0,0 +1,2 @@
+Bitnami containers ship with software bundles. You can find the licenses under:
+/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

prebuildfs/opt/bitnami/scripts/libbitnami.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Bitnami custom library
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/liblog.sh
+
+# Constants
+BOLD='\033[1m'
+
+# Functions
+
+########################
+# Print the welcome page
+# Globals:
+#   DISABLE_WELCOME_MESSAGE
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_welcome_page() {
+    if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
+        if [[ -n "$BITNAMI_APP_NAME" ]]; then
+            print_image_welcome_page
+        fi
+    fi
+}
+
+########################
+# Print the welcome page for a Bitnami Docker image
+# Globals:
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_image_welcome_page() {
+    local github_url="https://github.com/bitnami/containers"
+
+    info ""
+    info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
+    info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
+    info "${YELLOW}NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267${RESET}"
+    info ""
+}
+

prebuildfs/opt/bitnami/scripts/libfile.sh

@@ -0,0 +1,141 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Library for managing files
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/libos.sh
+
+# Functions
+
+########################
+# Replace a regex-matching string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+#   $4 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+replace_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+    local posix_regex=${4:-true}
+
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    else
+        result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Replace a regex-matching multiline string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+# Returns:
+#   None
+#########################
+replace_in_file_multiline() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+
+    local result
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
+    echo "$result" > "$filename"
+}
+
+########################
+# Remove a line in a file based on a regex
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+remove_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local posix_regex=${3:-true}
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "/$match_regex/d" "$filename")"
+    else
+        result="$(sed "/$match_regex/d" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Appends text after the last line matching a pattern
+# Arguments:
+#   $1 - file
+#   $2 - match regex
+#   $3 - contents to add
+# Returns:
+#   None
+#########################
+append_file_after_last_match() {
+    local file="${1:?missing file}"
+    local match_regex="${2:?missing pattern}"
+    local value="${3:?missing value}"
+
+    # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
+    result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
+    echo "$result" > "$file"
+}
+
+########################
+# Wait until certain entry is present in a log file
+# Arguments:
+#   $1 - entry to look for
+#   $2 - log file
+#   $3 - max retries. Default: 12
+#   $4 - sleep between retries (in seconds). Default: 5
+# Returns:
+#   Boolean
+#########################
+wait_for_log_entry() {
+    local -r entry="${1:-missing entry}"
+    local -r log_file="${2:-missing log file}"
+    local -r retries="${3:-12}"
+    local -r interval_time="${4:-5}"
+    local attempt=0
+
+    check_log_file_for_entry() {
+        if ! grep -qE "$entry" "$log_file"; then
+            debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
+            return 1
+        fi
+    }
+    debug "Checking that ${log_file} log file contains entry \"${entry}\""
+    if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
+        debug "Found entry \"${entry}\" in ${log_file}"
+        true
+    else
+        error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
+        debug_execute cat "$log_file"
+        return 1
+    fi
+}