meshtastic-firmware/alpine.Dockerfile

# trunk-ignore-all(trivy/DS002): We must run as root for this container
# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
# trunk-ignore-all(hadolint/DL3018): Do not pin apk package versions
# trunk-ignore-all(hadolint/DL3013): Do not pin pip package versions

FROM python:3.13-alpine3.22 AS builder
ARG PIO_ENV=native
ENV PIP_ROOT_USER_ACTION=ignore

RUN apk --no-cache add \
        bash g++ libstdc++-dev linux-headers zip git ca-certificates libgpiod-dev yaml-cpp-dev bluez-dev \
        libusb-dev i2c-tools-dev libuv-dev openssl-dev pkgconf argp-standalone \
        libx11-dev libinput-dev libxkbcommon-dev \
    && rm -rf /var/cache/apk/* \
    && pip install --no-cache-dir -U platformio \
    && mkdir /tmp/firmware

WORKDIR /tmp/firmware
COPY . /tmp/firmware

# Create small package (no debugging symbols)
# Add `argp` for musl
ENV PLATFORMIO_BUILD_FLAGS="-Os -ffunction-sections -fdata-sections -Wl,--gc-sections -largp"

RUN bash ./bin/build-native.sh "$PIO_ENV" && \
    cp "/tmp/firmware/release/meshtasticd_linux_$(uname -m)" "/tmp/firmware/release/meshtasticd"

# ##### PRODUCTION BUILD #############

FROM alpine:3.22
LABEL org.opencontainers.image.title="Meshtastic" \
      org.opencontainers.image.description="Alpine Meshtastic daemon" \
      org.opencontainers.image.url="https://meshtastic.org" \
      org.opencontainers.image.documentation="https://meshtastic.org/docs/" \
      org.opencontainers.image.authors="Meshtastic" \
      org.opencontainers.image.licenses="GPL-3.0-or-later" \
      org.opencontainers.image.source="https://github.com/meshtastic/firmware/"

# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root
USER root

RUN apk --no-cache add \
        shadow libstdc++ libgpiod yaml-cpp libusb i2c-tools libuv \
        libx11 libinput libxkbcommon \
    && rm -rf /var/cache/apk/* \
    && mkdir -p /var/lib/meshtasticd \
    && mkdir -p /etc/meshtasticd/config.d \
    && mkdir -p /etc/meshtasticd/ssl

# Fetch compiled binary from the builder
COPY --from=builder /tmp/firmware/release/meshtasticd /usr/bin/
# Copy config templates
COPY ./bin/config.d /etc/meshtasticd/available.d

WORKDIR /var/lib/meshtasticd
VOLUME /var/lib/meshtasticd

EXPOSE 4403

CMD [ "sh",  "-cx", "meshtasticd --fsdir=/var/lib/meshtasticd" ]

HEALTHCHECK NONE
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00			`# trunk-ignore-all(trivy/DS002): We must run as root for this container`
			`# trunk-ignore-all(hadolint/DL3002): We must run as root for this container`
junk in the Trunk (#6149) 2025-02-25 08:41:45 +00:00			`# trunk-ignore-all(hadolint/DL3018): Do not pin apk package versions`
			`# trunk-ignore-all(hadolint/DL3013): Do not pin pip package versions`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00
Update Alpine to 3.22 (#6927) 2025-06-07 21:49:24 +00:00			`FROM python:3.13-alpine3.22 AS builder`
Docker is fun (#6623) 2025-04-18 14:29:39 +00:00			`ARG PIO_ENV=native`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00			`ENV PIP_ROOT_USER_ACTION=ignore`
Docker is fun (#6623) 2025-04-18 14:29:39 +00:00
junk in the Trunk (#6149) 2025-02-25 08:41:45 +00:00			`RUN apk --no-cache add \`
			`bash g++ libstdc++-dev linux-headers zip git ca-certificates libgpiod-dev yaml-cpp-dev bluez-dev \`
Add UDP multicast support on linux. (#6342) * Add UDP multicast support on linux. Closes #6326 We tested it an it works. This is really hacky to say the least. * Add libuv to Linux packaging * Trunkadunk * Correct ref * Add libuv1-dev to setup-native --------- Co-authored-by: vidplace7 <vidplace7@gmail.com> Co-authored-by: Ben Meadors <benmmeadors@gmail.com> 2025-03-20 13:47:39 +00:00			`libusb-dev i2c-tools-dev libuv-dev openssl-dev pkgconf argp-standalone \`
Add TFT docker builds (for CI) (#6614) 2025-04-18 12:27:38 +00:00			`libx11-dev libinput-dev libxkbcommon-dev \`
junk in the Trunk (#6149) 2025-02-25 08:41:45 +00:00			`&& rm -rf /var/cache/apk/* \`
			`&& pip install --no-cache-dir -U platformio \`
			`&& mkdir /tmp/firmware`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00
			`WORKDIR /tmp/firmware`
			`COPY . /tmp/firmware`

			`# Create small package (no debugging symbols)`
			# Add `argp` for musl
			`ENV PLATFORMIO_BUILD_FLAGS="-Os -ffunction-sections -fdata-sections -Wl,--gc-sections -largp"`

Add TFT docker builds (for CI) (#6614) 2025-04-18 12:27:38 +00:00			`RUN bash ./bin/build-native.sh "$PIO_ENV" && \`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00			`cp "/tmp/firmware/release/meshtasticd_linux_$(uname -m)" "/tmp/firmware/release/meshtasticd"`

			`# ##### PRODUCTION BUILD #############`

Update Alpine to 3.22 (#6927) 2025-06-07 21:49:24 +00:00			`FROM alpine:3.22`
Stop the madness! Run as a user (not root) (#6718) * Stop the madness! Run as a user (not root) * Trigger fsdir migration for < 2.6.9 --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com> 2025-05-15 11:40:46 +00:00			`LABEL org.opencontainers.image.title="Meshtastic" \`
			`org.opencontainers.image.description="Alpine Meshtastic daemon" \`
			`org.opencontainers.image.url="https://meshtastic.org" \`
			`org.opencontainers.image.documentation="https://meshtastic.org/docs/" \`
			`org.opencontainers.image.authors="Meshtastic" \`
			`org.opencontainers.image.licenses="GPL-3.0-or-later" \`
			`org.opencontainers.image.source="https://github.com/meshtastic/firmware/"`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00
			`# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root`
			`USER root`

junk in the Trunk (#6149) 2025-02-25 08:41:45 +00:00			`RUN apk --no-cache add \`
Stop the madness! Run as a user (not root) (#6718) * Stop the madness! Run as a user (not root) * Trigger fsdir migration for < 2.6.9 --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com> 2025-05-15 11:40:46 +00:00			`shadow libstdc++ libgpiod yaml-cpp libusb i2c-tools libuv \`
Add TFT docker builds (for CI) (#6614) 2025-04-18 12:27:38 +00:00			`libx11 libinput libxkbcommon \`
junk in the Trunk (#6149) 2025-02-25 08:41:45 +00:00			`&& rm -rf /var/cache/apk/* \`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00			`&& mkdir -p /var/lib/meshtasticd \`
Portduino: Set Web SSL Cert / Key paths from yaml (#5961) 2025-02-01 08:58:58 +00:00			`&& mkdir -p /etc/meshtasticd/config.d \`
			`&& mkdir -p /etc/meshtasticd/ssl`
docker alpine: Add available.d config templates (#6631) 2025-04-19 04:29:59 +00:00
			`# Fetch compiled binary from the builder`
Stop the madness! Run as a user (not root) (#6718) * Stop the madness! Run as a user (not root) * Trigger fsdir migration for < 2.6.9 --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com> 2025-05-15 11:40:46 +00:00			`COPY --from=builder /tmp/firmware/release/meshtasticd /usr/bin/`
docker alpine: Add available.d config templates (#6631) 2025-04-19 04:29:59 +00:00			`# Copy config templates`
			`COPY ./bin/config.d /etc/meshtasticd/available.d`
meshtasticd-docker: Alpine container (#5659) 2024-12-26 19:00:50 +00:00
			`WORKDIR /var/lib/meshtasticd`
			`VOLUME /var/lib/meshtasticd`

			`EXPOSE 4403`

			`CMD [ "sh", "-cx", "meshtasticd --fsdir=/var/lib/meshtasticd" ]`

			`HEALTHCHECK NONE`