eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/containers/miniflux/container.py
Erich Blume 99480ce4f3 Miniflux 2.2.19 upgrade, container.py migration, ty typechecker, mise version tracking 
- Upgrade miniflux from 2.2.17 to 2.2.19 (SSRF hardening, performance)
- Migrate miniflux from Dockerfile to native Dagger container.py build
- Refactor alpine_runtime() with create_user param for existing users
- Add ty Python typechecker to prek hooks with Dagger SDK config
- Pin all mise.toml tool versions (no more "latest")
- Add type: mise to service-versions.yaml for development tool tracking
- Add mise-specific review guidance to service-review script and docs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 08:22:57 -07:00

61 lines
1.7 KiB
Python
Raw Blame History

"""Miniflux RSS feed reader — native Dagger build.
Two-stage build: Go (backend with PIE), Alpine (runtime).
Source cloned from forge mirror.
"""
import dagger
from dagger import dag
from blumeops.containers import (
alpine_runtime,
clone_from_forge,
oci_labels,
)
VERSION = "2.2.19"
async def build(src: dagger.Directory) -> dagger.Container:
source = clone_from_forge("miniflux", VERSION)
# Stage 1: Build Go backend (PIE mode, matching upstream Makefile)
ldflags = f"-s -w -X 'miniflux.app/v2/internal/version.Version={VERSION}'"
backend = (
dag.container()
.from_("golang:alpine3.22")
.with_exec(["apk", "add", "--no-cache", "build-base", "git"])
.with_directory("/app", source)
.with_workdir("/app")
.with_env_variable("CGO_ENABLED", "1")
.with_exec(
[
"go",
"build",
"-buildmode=pie",
f"-ldflags={ldflags}",
"-o",
"/miniflux",
".",
]
)
)
# Stage 2: Runtime (uses Alpine's built-in nobody:65534)
runtime = alpine_runtime(
extra_apk=["ca-certificates", "tzdata"],
create_user=False,
)
runtime = oci_labels(
runtime,
title="Miniflux",
description="Miniflux is a minimalist and opinionated feed reader",
version=VERSION,
)
return (
runtime.with_file("/usr/bin/miniflux", backend.file("/miniflux"))
.with_exposed_port(8080)
.with_env_variable("LISTEN_ADDR", "0.0.0.0:8080")
.with_user("65534")
.with_default_args(args=["/usr/bin/miniflux"])
)
Reference in a new issue View git blame Copy permalink