build: lightweight busybox-based container build (#5285)

Dockerfile

@@ -1,23 +1,37 @@
-FROM alpine:3.22
+## Multistage build: First stage fetches dependencies
+FROM alpine:3.22 AS fetcher
 
+# install and copy ca-certificates, mailcap, and tini-static; download JSON.sh
 RUN apk update && \
-  apk --no-cache add ca-certificates mailcap jq tini
+    apk --no-cache add ca-certificates mailcap tini-static && \
+    wget -O /JSON.sh https://raw.githubusercontent.com/dominictarr/JSON.sh/0d5e5c77365f63809bf6e77ef44a1f34b0e05840/JSON.sh
 
-# Make user and create necessary directories
+## Second stage: Use lightweight BusyBox image for final runtime environment
+FROM busybox:1.37.0-musl
+
+# Define non-root user UID and GID
 ENV UID=1000
 ENV GID=1000
 
+# Create user group and user
 RUN addgroup -g $GID user && \
-  adduser -D -u $UID -G user user && \
-  mkdir -p /config /database /srv && \
-  chown -R user:user /config /database /srv
+    adduser -D -u $UID -G user user
 
-# Copy files and set permissions
-COPY filebrowser /bin/filebrowser
-COPY docker/common/ /
-COPY docker/alpine/ /
+# Copy binary, scripts, and configurations into image with proper ownership
+COPY --chown=user:user filebrowser /bin/filebrowser
+COPY --chown=user:user docker/common/ /
+COPY --chown=user:user docker/alpine/ /
+COPY --chown=user:user --from=fetcher /sbin/tini-static /bin/tini
+COPY --from=fetcher /JSON.sh /JSON.sh
+COPY --from=fetcher /etc/ca-certificates.conf /etc/ca-certificates.conf
+COPY --from=fetcher /etc/ca-certificates /etc/ca-certificates
+COPY --from=fetcher /etc/mime.types /etc/mime.types
+COPY --from=fetcher /etc/ssl /etc/ssl
 
-RUN chown -R user:user /bin/filebrowser /defaults healthcheck.sh init.sh
+# Create data directories, set ownership, and ensure healthcheck script is executable
+RUN mkdir -p /config /database /srv && \
+    chown -R user:user /config /database /srv \
+    && chmod +x /healthcheck.sh
 
 # Define healthcheck script
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh