Add build-time bake of Seafile release (BAKE_SEAFILE_VERSION/BAKE_SEAFILE_TGZ_URL) to avoid runtime downloads

Dockerfile

@@ -15,6 +15,9 @@ ENV DEBIAN_FRONTEND=noninteractive \
 # Optional build-time args (not used to download by default; runtime entrypoint handles artifacts)
 ARG SEAFILE_VERSION=""
 ARG SEAFILE_TGZ_URL=""
+# Optional build-time bake of Seafile release to avoid runtime downloads (useful for air-gapped clusters)
+ARG BAKE_SEAFILE_VERSION=""
+ARG BAKE_SEAFILE_TGZ_URL=""
 
 # OS packages
 RUN set -eux; \
@@ -58,6 +61,26 @@ RUN set -eux; \
     chmod 0644 ${SEAFILE_HOME}/docker/gunicorn.conf.py || true; \
     chmod 0644 ${SEAFILE_HOME}/docker/seahub_settings.py.template || true
 
+# Optionally bake the Seafile server release at build time when BAKE_* args are provided.
+# This prevents runtime network fetch and avoids boot loops in restricted networks.
+RUN set -eux; \
+    if [ -n "${BAKE_SEAFILE_TGZ_URL}" ] || [ -n "${BAKE_SEAFILE_VERSION}" ]; then \
+      url="${BAKE_SEAFILE_TGZ_URL}"; \
+      if [ -z "${url}" ] && [ -n "${BAKE_SEAFILE_VERSION}" ]; then \
+        url="https://download.seadrive.org/seafile-server_${BAKE_SEAFILE_VERSION}_x86-64.tar.gz"; \
+      fi; \
+      mkdir -p ${SEAFILE_HOME}/releases; \
+      curl -fsSL "${url}" -o ${SEAFILE_HOME}/releases/seafile-server.tgz; \
+      tar -xzf ${SEAFILE_HOME}/releases/seafile-server.tgz -C ${SEAFILE_HOME}/releases; \
+      extracted="$(tar -tzf ${SEAFILE_HOME}/releases/seafile-server.tgz | head -1 | cut -d/ -f1)"; \
+      if [ -n "${extracted}" ] && [ -d "${SEAFILE_HOME}/releases/${extracted}" ]; then \
+        ln -s "${SEAFILE_HOME}/releases/${extracted}" "${SEAFILE_HOME}/seafile-server-latest"; \
+      else \
+        echo "Failed to determine extracted release directory from tarball"; \
+        exit 1; \
+      fi; \
+    fi
+
 # Environment defaults (can be overridden by TrueNAS app env)
 ENV SEAFILE_SERVER_HOSTNAME=localhost \
     SEAFILE_SERVER_URL=http://localhost \