-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
165 lines (149 loc) · 5.43 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
ARG PYTHON_IMG_TAG=3.11
ARG NODE_IMG_TAG=20.5.1
FROM node:${NODE_IMG_TAG}-bookworm-slim as frontend-base
COPY . ./app
WORKDIR /app/frontend
RUN mkdir -p ./node_modules
RUN npm install
RUN mkdir -p ./dist/css
RUN npm run build
# Define the base stage
FROM docker.io/python:${PYTHON_IMG_TAG}-slim-bookworm as base
ARG APP_VERSION
ARG COMMIT_REF
ARG PYTHON_IMG_TAG
LABEL org.hotosm.fmtm.app-name="backend" \
org.hotosm.fmtm.app-version="${APP_VERSION}" \
org.hotosm.fmtm.git-commit-ref="${COMMIT_REF:-none}" \
org.hotosm.fmtm.python-img-tag="${PYTHON_IMG_TAG}" \
org.hotosm.fmtm.maintainer="[email protected]" \
org.hotosm.fmtm.api-port="8000"
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends "locales" "ca-certificates" "gettext" "libmagickwand-dev" \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
&& rm -rf /var/lib/apt/lists/* \
&& update-ca-certificates
# Set locale
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# Extract dependencies using poetry (to requirements.txt)
FROM base as extract-deps
WORKDIR /opt/python
COPY pyproject.toml poetry.lock* /opt/python/
RUN pip install --no-cache-dir --upgrade pip \
&& pip install --no-cache-dir \
poetry==1.7.1 poetry-plugin-export==1.6.0 \
&& poetry config warnings.export false
RUN poetry export --without dev --output requirements.txt
RUN poetry export --with dev --output requirements-dev.txt
# Define build stage (install deps)
FROM base as build
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
"build-essential" \
"gcc" \
"libpq-dev" \
"libmariadb-dev" \
"libjpeg62-turbo-dev" \
"zlib1g-dev" \
"libwebp-dev" \
"nodejs" \
"npm" \
"libmagickwand-dev" \
&& rm -rf /var/lib/apt/lists/*
COPY --from=extract-deps \
/opt/python/requirements.txt /opt/python/
# Install dependencies
RUN pip install --user --no-warn-script-location \
--no-cache-dir -r /opt/python/requirements.txt
# Define run stage
FROM base as runtime
ARG PYTHON_IMG_TAG
ENV PORT=8000 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PATH="/home/wagtail/.local/bin:$PATH" \
PYTHONPATH="/app" \
PYTHON_LIB="/home/wagtail/.local/lib/python$PYTHON_IMG_TAG/site-packages" \
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
# Install non-dev versions of packages (smaller)
RUN apt-get update && apt-get install -y "curl"
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
"postgresql-client" \
"libmariadb3" \
"libjpeg62-turbo" \
"zlib1g" \
"libwebp-dev" \
"nodejs" \
"npm" \
"libmagickwand-dev" \
&& rm -rf /var/lib/apt/lists/*
# Copy the entrypoint script into the Docker image
COPY --chown=wagtail:wagtail container-entrypoint.sh /
# Copy pip dependencies from build stage
COPY --from=build \
/root/.local \
/home/wagtail/.local
# Copy compiled css from frontend stage
# In the final stage of your Dockerfile...
COPY --from=frontend-base /app/frontend/dist/css /app/frontend/dist/css
COPY --from=frontend-base /app/frontend/node_modules /app/frontend/node_modules
# Use /app folder as a directory where the source code is stored.
WORKDIR /app
# Copy project
COPY . /app/
# Add non-root user, permissions
RUN useradd -u 1001 -m -c "hotosm account" -d /home/wagtail -s /bin/false wagtail \
&& chown -R wagtail:wagtail /app /home/wagtail \
&& chmod +x /container-entrypoint.sh
# Change to non-root user
USER wagtail
# Add entrypoint for all following stages
ENTRYPOINT ["/container-entrypoint.sh"]
# Define dev-deps stage (install requirements-dev)
FROM runtime as dev-deps
COPY --from=extract-deps --chown=wagtail \
/opt/python/requirements-dev.txt /home/wagtail/
RUN pip install --user --no-warn-script-location \
--no-cache-dir -r /home/wagtail/requirements-dev.txt \
&& rm -r /home/wagtail/requirements-dev.txt
# Define test (ci) stage
FROM dev-deps as test
USER root
ARG PYTHON_IMG_TAG
# Copy packages from user to root dirs (run ci as root)
RUN mv /home/wagtail/.local/bin/* /usr/local/bin/ \
&& cp -R /home/wagtail/.local/lib/python${PYTHON_IMG_TAG}/site-packages/* \
/usr/local/lib/python${PYTHON_IMG_TAG}/site-packages/ \
&& rm -rf /home/wagtail/.local/ \
# Pre-compile packages to .pyc (init speed gains)
&& python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
CMD ["pytest"]
# Define debug (development) stage
FROM dev-deps as debug
# Add Healthcheck
HEALTHCHECK --start-period=10s --interval=5s --retries=20 --timeout=5s \
CMD curl --fail http://localhost:8000 || exit 1
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
# Define prod stage
FROM runtime as prod
# Add Healthcheck
HEALTHCHECK --start-period=10s --interval=5s --retries=20 --timeout=5s \
CMD curl --fail http://localhost:8000 || exit 1
# Pre-compile packages to .pyc (init speed gains)
USER root
RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
USER wagtail
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "hot_osm.wsgi:application"]