-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathDockerfile
162 lines (138 loc) · 4.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# hadolint global ignore=DL3059
FROM python:3.12.7-slim-bookworm AS build
ARG TARGET=prod
ARG TARGETARCH
ARG TINI_VERSION=0.19.0
ARG PIP_VERSION=23.3.1
ARG PIPREQS_VERSION=0.12.0
ARG START_VERSION=0.2
ENV PYTHONUNBUFFERED=1 \
PATH=/root/.local/bin:$PATH \
PROCFILE_PATH=/app/Procfile \
LC_ALL=C.UTF-8
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN mkdir -p /usr/share/man/man1/ /usr/share/man/man7/
RUN apt-get update && apt-get upgrade -y
# Dependencies
# hadolint ignore=DL3008
RUN apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gettext \
libcairo2 \
libcap2-bin \
libffi8 \
libfreetype6 \
libjpeg62-turbo \
libopenjp2-7 \
libpcre3 \
libssl3 \
libtiff6 \
libxslt1.1 \
libyaml-0-2 \
mime-support \
postgresql-client-15 \
wget \
zlib1g
# hadolint ignore=DL3008
RUN if [ "$TARGET" = "dev" ] ; then apt-get install -y --no-install-recommends \
autoconf \
automake \
autotools-dev \
build-essential \
cmake \
gcc \
gfortran \
libatlas-base-dev \
libopenblas-dev \
libcairo2-dev \
libffi-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
liblapack-dev \
liblcms2-dev \
libopenjp2-7-dev \
libpcre3-dev \
libpq-dev \
libssl-dev \
libtiff-dev \
libwebp-dev \
libxslt-dev \
libyaml-dev \
ninja-build \
pkg-config \
zlib1g-dev \
; fi
# In dev, install Rust as many packages use it behind the scenes
# (e.g. langchain, AI tools, etc.)
# hadolint ignore=SC2086
RUN if [ "$TARGET" = "dev" ] ; then \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y; \
for i in $HOME/.cargo/bin/*; do ln -s "$i" "/usr/bin/$(basename $i)"; done \
fi
# Workaround for a bug in hub.docker.com
RUN ln -s -f /bin/true /usr/bin/chfn
# Install tini
RUN if [ "$TARGETARCH" = "arm64" ] ; then \
curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-arm64 ; \
else \
curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini ; \
fi
RUN chmod +x /tini
# Python environment setup
RUN pip install --no-cache-dir pip==${PIP_VERSION}
RUN pip install --no-cache-dir pip-reqs==${PIPREQS_VERSION}
RUN pip install --no-cache-dir start==${START_VERSION}
# TODO: Avoid the need for pip-tools
# hadolint ignore=DL3013
RUN if [ "$TARGET" = "dev" ] ; then \
pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel ; \
fi
COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.py
RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.pth
# Cleanup
RUN apt-get autoremove -y && \
apt-get clean && \
rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/root/.cache \
/var/cache/apt/archives/partial \
/var/log/apt/term.log \
/run/utmp \
/var/log/wtmp \
/var/log/btmp \
/var/log/lastlog
# Application environment setup
RUN mkdir -p /app /data
# The group of the following files has to be changed to root for multistage
# builds to work with userns remapping enabled. This is a bug in the Docker
# legacy builder: https://github.com/moby/moby/issues/34645
# Initially belonging to group staff
RUN chgrp -R root /usr/local /var/local
# Initially belonging to group shadow
RUN chgrp root \
/etc/gshadow \
/etc/shadow \
/usr/bin/expiry \
/usr/bin/chage \
/sbin/unix_chkpwd
# Initially belonging to group tty
RUN chgrp root /usr/bin/wall
# Initially belonging to group mail
RUN chgrp root /var/mail
FROM scratch
COPY --from=build / /
# Execution environment setup
RUN useradd --create-home --user-group -u 1000 app
ENV LC_ALL=C.UTF-8 \
NVM_DIR=/opt/nvm \
PATH=/root/.local/bin:$PATH \
PIP_REQUIRE_VIRTUALENV=false \
PROCFILE_PATH=/app/Procfile \
PYTHONUNBUFFERED=1 \
WHEELS_PLATFORM=bookworm-py312
WORKDIR /app
EXPOSE 80/tcp 443/tcp
ENTRYPOINT ["/tini", "-g", "--"]
CMD ["start", "web"]