-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathDockerfile
135 lines (107 loc) · 3.91 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# This is a multi-stage build file, which means a stage is used to build
# the backend (dependencies), the frontend stack and a final production
# stage re-using assets from the build stages. This keeps the final production
# image minimal in size.
# Stage 1 - Backend build environment
# includes compilers and build tooling to create the environment
FROM python:3.11-slim-bookworm AS backend-build
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
pkg-config \
build-essential \
git \
libpq-dev \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl \
libgdk-pixbuf2.0-0 \
libffi-dev \
shared-mime-info \
# weasyprint deps (https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#debian-11)
libpango-1.0-0 \
libpangoft2-1.0-0 \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Use uv to install dependencies
RUN pip install uv -U
COPY ./requirements /app/requirements
RUN uv pip install --system -r requirements/production.txt
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
&& rm -rf /var/lib/apt/lists/*
# Stage 2 - Install frontend deps and build assets
FROM node:20-bookworm-slim AS frontend-build
WORKDIR /app
# copy configuration/build files
COPY ./build /app/build/
COPY ./*.json ./*.js ./.babelrc /app/
# install WITH dev tooling
RUN npm ci --legacy-peer-deps
# copy source code
COPY ./src /app/src
# build frontend
RUN npm run build
# Stage 3 - Build docker image suitable for production
FROM python:3.11-slim-bookworm
# Stage 3.1 - Set up the needed production dependencies
# Note: mime-support becomes media-types in Debian Bullseye (required for correctly serving mime-types for images)
# Also install the dependencies for GeoDjango
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
curl \
procps \
nano \
mime-support \
postgresql-client \
libgdal32 \
libgeos-c1v5 \
libproj25 \
libxmlsec1-dev \
libxmlsec1-openssl \
libgdk-pixbuf2.0-0 \
libffi-dev \
gettext \
shared-mime-info \
# weasyprint deps (https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#debian-11)
libpango-1.0-0 \
libpangoft2-1.0-0 \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY ./bin/docker_start.sh /start.sh
COPY ./bin/wait_for_db.sh /wait_for_db.sh
COPY ./bin/celery_worker.sh /celery_worker.sh
COPY ./bin/celery_beat.sh /celery_beat.sh
COPY ./bin/celery_monitor.sh /celery_monitor.sh
COPY ./bin/setup_configuration.sh /setup_configuration.sh
RUN mkdir /app/log /app/media /app/private_media /app/tmp
COPY ./bin/check_celery_worker_liveness.py ./bin/
# prevent writing to the container layer, which would degrade performance.
# This also serves as a hint for the intended volumes.
VOLUME ["/app/log", "/app/media", "/app/private_media"]
# copy backend build deps
COPY --from=backend-build /usr/local/lib/python3.11 /usr/local/lib/python3.11
COPY --from=backend-build /usr/local/bin/uwsgi /usr/local/bin/uwsgi
COPY --from=backend-build /usr/local/bin/celery /usr/local/bin/celery
# copy frontend build statics
COPY --from=frontend-build /app/src/open_inwoner/static /app/src/open_inwoner/static
# copy source code
COPY ./src /app/src
RUN useradd -M -u 1000 maykin
RUN chown -R maykin /app
# drop privileges
USER maykin
ARG RELEASE COMMIT_HASH
ENV GIT_SHA=${COMMIT_HASH}
ENV RELEASE=${RELEASE}
ENV DJANGO_SETTINGS_MODULE=open_inwoner.conf.docker
ENV DIGID_MOCK=True
ENV EHERKENNING_MOCK=True
ARG SECRET_KEY=dummy
LABEL org.label-schema.vcs-ref=$COMMIT_HASH \
org.label-schema.vcs-url="https://github.com/maykinmedia/open-inwoner" \
org.label-schema.version=$RELEASE \
org.label-schema.name="Open Inwoner"
# Run collectstatic and compilemessages, so the result is already included in
# the image
RUN python src/manage.py collectstatic --noinput \
&& python src/manage.py compilemessages
EXPOSE 8000
CMD ["/start.sh"]