From aabc3648926af1fefc35c20a1d6d654791438001 Mon Sep 17 00:00:00 2001 From: Khakers <22665282+khakers@users.noreply.github.com> Date: Sat, 30 Dec 2023 20:53:15 -0800 Subject: [PATCH] refactor dockerfile to install dependencies with pdm and dockerfile to allowlist Moves adduser statements to beginning of base image --- .dockerignore | 171 ++++------------------------------------- Dockerfile | 23 ++++-- dev.docker-compose.yml | 1 - pyproject.toml | 1 + 4 files changed, 30 insertions(+), 166 deletions(-) diff --git a/.dockerignore b/.dockerignore index b852c0ebc7..bd3c727cda 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,159 +1,14 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class +# Ignore everything +* +# Ignore the IDE, these are not duplicate and not having this makes the build context potentially *very* large +** +!/cogs +!/core +!/plugins +!/src +!*.py +!LICENSE +!pdm.lock +!pyproject.toml +!README.md -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -.hypothesis/ -.pytest_cache/ -.ruff_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -venv2/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# PyCharm -.idea/ - -# MacOS -.DS_Store - -# VS Code -.vscode/ - -# Node -package-lock.json -node_modules/ - -# Modmail -config.json -plugins/ -!plugins/registry.json -!plugins/@local/ -temp/ -test.py - -# Other stuff -.env.example -.gitignore -.dockerignore -.github/ -app.json -Procfile -pyproject.toml -*.md -.*.json -Dockerfile -docker-compose.yml -LICENSE -PRIVACY.md - -# Docs -docs/ - -.pdm-python \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c58f9ffec0..d4838263a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,19 +7,28 @@ RUN apk update && apk add git \ FROM base as python-deps RUN apk add --virtual build-deps build-base gcc libffi-dev -COPY requirements.txt / -RUN pip install --prefix=/inst -U -r /requirements.txt + +#Install pdm +RUN pip install -U pip setuptools wheel +RUN pip install pdm + +COPY pyproject.toml pdm.lock README.md /modmail/ + +WORKDIR /modmail +RUN pdm sync --prod --no-editable --fail-fast FROM base as runtime +RUN adduser --disabled-password modmail +USER modmail + + ENV USING_DOCKER yes -COPY --from=python-deps /inst /usr/local +COPY --chown=modmail:modmail --from=python-deps /modmail /modmail -COPY . /modmail +COPY --chown=modmail:modmail . /modmail WORKDIR /modmail +ENV PATH="/modmail/.venv/bin:${PATH}" CMD ["python", "bot.py"] -RUN adduser --disabled-password --gecos '' app && \ - chown -R app /modmail -USER app diff --git a/dev.docker-compose.yml b/dev.docker-compose.yml index e5b9fbb267..8480f24826 100644 --- a/dev.docker-compose.yml +++ b/dev.docker-compose.yml @@ -11,7 +11,6 @@ services: - mongo mongo: image: mongo:7 - restart: always volumes: - mongodb:/data/db ports: diff --git a/pyproject.toml b/pyproject.toml index 16efc127b6..6fffa0af3d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -75,6 +75,7 @@ dependencies = [ "cffi~=1.15.0", "strenum", "discord-py~=2.3.0", + "setuptools>=69.0.3", ] requires-python = ">=3.10" readme = "README.md"