-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile
83 lines (72 loc) · 2.8 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
FROM python:3.11 as development_build
# This is only available at build, and is a required variable
ARG ENV
# These provide default environment variable definitions; can be overridden at runtime through
# `-e` commandline argument or env_file
ENV ENV=${ENV} \
# python:
PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
PYTHONHASHSEED=random \
PYTHONPATH="${PYTHONPATH}:/code" \
# pip:
PIP_NO_CACHE_DIR=off \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
# dockerize:
DOCKERIZE_VERSION=v0.6.1 \
# poetry:
POETRY_VERSION=1.5.1 \
POETRY_VIRTUALENVS_CREATE=false \
POETRY_CACHE_DIR='/var/cache/pypoetry'
# System deps:
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
bash \
build-essential \
curl \
gettext \
git \
libpq-dev \
wget \
make \
# Cleaning cache:
&& apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* \
# Installing `dockerize` utility:
# https://github.com/jwilder/dockerize
&& wget "https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz" \
&& tar -C /usr/local/bin -xzvf "dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz" \
&& rm "dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz" && dockerize --version \
# Update setuptools so that pytest-cov works
&& pip install --upgrade setuptools \
# Installing `poetry` package manager:
# https://github.com/python-poetry/poetry
&& pip install "poetry==$POETRY_VERSION" && poetry --version
# Copy only requirements, to cache them in docker layer (volume is not available on build)
WORKDIR /code
COPY ./poetry.lock ./pyproject.toml /code/
# Project initialization:
RUN echo "$ENV" \
&& poetry install --no-root --no-interaction --no-ansi \
$(if [ "$ENV" = 'production' ]; then echo '--only main'; fi) \
# Cleaning poetry installation's cache for production:
&& if [ "$ENV" = 'production' ]; then rm -rf "$POETRY_CACHE_DIR"; fi
# These are special cases used as code entrypoints:
COPY ./docker/entrypoint.sh ./docker/gunicorn.sh /
# Setting up proper permissions:
RUN chmod +x '/entrypoint.sh' \
&& chmod +x '/gunicorn.sh' \
&& groupadd -r web && mkdir -p /home/web \
&& useradd -d /home/web -r -g web web \
&& chown web:web -R /code && chown web:web -R /home/web
# Running as non-root user:
USER web
# Custom entrypoint ensures that full stack is up and running in local development environment:
ENTRYPOINT ["/entrypoint.sh"]
# The following stage is only for production deployments.
# (The development_build sets things up for a full local stack; this step
# copies in the code so we don't need volumes)
FROM development_build as production_build
COPY --chown=web:web ./alembic.ini /code/
COPY --chown=web:web ./api /code/api
COPY --chown=web:web ./migrations /code/migrations