-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
179 lines (130 loc) · 4.89 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# syntax=docker/dockerfile:1
# Keep this syntax directive! It's used to enable Docker BuildKit
# Based on: https://gist.github.com/usr-ein/c42d98abca3cb4632ab0c2c6aff8c88a
##################################################
# Stage 1 - Build Frontend
# Pull base image
FROM node:22-alpine AS frontend-build
# Build args
ARG API_URL
ARG AUTHSCH_CLIENT_ID
ARG BSS_CLIENT_ID
ARG GOOGLE_CLIENT_ID
ARG MICROSOFT_CLIENT_ID
ARG RECAPTCHA_SITE_KEY
ARG SENTRY_URL
# Environment vars
ENV VITE_API_URL=$API_URL
ENV VITE_AUTHSCH_CLIENT_ID=$AUTHSCH_CLIENT_ID
ENV VITE_BSS_CLIENT_ID=$BSS_CLIENT_ID
ENV VITE_GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID
ENV VITE_MICROSOFT_CLIENT_ID=$MICROSOFT_CLIENT_ID
ENV VITE_RECAPTCHA_SITE_KEY=$RECAPTCHA_SITE_KEY
ENV VITE_SENTRY_URL=$SENTRY_URL
# Set work directory
WORKDIR /app/frontend
# Copy package.json and package-lock.json to Docker environment
COPY ./frontend/package*.json /app/frontend/
# Update npm and install all required node packages
RUN npm install -g npm@latest && npm install --silent
# Copy everything over to Docker environment
COPY ./frontend /app/frontend
# Build the frontend
RUN npm run build
##################################################
# Stage 2 - Build Admin dashboard
# Pull base image
FROM node:22-alpine AS frontend-admin-build
# Build args
ARG API_URL
ARG SENTRY_URL_ADMIN
# Environment vars
ENV VITE_API_URL=$API_URL
ENV VITE_SENTRY_URL=$SENTRY_URL_ADMIN
# Set work directory
WORKDIR /app/frontend-admin
# Copy package.json and package-lock.json to Docker environment
COPY ./frontend-admin/package*.json /app/frontend-admin/
# Update npm and install all required node packages
RUN npm install -g npm@latest && npm install --silent
# Copy everything over to Docker environment
COPY ./frontend-admin /app/frontend-admin
# Build the frontend
RUN npm run build
##################################################
# Stage 3 - Backend base
# Pull base image
FROM python:3.12-alpine AS backend-base
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
\
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
\
POETRY_VERSION=1.8.3 \
POETRY_HOME="/opt/poetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
POETRY_NO_INTERACTION=1 \
\
PYSETUP_PATH="/opt/pysetup" \
VIRTUAL_ENV="/opt/pysetup/.venv"
# Add Poetry and Venv to Path
ENV PATH="$POETRY_HOME/bin:$VIRTUAL_ENV/bin:$PATH"
##################################################
# Stage 4 - Backend builder
# Use backend-base image as base
FROM backend-base AS backend-builder
# Install build dependencies
RUN apk update && apk add curl postgresql-dev
# Install Poetry - respects $POETRY_VERSION & $POETRY_HOME
# The --mount will mount the buildx cache directory to where
# Poetry and Pip store their cache so that they can re-use it
RUN --mount=type=cache,target=/root/.cache \
curl -sSL https://install.python-poetry.org | python3 -
# Set work directory
WORKDIR $PYSETUP_PATH
# Copy project requirement files here to ensure they will be cached
COPY backend/poetry.lock $PYSETUP_PATH
COPY backend/pyproject.toml $PYSETUP_PATH
# Install runtime dependencies
RUN --mount=type=cache,target=/root/.cache \
poetry install --without=debug,dev,test --with=prod
##################################################
# Stage 5 - The Production Environment
# Use backend-base image as base
FROM backend-base AS request-manager-production
# Create the app user
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
# Copy built runtime dependencies from builder container
COPY --from=backend-builder $PYSETUP_PATH $PYSETUP_PATH
# Install runtime dependency for psycopg[c]
RUN apk update && apk add --no-cache libpq
# Copy everything over to Docker environment
COPY ./backend /app/backend
# Copy built frontend assets
RUN mkdir -p /app/frontend/build
COPY --from=frontend-build /app/frontend/build /app/frontend/build-temp
COPY --from=frontend-admin-build /app/frontend-admin/build /app/frontend-admin/build
# Have to move all static files other than index.html to root/ for whitenoise middleware
WORKDIR /app/frontend
RUN mkdir build/root && mv build-temp/index.html build/index.html && mv build-temp/static build/static && mv build-temp/* build/root && rm -r build-temp
# Change the owner of all files to the app user
RUN chown -R appuser:appgroup /app
# Change to the app user
USER appuser
# Collect static files
WORKDIR /app/backend
RUN python manage.py collectstatic --no-input --clear --settings=core.settings.base
# Open port
EXPOSE 8000
# Copy and run entrypoint.sh (make sure line endings are UNIX style)
COPY --chown=appuser:appgroup ./docker-entrypoint.sh /app/entrypoint.sh
RUN dos2unix /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh
ENTRYPOINT ["/app/entrypoint.sh"]
# Set health check
HEALTHCHECK --start-period=10s --interval=5m \
CMD python manage.py health_check
# Start the server
CMD ["gunicorn", "--bind=0.0.0.0:8000", "--workers=5", "--threads=2", "core.wsgi"]