-
-
Notifications
You must be signed in to change notification settings - Fork 275
/
Dockerfile
106 lines (87 loc) · 3.21 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
ARG DEBIAN_IMG_TAG=slim-bookworm
ARG PYTHON_IMG_TAG=3.10
FROM docker.io/python:${PYTHON_IMG_TAG}-${DEBIAN_IMG_TAG} as base
ARG APP_VERSION=0.1.0
ARG DOCKERFILE_VERSION=0.5.0
ARG ALPINE_IMG_TAG
ARG DEBIAN_IMG_TAG
ARG PYTHON_IMG_TAG
ARG MAINTAINER=sysadmin@hotosm.org
LABEL org.hotosm.tasks.app-version="${APP_VERSION}" \
org.hotosm.tasks.debian-img-tag="${DEBIAN_IMG_TAG}" \
org.hotosm.tasks.python-img-tag="${PYTHON_IMG_TAG}" \
org.hotosm.tasks.dockerfile-version="${DOCKERFILE_VERSION}" \
org.hotosm.tasks.maintainer="${MAINTAINER}" \
org.hotosm.tasks.api-port="5000"
# Fix timezone (do not change - see issue #3638)
ENV TZ UTC
# Add non-root user, permissions, init log dir
RUN useradd --uid 9000 --create-home --home /home/appuser --shell /bin/false appuser
FROM base as extract-deps
RUN pip install --no-cache-dir --upgrade pip
WORKDIR /opt/python
COPY pyproject.toml pdm.lock README.md /opt/python/
RUN pip install --no-cache-dir pdm==2.18.1
RUN pdm export --prod --without-hashes > requirements.txt
FROM base as build
RUN pip install --no-cache-dir --upgrade pip
WORKDIR /opt/python
# Setup backend build-time dependencies
RUN apt-get update && apt-get install --no-install-recommends -y \
build-essential \
libffi-dev \
libgeos-dev \
postgresql-server-dev-15 \
python3-dev \
&& rm -rf /var/lib/apt/lists/*
# Setup backend Python dependencies
COPY --from=extract-deps \
/opt/python/requirements.txt /opt/python/
USER appuser:appuser
RUN pip install --user --no-warn-script-location \
--no-cache-dir -r /opt/python/requirements.txt
FROM base as runtime
ARG PYTHON_IMG_TAG
WORKDIR /usr/src/app
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PATH="/home/appuser/.local/bin:$PATH" \
PYTHON_LIB="/home/appuser/.local/lib/python$PYTHON_IMG_TAG/site-packages" \
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
# Setup backend runtime dependencies
RUN apt-get update && \
apt-get install --no-install-recommends -y \
libgeos3.11.1 postgresql-client proj-bin && \
rm -rf /var/lib/apt/lists/*
COPY --from=build \
/home/appuser/.local \
/home/appuser/.local
USER appuser:appuser
COPY backend backend/
COPY migrations migrations/
COPY scripts/world scripts/world/
COPY scripts/database scripts/database/
COPY manage.py .
FROM runtime as debug
RUN pip install --user --no-warn-script-location \
--no-cache-dir debugpy==1.8.5
EXPOSE 5678/tcp
CMD ["python", "-m", "debugpy", "--wait-for-client", "--listen", "0.0.0.0:5678", \
"-m", "gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
"--reload", "--log-level", "error"]
FROM runtime as prod
USER root
RUN apt-get update && \
apt-get install -y curl && \
rm -rf /var/lib/apt/lists/*
# Pre-compile packages to .pyc (init speed gains)
RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
RUN python -m compileall .
EXPOSE 5000/tcp
USER appuser:appuser
# Default gunicorn worker count is 1
# For prod the WEB_CONCURRENCY env var can be used to set this
CMD ["gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
"--log-level", "error"]