🐳 Updated Dockerfile to more closely follow Open Forms

- Added os upgrade to be sure the libraries as up to date as possible everytime the image is built. - Replaced vim with nano - Used uv instead of pip (super fast drop in replacement) - Compile translatable messages during build - Added Celery beat script - Added proper release scheme attributes
maykinmedia · Jul 17, 2024 · 1727af9 · 1727af9
1 parent b3eb953
commit 1727af9
Showing 1 changed file with 31 additions and 20 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@
 # includes compilers and build tooling to create the environment
 FROM python:3.11-slim-bookworm AS backend-build
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
         pkg-config \
         build-essential \
         git \
@@ -24,21 +24,21 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
-RUN mkdir /app/src
 
-# Ensure we use the latest version of pip
-RUN pip install pip>=24 setuptools -U
+# Use uv to install dependencies
+RUN pip install uv -U
 COPY ./requirements /app/requirements
-RUN pip install -r requirements/production.txt
 
-
-# Stage 2 - Install frontend deps and build assets
-FROM node:20-buster AS frontend-build
+ARG TARGET_ENVIRONMENT=production
+RUN uv pip install --system -r requirements/${TARGET_ENVIRONMENT}.txt
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
         git \
     && rm -rf /var/lib/apt/lists/*
 
+# Stage 2 - Install frontend deps and build assets
+FROM node:20-bookworm-slim AS frontend-build
+
 WORKDIR /app
 
 # copy configuration/build files
@@ -54,19 +54,17 @@ COPY ./src /app/src
 # build frontend
 RUN npm run build
 
-
 # Stage 3 - Build docker image suitable for production
-
 FROM python:3.11-slim-bookworm
 
 # Stage 3.1 - Set up the needed production dependencies
 # Note: mime-support becomes media-types in Debian Bullseye (required for correctly serving mime-types for images)
 # Also install the dependencies for GeoDjango
-
 RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
         curl \
         procps \
-        vim \
+        nano \
+        mime-support \
         postgresql-client \
         libgdal32 \
         libgeos-c1v5 \
@@ -75,8 +73,8 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-reco
         libxmlsec1-openssl \
         libgdk-pixbuf2.0-0 \
         libffi-dev \
+        gettext \
         shared-mime-info \
-        mime-support \
         # weasyprint deps (https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#debian-11)
         libpango-1.0-0 \
         libpangoft2-1.0-0 \
@@ -86,15 +84,18 @@ WORKDIR /app
 COPY ./bin/docker_start.sh /start.sh
 COPY ./bin/wait_for_db.sh /wait_for_db.sh
 COPY ./bin/celery_worker.sh /celery_worker.sh
-COPY ./bin/check_celery_worker_liveness.py ./bin/
+COPY ./bin/celery_beat.sh /celery_beat.sh
 COPY ./bin/setup_configuration.sh /setup_configuration.sh
-RUN mkdir /app/log
-RUN mkdir /app/media
+RUN mkdir /app/log /app/media /app/private_media /app/tmp
+COPY ./bin/check_celery_worker_liveness.py ./bin/
+
+# prevent writing to the container layer, which would degrade performance.
+# This also serves as a hint for the intended volumes.
+VOLUME ["/app/log", "/app/media", "/app/private_media"]
 
 # copy backend build deps
 COPY --from=backend-build /usr/local/lib/python3.11 /usr/local/lib/python3.11
 COPY --from=backend-build /usr/local/bin/uwsgi /usr/local/bin/uwsgi
-COPY --from=backend-build /app/src/ /app/src/
 COPY --from=backend-build /usr/local/bin/celery /usr/local/bin/celery
 
 # copy frontend build statics
@@ -109,16 +110,26 @@ RUN chown -R maykin /app
 # drop privileges
 USER maykin
 
-ARG COMMIT_HASH
+ARG RELEASE COMMIT_HASH
 ENV GIT_SHA=${COMMIT_HASH}
+ENV RELEASE=${RELEASE}
+
 ENV DJANGO_SETTINGS_MODULE=open_inwoner.conf.docker
+
 ENV DIGID_MOCK=True
 ENV EHERKENNING_MOCK=True
 
 ARG SECRET_KEY=dummy
 
-# Run collectstatic, so the result is already included in the image
-RUN python src/manage.py collectstatic --noinput
+LABEL org.label-schema.vcs-ref=$COMMIT_HASH \
+      org.label-schema.vcs-url="https://github.com/maykinmedia/open-inwoner" \
+      org.label-schema.version=$RELEASE \
+      org.label-schema.name="Open Inwoner"
+
+# Run collectstatic and compilemessages, so the result is already included in
+# the image
+RUN python src/manage.py collectstatic --noinput \
+    && python src/manage.py compilemessages
 
 EXPOSE 8000
 CMD ["/start.sh"]