forked from mozilla/bedrock
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
136 lines (101 loc) · 2.81 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
########
# assets builder and dev server
#
FROM node:8-slim AS assets
ENV PATH=/app/node_modules/.bin:$PATH
WORKDIR /app
# copy dependency definitions
COPY package.json yarn.lock ./
# install dependencies
RUN yarn install --pure-lockfile
RUN yarn global add [email protected]
# copy supporting files and media
COPY .eslintrc.js .stylelintrc gulpfile.js ./
COPY ./media ./media
RUN gulp build --production
########
# Python dependencies builder
#
FROM python:3.7-slim-buster AS python-builder
WORKDIR /app
ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/venv/bin:$PATH"
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext build-essential libxml2-dev libxslt1-dev libxslt1.1
RUN python -m venv /venv
COPY requirements/base.txt requirements/prod.txt ./requirements/
# Install Python deps
RUN pip install --no-cache-dir -r requirements/prod.txt
########
# django app container
#
FROM python:3.7-slim-buster AS app-base
# Extra python env
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PATH="/venv/bin:$PATH"
# add non-priviledged user
RUN adduser --uid 1000 --disabled-password --gecos '' --no-create-home webdev
WORKDIR /app
EXPOSE 8000
CMD ["./bin/run.sh"]
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext libxslt1.1 git
# copy in Python environment
COPY --from=python-builder /venv /venv
# changes infrequently
COPY ./bin ./bin
COPY ./etc ./etc
COPY ./lib ./lib
COPY ./root_files ./root_files
COPY ./scripts ./scripts
COPY ./wsgi ./wsgi
COPY manage.py LICENSE newrelic.ini contribute.json ./
# changes more frequently
COPY ./docker ./docker
COPY ./vendor-local ./vendor-local
COPY ./bedrock ./bedrock
COPY ./l10n ./l10n
COPY ./media ./media
########
# expanded webapp image for testing and dev
#
FROM app-base AS devapp
CMD ["./bin/run-tests.sh"]
RUN apt-install make
COPY requirements/base.txt requirements/dev.txt requirements/migration.txt requirements/docs.txt ./requirements/
RUN pip install --no-cache-dir -r requirements/dev.txt
RUN pip install --no-cache-dir -r requirements/docs.txt
COPY ./setup.cfg ./
COPY ./tests ./tests
# build args
ARG GIT_SHA=latest
ARG BRANCH_NAME=master
ENV GIT_SHA=${GIT_SHA}
ENV BRANCH_NAME=${BRANCH_NAME}
# rely on build args
RUN bin/run-sync-all.sh
# get fresh l10n files
RUN ./manage.py l10n_update
RUN chown webdev.webdev -R .
USER webdev
########
# final image for deployment
#
FROM app-base AS release
COPY --from=assets /app/static_final /app/static_final
RUN honcho run --env docker/envfiles/prod.env docker/bin/build_staticfiles.sh
# build args
ARG GIT_SHA=latest
ARG BRANCH_NAME=master
ENV GIT_SHA=${GIT_SHA}
ENV BRANCH_NAME=${BRANCH_NAME}
# rely on build args
RUN bin/run-sync-all.sh
RUN echo "${GIT_SHA}" > ./root_files/revision.txt
# Change User
RUN chown webdev.webdev -R .
USER webdev