Skip to content

Commit

Permalink
Make backend image rootless
Browse files Browse the repository at this point in the history
  • Loading branch information
thomashbrnrd committed Aug 30, 2023
1 parent 18d91b3 commit 14c1c01
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 22 deletions.
34 changes: 34 additions & 0 deletions backend/.dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Include any files or directories that you don't want to be copied to your
# container here (e.g., local build artifacts, temporary files, etc.).
#
# For more help, visit the .dockerignore file reference guide at
# https://docs.docker.com/engine/reference/builder/#dockerignore-file

**/.DS_Store
**/__pycache__
**/.venv
**/.classpath
**/.dockerignore
**/.env
**/.git
**/.gitignore
**/.project
**/.settings
**/.toolstarget
**/.vs
**/.vscode
**/*.*proj.user
**/*.dbmdl
**/*.jfm
**/bin
**/charts
**/docker-compose*
**/compose*
**/Dockerfile*
**/node_modules
**/npm-debug.log
**/obj
**/secrets.dev.yaml
**/values.dev.yaml
LICENSE
README.md
48 changes: 33 additions & 15 deletions backend/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
FROM python:3.9-slim-buster as base
FROM python:3.9-slim as base

WORKDIR /app

# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser

# certificates config
ARG CACERT_LOCATION
COPY ./cert/. /etc/ssl/certs/
Expand All @@ -13,32 +26,37 @@ RUN apt update && apt install -y \
gcc \
&& rm -rf /var/lib/apt/lists/*

# install python libraries (except torch)
COPY requirements/ requirements/
ENV PIP_CERT=$CACERT_LOCATION
RUN pip --default-timeout=300 install --upgrade pip \
&& pip --default-timeout=300 install --no-cache-dir -r requirements/common.txt \
&& rm -r /root/.cache

# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
# Leverage a bind mount to requirements.txt to avoid having to copy them into
# into this layer.
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
python -m pip install -r requirements.txt

ARG VERSION
ARG MODEL="EffB7_2023-03-06_08"
ENV SSL_CERT_FILE=$CACERT_LOCATION
RUN curl -o model.pth https://storage.gra.cloud.ovh.net/v1/AUTH_df731a99a3264215b973b3dee70a57af/basegun-public/models/${MODEL}/${MODEL}.pth
COPY src/ src/
COPY . .
RUN mkdir -p src/weights \
&& mv model.pth src/weights/model.pth \
&& echo '{"app": "'${VERSION}'", "model": "'${MODEL}'"}' > versions.json

# launch website
# Copy the source code into the container.
COPY . .

# Expose the port that the application listens on.
EXPOSE 8000

# Install pytorch
FROM base as dev
RUN pip --default-timeout=300 install --no-cache-dir -r requirements/dev.txt
CMD ["uvicorn", "src.main:app", "--reload", "--host", "0.0.0.0", "--port", "5000"]
RUN pip install torch==1.13.0 torchvision==0.14.0 --extra-index-url https://download.pytorch.org/whl/cpu

FROM base as test
RUN pip install -r requirements/dev.txt && pip install requests && rm -r /root/.cache
COPY tests/ tests/
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "5000"]
RUN pip install requests torch==1.13.0 torchvision==0.14.0 --extra-index-url https://download.pytorch.org/whl/cpu

FROM base as prod
RUN pip install --no-cache-dir -r requirements/prod.txt
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "5000"]
RUN pip install torch==1.13.0+cpu torchvision==0.14.0+cpu --extra-index-url https://download.pytorch.org/whl/cpu
25 changes: 25 additions & 0 deletions backend/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
version: '3.8'
services:
backend:
build:
context: .
target: dev
user: appuser
command: uvicorn src.main:app --reload --host 0.0.0.0 --port 8000
environment:
- PATH_LOGS=/tmp/logs
- OS_USERNAME
- OS_PASSWORD
- OS_PROJECT_NAME
- http_proxy
- https_proxy
- UVICORN_LOG_LEVEL=${UVICORN_LOG_LEVEL}
- LOG_LEVEL=${UVICORN_LOG_LEVEL}
- no_proxy
- WORKSPACE=dev
- REQUESTS_CA_BUNDLE=$CACERT_LOCATION
ports:
- 8000:8000
volumes:
- .:/code
- /code/src/weights
File renamed without changes.
3 changes: 0 additions & 3 deletions backend/requirements/dev.txt

This file was deleted.

3 changes: 0 additions & 3 deletions backend/requirements/prod.txt

This file was deleted.

4 changes: 3 additions & 1 deletion docker-compose-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ services:
context: ./backend
target: ${BUILD_TARGET:-dev}
container_name: basegun-backend
command: uvicorn src.main:app --reload --host 0.0.0.0 --port 8000
user: appuser
environment:
- PATH_LOGS=/app/logs
- OS_USERNAME
Expand All @@ -25,7 +27,7 @@ services:
- REQUESTS_CA_BUNDLE=$CACERT_LOCATION
image: basegun-backend:${TAG:-2.0}-dev
ports:
- 5000:5000
- 8000:8000
volumes:
- $PWD/backend/src:/app/src
- $PWD/backend/tests:/app/tests
Expand Down

0 comments on commit 14c1c01

Please sign in to comment.