forked from mozilla/bedrock
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
138 lines (99 loc) · 2.8 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
########
# assets builder and dev server
#
FROM node:16-slim AS assets
ENV PATH=/app/node_modules/.bin:$PATH
WORKDIR /app
# copy dependency definitions
COPY package.json package-lock.json ./
# install dependencies
RUN npm ci
# copy supporting files and media
COPY .eslintrc.js .eslintignore .stylelintrc .prettierrc.json .prettierignore webpack.config.js webpack.static.config.js ./
COPY ./media ./media
COPY ./tests/unit ./tests/unit
RUN npm run build
########
# Python dependencies builder
#
FROM python:3.9-slim-bullseye AS python-builder
WORKDIR /app
ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/venv/bin:$PATH"
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext build-essential libxml2-dev libxslt1-dev libxslt1.1
RUN python -m venv /venv
COPY requirements/prod.txt ./requirements/
# Install Python deps
RUN pip install --require-hashes --no-cache-dir -r requirements/prod.txt
########
# django app container
#
FROM python:3.9-slim-bullseye AS app-base
# Extra python env
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PATH="/venv/bin:$PATH"
# add non-priviledged user
RUN adduser --uid 1000 --disabled-password --gecos '' --no-create-home webdev
WORKDIR /app
EXPOSE 8000
CMD ["./bin/run.sh"]
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext libxslt1.1 git curl
# copy in Python environment
COPY --from=python-builder /venv /venv
# changes infrequently
COPY ./bin ./bin
COPY ./etc ./etc
COPY ./lib ./lib
COPY ./root_files ./root_files
COPY ./scripts ./scripts
COPY ./wsgi ./wsgi
COPY manage.py LICENSE newrelic.ini contribute.json ./
# changes more frequently
COPY ./docker ./docker
COPY ./bedrock ./bedrock
COPY ./l10n ./l10n
COPY ./media ./media
########
# expanded webapp image for testing and dev
#
FROM app-base AS devapp
CMD ["./bin/run-tests.sh"]
RUN apt-install make sqlite3
COPY docker/bin/ssllabs-scan /usr/local/bin/ssllabs-scan
COPY requirements/* ./requirements/
RUN pip install --require-hashes --no-cache-dir -r requirements/dev.txt
RUN pip install --require-hashes --no-cache-dir -r requirements/docs.txt
COPY ./setup.cfg ./
COPY ./pyproject.toml ./
COPY ./.coveragerc ./
COPY ./tests ./tests
RUN bin/run-sync-all.sh
RUN chown webdev.webdev -R .
# for bpython
RUN mkdir /home/webdev/
RUN touch /home/webdev/.pythonhist
RUN chown -R webdev /home/webdev/
USER webdev
# build args
ARG GIT_SHA=latest
ENV GIT_SHA=${GIT_SHA}
########
# final image for deployment
#
FROM app-base AS release
RUN bin/run-sync-all.sh
COPY --from=assets /app/assets /app/assets
RUN honcho run --env docker/envfiles/prod.env docker/bin/build_staticfiles.sh
RUN echo "${GIT_SHA}" > ./root_files/revision.txt
# Change User
RUN chown webdev.webdev -R .
USER webdev
# build args
ARG GIT_SHA=latest
ENV GIT_SHA=${GIT_SHA}