-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathDockerfile
92 lines (78 loc) · 2.49 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
FROM python:3.12-alpine
# Ensure that the environment uses UTF-8 encoding by default.
ENV LANG en_US.UTF-8
# Disable pip cache dir.
ENV PIP_NO_CACHE_DIR 1
# Allow pip install as root.
ENV PIP_ROOT_USER_ACTION ignore
# Stops Python default buffering to stdout, improving logging to the console.
ENV PYTHONUNBUFFERED 1
# Create a non-root user for the container.
ARG USERNAME=app
ARG USER_UID=1000
ARG USER_GID=$USER_UID
RUN addgroup \
--gid $USER_GID \
$USERNAME \
&& adduser \
--uid $USER_UID \
--ingroup $USERNAME \
--disabled-password \
$USERNAME
# Define app home and workdir.
ENV APP_HOME /home/$USERNAME
WORKDIR $APP_HOME
# Define frontend environment.
ENV YARN_VERSION "4.5.3"
# Copy the whole project except for what is in .dockerignore.
COPY --chown=$USERNAME:$USERNAME . .
# Update and install common OS packages.
RUN apk update --no-cache && apk upgrade --no-cache
# Build the backend.
RUN set -eux; \
\
# Needed at runtime.
apk add --no-cache \
libpq \
libxslt \
libxml2 \
; \
# Needed only at build time, so we can delete after use.
apk add --no-cache --virtual .backend-deps \
gcc \
libxml2-dev \
libxslt-dev \
linux-headers \
musl-dev \
pkgconf \
python3-dev \
; \
pip install -U pip; \
pip install --no-cache-dir -r requirements/base.txt; \
# Remove keys that aren't needed by the application but would be
# flagged as a vulnerability by our Docker image scanner.
rm /usr/local/lib/python3.12/site-packages/tornado/test/test.key; \
rm /usr/local/lib/python3.12/site-packages/wpull/proxy/proxy.key; \
rm /usr/local/lib/python3.12/site-packages/wpull/testing/test.pem; \
apk del .backend-deps
# Build the frontend.
ENV NODE_ENV=production
RUN set -eux; \
\
# Needed only at build time, so we can delete after use.
apk add --no-cache --virtual .frontend-deps npm \
curl; \
npm install -g corepack; \
corepack enable; \
corepack prepare yarn@${YARN_VERSION} --activate; \
yarn install; \
yarn build; \
# We don't need node_modules once we've built our frontend.
rm -rf ./node_modules; \
apk del .frontend-deps
# Run the application with the user we created.
USER $USERNAME
ARG PORT=8000
EXPOSE $PORT
ENV PORT $PORT
CMD python manage.py runserver 0.0.0.0:$PORT