changing base image to python nginx

uc-cdis · Nov 1, 2024 · 4cf74d5 · 4cf74d5
1 parent 448332d
commit 4cf74d5
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 95 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,80 +1,45 @@
 ARG AZLINUX_BASE_VERSION=master
 
 # Base stage with python-build-base
-FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} AS base
+FROM quay.io/cdis/python-nginx-al:${AZLINUX_BASE_VERSION} AS base
 
-# Comment this in, and comment out the line above, if quay is down
-# FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base
+ENV appname=audit
 
-ENV POETRY_NO_INTERACTION=1 \
-    POETRY_VIRTUALENVS_IN_PROJECT=1 \
-    POETRY_VIRTUALENVS_CREATE=1
+COPY --chown=gen3:gen3 /src/${appname} /${appname}
 
-COPY . /src/
-
-WORKDIR /src
-
-# create gen3 user
-# Create a group 'gen3' with GID 1000 and a user 'gen3' with UID 1000
-RUN groupadd -g 1000 gen3 && \
-    mkdir -p /env && \
-    useradd -m -s /bin/bash -u 1000 -g gen3 gen3  && \
-    chown -R gen3:gen3 /src && \
-    chown -R gen3:gen3 /env
-
-RUN pip install --upgrade pip poetry
+WORKDIR /${appname}
 
 # Builder stage
 FROM base AS builder
 
-USER gen3
+RUN mkdir /env && \
+    chown -R gen3:gen3 /env
 
-COPY poetry.lock pyproject.toml /src/
+USER gen3
 
+COPY poetry.lock pyproject.toml /${appname}/
 
-RUN python -m venv /env && . /env/bin/activate && poetry install -vv --no-interaction
+RUN python3 -m venv /env && . /env/bin/activate && poetry install -vv --no-interaction --without dev
 
-COPY --chown=gen3:gen3 . /src
-COPY --chown=gen3:gen3 ./deployment/wsgi/wsgi.py /src/wsgi.py
+COPY --chown=gen3:gen3 . /${appname}
+COPY --chown=gen3:gen3 ./deployment/wsgi/wsgi.py /${appname}/wsgi.py
 
 # Run poetry again so this app itself gets installed too
-RUN python -m venv /env && . /env/bin/activate && poetry install -vv --no-interaction
+RUN python3 -m venv /env && . /env/bin/activate && poetry install -vv --no-interaction --without dev
 
 # Final stage
 FROM base
 
 COPY --from=builder /env /env
-COPY --from=builder /src /src
-
-# install nginx
-RUN yum install nginx -y
-
-# allows nginx to run on port 80 without being root user
-RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx
-
-# chown nginx directories
-RUN chown -R gen3:gen3 /var/log/nginx
-
-# pipe nginx logs to stdout and stderr
-RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
-
-# create /var/lib/nginx/tmp/client_body to allow nginx to write to indexd
-RUN mkdir -p /var/lib/nginx/tmp/client_body
-RUN chown -R gen3:gen3 /var/lib/nginx/
-
-# copy nginx config
-COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY --from=builder /${appname} /${appname}
 
 # Switch to non-root user 'gen3' for the serving process
+
 USER gen3
 
 RUN source /env/bin/activate
 
-ENV PYTHONUNBUFFERED=1 \
-    PYTHONIOENCODING=UTF-8
-
-
 # Add /env/bin to PATH
 ENV PATH="/env/bin:$PATH"
 
-CMD ["/bin/bash", "-c", "/src/dockerrun.bash"]
+CMD ["/bin/bash", "-c", "/${appname}/dockerrun.bash"]
diff --git a/deployment/nginx/nginx.conf b/deployment/nginx/nginx.conf
diff --git a/dockerrun.bash b/dockerrun.bash
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 nginx
-gunicorn -c "/src/deployment/wsgi/gunicorn.conf.py" audit.asgi:app
+poetry run gunicorn -c "/audit/deployment/wsgi/gunicorn.conf.py" audit.asgi:app