-
Notifications
You must be signed in to change notification settings - Fork 9
/
Dockerfile
39 lines (33 loc) · 1.45 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# syntax=docker/dockerfile:1
# It's important that this is Debian 12 to match the distroless image.
FROM debian:12-slim AS build
RUN --mount=type=cache,target=/var/lib/apt/lists \
--mount=type=cache,target=/var/cache/apt \
rm -f /etc/apt/apt.conf.d/docker-clean \
&& apt-get update \
&& apt-get install --no-install-recommends --yes python3-venv git
# Don't write .pyc bytecode files. These speed up imports when the program is
# loaded. There's no point doing that in a container where they'll never be
# persisted across restarts.
ENV PYTHONDONTWRITEBYTECODE=true
# Use Hatch to build a wheel. The build stage must do this in a venv because
# Debian doesn't have a hatch package, and it won't let you install one globally
# using pip.
WORKDIR /build
RUN --mount=target=. \
--mount=type=cache,target=/root/.cache/pip \
python3 -m venv /venv/build \
&& /venv/build/bin/pip install hatch \
&& /venv/build/bin/hatch build -t wheel /whl
# Create a fresh venv and install only the function wheel into it.
RUN --mount=type=cache,target=/root/.cache/pip \
python3 -m venv /venv/fn \
&& /venv/fn/bin/pip install /whl/*.whl
# Copy the function venv to our runtime stage. It's important that the path be
# the same as in the build stage, to avoid shebang paths and symlinks breaking.
FROM gcr.io/distroless/python3-debian12 AS image
WORKDIR /
COPY --from=build /venv/fn /venv/fn
EXPOSE 9443
USER nonroot:nonroot
ENTRYPOINT ["/venv/fn/bin/function"]