-
Notifications
You must be signed in to change notification settings - Fork 8
/
Dockerfile
141 lines (111 loc) · 3.53 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
ARG BASE_IMAGE_BUILD=nvidia/cuda:12.2.2-cudnn8-devel-ubuntu22.04
ARG BASE_IMAGE_RUN=nvidia/cuda:12.2.2-cudnn8-runtime-ubuntu22.04
## Base Image
FROM ${BASE_IMAGE_BUILD} AS builder
RUN \
apt-get update && \
apt-get install -y apt-transport-https ca-certificates gnupg git
COPY docker/rootfs/ /
RUN \
apt-dpkg-wrap apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F23C5A6CF475977595C89F51BA6932366A755776 && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y build-essential libcurl4-openssl-dev python3.11 python3.11-venv && \
apt-cleanup
COPY requirements.txt /app/
WORKDIR /app
ENV PIP_DISABLE_PIP_VERSION_CHECK=on
RUN \
python3.11 -m venv .venv && \
. .venv/bin/activate && \
pip install -vvv -r requirements.txt
## Build ffmpeg
FROM ${BASE_IMAGE_RUN} AS ffmpeg_install
COPY docker/rootfs/ /
# ffmpeg build dependencies
RUN \
apt-dpkg-wrap apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F23C5A6CF475977595C89F51BA6932366A755776 && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y \
autoconf \
automake \
build-essential \
cmake \
libopus-dev \
libopus0 \
libtool \
pkg-config \
texinfo \
wget \
yasm \
zlib1g \
zlib1g-dev && \
apt-cleanup
# Build ffmpeg6 (required for pytorch which only supports ffmpeg < v7)
RUN \
mkdir -p /opt/ffmpeg && \
cd /opt/ && \
wget -q https://www.ffmpeg.org/releases/ffmpeg-6.1.2.tar.gz && \
tar -xzf ffmpeg-6.1.2.tar.gz -C /opt/ffmpeg --strip-components 1 && \
rm ffmpeg-6.1.2.tar.gz && \
cd /opt/ffmpeg/ && \
./configure \
--enable-shared \
--enable-gpl \
--enable-libopus && \
make && \
make install && \
ldconfig
RUN \
apt-dpkg-wrap apt-get autoremove -y \
autoconf \
automake \
build-essential \
cmake \
libopus-dev \
libtool \
pkg-config \
texinfo \
wget \
yasm \
zlib1g-dev
## Production Image
FROM ffmpeg_install
RUN \
apt-get update && \
apt-get install -y apt-transport-https ca-certificates gnupg
COPY docker/rootfs/ /
COPY --chown=jitsi:jitsi docker/run-skynet.sh /opt/
RUN \
apt-dpkg-wrap apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F23C5A6CF475977595C89F51BA6932366A755776 && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y python3.11 python3.11-venv tini libgomp1 strace gdb && \
apt-cleanup
# Principle of least privilege: create a new user for running the application
RUN \
groupadd -g 1001 jitsi && \
useradd -r -u 1001 -g jitsi jitsi
# Copy virtual environment
COPY --chown=jitsi:jitsi --from=builder /app/.venv /app/.venv
# Copy application files
COPY --chown=jitsi:jitsi /skynet /app/skynet/
ENV \
# https://docs.python.org/3/using/cmdline.html#envvar-PYTHONUNBUFFERED
PYTHONUNBUFFERED=1 \
# https://docs.python.org/3/using/cmdline.html#envvar-PYTHONDONTWRITEBYTECODE
PYTHONDONTWRITEBYTECODE=1 \
PYTHONPATH=/app \
OUTLINES_CACHE_DIR=/app/vllm/outlines \
VLLM_CONFIG_ROOT=/app/vllm/config \
HF_HOME=/app/hf \
LLAMA_PATH="/models/Llama-3.1-8B-Instruct-Q8_0.gguf"
VOLUME [ "/models" ]
WORKDIR ${PYTHONPATH}
RUN chown jitsi:jitsi ${PYTHONPATH}
# Document the exposed port
EXPOSE 8000
# Use the unprivileged user to run the application
USER 1001
# Use tini as our PID 1
ENTRYPOINT ["/usr/bin/tini", "--"]
# Run Skynet
CMD ["/opt/run-skynet.sh"]