forked from FLawrence/tna-omega-ui-prototypes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
131 lines (102 loc) · 5.46 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# (Keep the version in sync with the node install below)
FROM node:16 as frontend
# Make build & post-install scripts behave as if we were in a CI environment (e.g. for logging verbosity purposes).
ARG CI=true
# Install front-end dependencies.
COPY package.json package-lock.json .babelrc.js webpack.config.js ./
RUN npm ci --no-optional --no-audit --progress=false
# Compile static files
COPY ./tnaomegauiprototypes/static_src/ ./tnaomegauiprototypes/static_src/
RUN npm run build:prod
# We use Debian images because they are considered more stable than the alpine
# ones becase they use a different C compiler. Debian images also come with
# all useful packages required for image manipulation out of the box. They
# however weight a lot, approx. up to 1.5GiB per built image.
FROM python:3.8 as production
ARG POETRY_HOME=/opt/poetry
ARG POETRY_INSTALL_ARGS="--no-dev"
# IMPORTANT: Remember to review both of these when upgrading
ARG POETRY_VERSION=1.1.8
# To get this value locally:
# $ wget https://raw.githubusercontent.com/python-poetry/poetry/1.1.8/get-poetry.py
# $ sha1sum get-poetry.py
ARG POETRY_INSTALLER_SHA=eedf0fe5a31e5bb899efa581cbe4df59af02ea5f
# Install dependencies in a virtualenv
ENV VIRTUAL_ENV=/venv
RUN useradd tnaomegauiprototypes --create-home && mkdir /app $VIRTUAL_ENV && chown -R tnaomegauiprototypes /app $VIRTUAL_ENV
WORKDIR /app
# Set default environment variables. They are used at build time and runtime.
# If you specify your own environment variables on Heroku or Dokku, they will
# override the ones set here. The ones below serve as sane defaults only.
# * PATH - Make sure that Poetry is on the PATH, along with our venv
# * PYTHONUNBUFFERED - This is useful so Python does not hold any messages
# from being output.
# https://docs.python.org/3.8/using/cmdline.html#envvar-PYTHONUNBUFFERED
# https://docs.python.org/3.8/using/cmdline.html#cmdoption-u
# * DJANGO_SETTINGS_MODULE - default settings used in the container.
# * PORT - default port used. Please match with EXPOSE so it works on Dokku.
# Heroku will ignore EXPOSE and only set PORT variable. PORT variable is
# read/used by Gunicorn.
# * WEB_CONCURRENCY - number of workers used by Gunicorn. The variable is
# read by Gunicorn.
# * GUNICORN_CMD_ARGS - additional arguments to be passed to Gunicorn. This
# variable is read by Gunicorn
ENV PATH=${POETRY_HOME}/bin:$VIRTUAL_ENV/bin:$PATH \
POETRY_INSTALL_ARGS=${POETRY_INSTALL_ARGS} \
PYTHONUNBUFFERED=1 \
DJANGO_SETTINGS_MODULE=tnaomegauiprototypes.settings.production \
PORT=8000 \
WEB_CONCURRENCY=3 \
GUNICORN_CMD_ARGS="-c gunicorn-conf.py --max-requests 1200 --max-requests-jitter 50 --access-logfile - --timeout 25"
# Make $BUILD_ENV available at runtime
ARG BUILD_ENV
ENV BUILD_ENV=${BUILD_ENV}
# Port exposed by this container. Should default to the port used by your WSGI
# server (Gunicorn). This is read by Dokku only. Heroku will ignore this.
EXPOSE 8000
# Install poetry using the installer (keeps Poetry's dependencies isolated from the app's)
# chown protects us against cases where files downloaded by poetry have invalid ownership
# (see https://git.torchbox.com/internal/wagtail-kit/-/merge_requests/682)
# chmod ensures poetry dependencies are accessible when packages are installed
RUN wget https://raw.githubusercontent.com/python-poetry/poetry/${POETRY_VERSION}/get-poetry.py && \
echo "${POETRY_INSTALLER_SHA} get-poetry.py" | sha1sum -c - && \
python get-poetry.py && \
rm get-poetry.py && \
chown -R root:root ${POETRY_HOME} && \
chmod -R 0755 ${POETRY_HOME}
# Don't use the root user as it's an anti-pattern and Heroku does not run
# containers as root either.
# https://devcenter.heroku.com/articles/container-registry-and-runtime#dockerfile-commands-and-runtime
USER tnaomegauiprototypes
# Install your app's Python requirements.
RUN python -m venv $VIRTUAL_ENV
COPY --chown=tnaomegauiprototypes pyproject.toml poetry.lock ./
RUN pip install --upgrade pip && poetry install ${POETRY_INSTALL_ARGS} --no-root --extras gunicorn
COPY --chown=tnaomegauiprototypes --from=frontend ./tnaomegauiprototypes/static_compiled ./tnaomegauiprototypes/static_compiled
# Copy application code.
COPY --chown=tnaomegauiprototypes . .
# Run poetry install again to install our project (so the the tnaomegauiprototypes package is always importable)
RUN poetry install ${POETRY_INSTALL_ARGS}
# Collect static. This command will move static files from application
# directories and "static_compiled" folder to the main static directory that
# will be served by the WSGI server.
RUN SECRET_KEY=none python manage.py collectstatic --noinput --clear
# Load shortcuts
COPY ./docker/bashrc.sh /home/tnaomegauiprototypes/.bashrc
# Run the WSGI server. It reads GUNICORN_CMD_ARGS, PORT and WEB_CONCURRENCY
# environment variable hence we don't specify a lot options below.
CMD gunicorn tnaomegauiprototypes.wsgi:application
# These steps won't be run on production
FROM production as dev
# Swap user, so the following tasks can be run as root
USER root
# Install node (Keep the version in sync with the node container above)
RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
# Install `psql`, useful for `manage.py dbshell`
RUN apt-get install -y postgresql-client
# Restore user
USER tnaomegauiprototypes
# Pull in the node modules for the frontend
COPY --chown=tnaomegauiprototypes --from=frontend ./node_modules ./node_modules
# do nothing forever - exec commands elsewhere
CMD tail -f /dev/null