Update Dockerfile to support non amd64 builds (gcc build), enable arm64

.github/workflows/bandit.yml

@@ -1,6 +1,19 @@
 name: Security vulnerability scan
 
-on: [push, pull_request]
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+
 
 jobs:
   lint:

.github/workflows/black.yml

@@ -1,6 +1,19 @@
 name: Code format lint
 
-on: [push, pull_request]
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+
 
 jobs:
   lint:

.github/workflows/docker_publish.yml

@@ -11,6 +11,11 @@ on:
     branches:
       - 'main'
       - 'develop'
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
 
 jobs:
   docker:
@@ -19,6 +24,13 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
       -
         name: Docker meta
         id: meta
@@ -42,6 +54,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/pytest.yml

@@ -1,6 +1,19 @@
 name: Test
 
-on: [push, pull_request]
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - '.env*'
+
 
 jobs:
   test:

Dockerfile

@@ -1,27 +1,55 @@
-FROM docker.io/python:3.9-slim-buster
+FROM docker.io/python:3.9-slim-bullseye AS compile
 
+ENV PYTHONFAULTHANDLER=1 \
+    PYTHONHASHSEED=random \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_DEFAULT_TIMEOUT=100 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PIP_NO_CACHE_DIR=1 \
+    LANG=C.UTF-8 \
+    PATH="/root/.local/bin/:${PATH}"
+
+COPY pyproject.toml poetry.lock ./
+
+RUN apt-get update \
+    && apt-get -y upgrade \
+    && apt-get -y install --no-install-recommends gcc python3.9-dev \
+    && pip install --user pip-autoremove poetry \
+    && poetry config virtualenvs.in-project true \
+    && poetry install --no-root --no-dev --no-interaction --no-ansi \
+    && pip-autoremove -y pip-autoremove poetry \
+    && apt-get clean  \
+    && rm -rf /var/lib/apt/lists/*
+
+
+
+FROM docker.io/python:3.9-slim-bullseye AS app
 
 ENV PYTHONFAULTHANDLER=1 \
     PYTHONHASHSEED=random \
+    PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \
     PIP_DEFAULT_TIMEOUT=100 \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
-    PIP_NO_CACHE_DIR=1
+    PIP_NO_CACHE_DIR=1 \
+    LANG=C.UTF-8
+
+COPY install-packages.sh .
+RUN ./install-packages.sh
 
 RUN useradd --create-home podping
+COPY --from=compile --chown=podping:podping /.venv /home/podping/.venv
 WORKDIR /home/podping
 USER podping
 # podping and poetry commands install here from pip
-ENV PATH="/home/podping/.local/bin/:${PATH}"
-
-COPY --chown=podping:podping pyproject.toml poetry.lock ./
-# Install dependencies only first for caching
-RUN pip install --quiet poetry && poetry config virtualenvs.create false
-RUN poetry install --no-root --no-dev --quiet --no-interaction --no-ansi
+ENV PATH="/home/podping/.venv/bin:/home/podping/.local/bin/:${PATH}"
 
 COPY --chown=podping:podping . .
-RUN poetry install --no-dev --quiet --no-interaction --no-ansi \
-    && pip uninstall --yes --quiet poetry
+RUN pip install --user pip-autoremove poetry \
+    && poetry config virtualenvs.in-project true \
+    && poetry install --no-dev --no-interaction --no-ansi \
+    && pip-autoremove -y pip-autoremove poetry
 
 EXPOSE 9999/tcp
 

install-packages.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Bash "strict mode", to help catch problems and bugs in the shell
+# script. Every bash script you write should include this. See
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/ for
+# details.
+set -euo pipefail
+
+# Tell apt-get we're never going to be able to give manual
+# feedback:
+export DEBIAN_FRONTEND=noninteractive
+
+# Update the package listing, so we know what package exist:
+apt-get update
+
+# Install security updates:
+apt-get -y upgrade
+
+# Install a new package, without unnecessary recommended packages:
+#apt-get -y install --no-install-recommends gcc
+
+# Delete cached files we don't need anymore (note that if you're
+# using official Docker images for Debian or Ubuntu, this happens
+# automatically, you don't need to do it yourself):
+apt-get clean
+# Delete index files we don't need anymore:
+rm -rf /var/lib/apt/lists/*