-
Notifications
You must be signed in to change notification settings - Fork 739
/
Dockerfile
114 lines (88 loc) · 3 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#######################
# Common dependencies #
#######################
FROM python:3.11-bookworm AS base
WORKDIR /app
EXPOSE 8000
ENV LANG=C.UTF-8 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH="/venv/bin:$PATH" \
POETRY_VERSION=1.6.1 \
PIP_VERSION=23.2.1
RUN useradd -d /app -M --uid 1000 --shell /bin/bash kitsune
RUN set -xe \
&& apt-get update && apt-get install apt-transport-https \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
gettext build-essential \
libxml2-dev libxslt1-dev zlib1g-dev git \
libjpeg-dev libffi-dev libssl-dev libxslt1.1 \
optipng postgresql zip \
# python
&& python -m venv /venv \
&& pip install --upgrade pip==${PIP_VERSION} \
&& pip install --upgrade poetry==${POETRY_VERSION} \
&& poetry config virtualenvs.create false \
# clean up
&& rm -rf /var/lib/apt/lists/*
COPY ./scripts/install_nodejs.sh ./
COPY pyproject.toml poetry.lock ./
RUN ./install_nodejs.sh && rm ./install_nodejs.sh
RUN poetry install
#########################
# Frontend dependencies #
#########################
FROM base AS base-frontend
COPY package*.json ./
RUN npm run install-prod
COPY . .
RUN cp .env-build .env && \
npm run webpack:build:prod
#################
# Testing image #
#################
FROM base-frontend AS test
RUN cp .env-test .env && \
./scripts/l10n-fetch-lint-compile.sh && \
./manage.py compilejsi18n && \
npm run webpack:build:pre-render && \
./manage.py collectstatic --noinput
##########################
# Production dependences #
##########################
FROM base-frontend AS prod-deps
RUN ./scripts/l10n-fetch-lint-compile.sh && \
find ./locale ! -name '*.mo' -type f -delete && \
./manage.py compilejsi18n && \
# minify jsi18n files:
find jsi18n/ -name "*.js" -exec sh -c 'npx terser "$1" -o "${1%.js}-min.js"' sh {} \; && \
npm run webpack:build:pre-render && \
./manage.py collectstatic --noinput
RUN poetry install --no-dev
##########################
# Clean production image #
##########################
FROM python:3.11-slim-bookworm AS prod
WORKDIR /app
EXPOSE 8000
ENV PATH="/venv/bin:$PATH" \
LANG=C.UTF-8 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
RUN groupadd --gid 1000 kitsune && useradd -g kitsune --uid 1000 --shell /usr/sbin/nologin kitsune
COPY --from=prod-deps --chown=kitsune:kitsune /venv /venv
COPY --from=prod-deps --chown=kitsune:kitsune /app/locale /app/locale
COPY --from=prod-deps --chown=kitsune:kitsune /app/static /app/static
COPY --from=prod-deps --chown=kitsune:kitsune /app/dist /app/dist
COPY --chown=kitsune:kitsune . .
# apt-get after copying everything to ensure we're always getting the latest packages in the prod image
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends \
libxslt1.1 optipng postgresql && \
rm -rf /var/lib/apt/lists/*
RUN mkdir /app/media && chown kitsune:kitsune /app/media
USER kitsune
ARG GIT_SHA=head
ENV GIT_SHA ${GIT_SHA}