fix(build): content-type fails when deployed within internal network …

…controls (#128) * chore(build): remove tox files from container * refactor(build): move ml training to container build time * feat(build): add static file settings and uvicorn/gunicorn to dep list * feat(build): add nginx service/config to app container * chore(build): workaround to trigger pr container build for testing * feat(conf): autogenerate secret key on app startup * prevents having to hardcode value in docker-compose, value will now be unique to each deployment * feat(build): add building of custom Nginx container * allows embedding of configuration to simplify end user usability * Add CI trigger for new container * Add Dockerfile for new container (Dockerfile.nginx) * Update docker-compose.yml to build locally if images not available upstream * chore(docs): Update docs to always point to latest release * Reformat README a bit for readability * Update Makefile to build new nginx container * fix(ci): dumb typo fix * chore(ci): revert container build trigger to release * chore(ci): cleanup inconsistent spacing in yml * chore(build): use native gunicorn (removed uvicorn worker) * simplified runtime by using gunicorn worker, no async code so no app impact (removed uvicorn from deps) * added protocol scheme (http/https) to forwarded headers for nginx
center-for-threat-informed-defense · Jan 25, 2022 · 37f2846 · 37f2846
1 parent 7e009d8
commit 37f2846
Show file tree

Hide file tree

Showing 11 changed files with 321 additions and 199 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -3,3 +3,4 @@
 .github
 venv
 .venv
+.tox
diff --git a/.github/workflows/build-push-container.yml b/.github/workflows/build-push-container.yml
@@ -24,19 +24,37 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
+      - name: Extract metadata (tags, labels) - TRAM image
+        id: meta_tram
         uses: docker/metadata-action@v3
         with:
           images: |
             ghcr.io/${{ github.repository }}
           labels: |
             org.opencontainers.image.url=https://ctid.mitre-engenuity.org/our-work/tram/
 
-      - name: Build and push Docker images
+      - name: Build and push TRAM application container image
         uses: docker/build-push-action@v2
         with:
           context: .
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta_tram.outputs.tags }}
+          labels: ${{ steps.meta_tram.outputs.labels }}
+
+      - name: Extract metadata (tags, labels) - nginx image
+        id: meta_nginx
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}-nginx
+          labels: |
+            org.opencontainers.image.url=https://ctid.mitre-engenuity.org/our-work/tram/
+
+      - name: Build and push Nginx TRAM container image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: docker/Dockerfile.nginx
+          push: true
+          tags: ${{ steps.meta_nginx.outputs.tags }}
+          labels: ${{ steps.meta_nginx.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -43,6 +43,9 @@ ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 \
 # flush all output immediately
 ENV PYTHONUNBUFFERED 1
 
+# extend python path to tram import path
+ENV PYTHONPATH=/tram/src/tram:${PYTHONPATH}
+
 WORKDIR /tram
 
 #COPY ./src src
@@ -57,6 +60,17 @@ RUN  --mount=type=cache,target=/root/.cache \
     python3 -m nltk.downloader punkt && \
     python3 -m nltk.downloader wordnet
 
+# Generate and Run Django migrations scripts, collectstatic app files
+RUN python3 /tram/src/tram/manage.py makemigrations tram && \
+    python3 /tram/src/tram/manage.py migrate && \
+    python3 /tram/src/tram/manage.py collectstatic
+
+# run ml training
+RUN python3 /tram/src/tram/manage.py attackdata load && \
+    python3 /tram/src/tram/manage.py pipeline load-training-data && \
+    python3 /tram/src/tram/manage.py pipeline train --model nb && \
+    python3 /tram/src/tram/manage.py pipeline train --model logreg
+
 EXPOSE 8000
 
 ENTRYPOINT [ "/tram/entrypoint.sh" ]
diff --git a/Makefile b/Makefile
@@ -50,6 +50,8 @@ pre-commit-run-all: venv .git/hooks/pre-commit ## Run pre-commit manually on all
 .PHONY: build-container
 build-container: venv ## Build container image
 	docker build -t $(APP_NAME):dev -t $(APP_NAME):$(TIMESTAMP)_$(GIT_HASH) -f Dockerfile . --label "org.opencontainers.image.revision=$(GIT_HASH)"
+	docker build -t $(APP_NAME)-nginx:dev -t $(APP_NAME)-nginx:$(TIMESTAMP)_$(GIT_HASH) -f docker/Dockerfile.nginx . --label "org.opencontainers.image.revision=$(GIT_HASH)"
+
 
 .PHONY: start-container
 start-container: ## Start container via docker-compose, runs ctidorg/tram:latest image by default
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,4 @@ @@
     .github
     venv
     .venv
+    .tox