forked from dgnorth/drift-base
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
86 lines (63 loc) · 2.76 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
ARG PYTHON_VERSION=3.11.8
ARG BASE_IMAGE=bullseye
FROM python:${PYTHON_VERSION}-slim-${BASE_IMAGE} AS builder
RUN set -ex \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /build
ENV PYTHONUNBUFFERED=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
PIP_NO_CACHE_DIR=1
ENV PYTHONUSERBASE=/root/.app
ENV POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_IN_PROJECT=1 \
POETRY_VIRTUALENVS_CREATE=1 \
POETRY_CACHE_DIR=/tmp/.poetry
RUN python -m pip install --upgrade pip
ENV PATH=/root/.app/bin:/root/.local/bin:$PATH
RUN pip install pipx
RUN pipx install poetry
RUN pipx inject poetry poetry-plugin-export
RUN pip install --user --ignore-installed --no-warn-script-location gunicorn
COPY pyproject.toml poetry.lock ./
# The credentials for pip/pipenv are supplied via a Docker secret which we mount and source so that commands
# can access them as environment variables.
# Pipenv will ignore qualifying system packages during install, so we need to route through pip to ensure everything
# really ends up in our /root/.local folder where we want it to be
RUN --mount=type=secret,id=pip-credentials \
export $(grep -v '^#' /run/secrets/pip-credentials | xargs) \
&& poetry export --without dev --without-hashes -o requirements.in.txt
# Once we have our requirements.txt, we install everything the user folder defined above with PYTHONUSERBASE
RUN --mount=type=secret,id=pip-credentials --mount=type=cache,target=/root/.cache \
export $(grep -v '^#' /run/secrets/pip-credentials | xargs) \
&& sed -e 's!https://nexus!https://\${PYPI_USERNAME}:\${PYPI_PASSWORD}@nexus!' -e 's/--extra-index-url/-i/' requirements.in.txt >requirements.txt \
&& pip install --user --ignore-installed --no-warn-script-location -r requirements.txt
FROM python:${PYTHON_VERSION}-slim-${BASE_IMAGE} AS app
LABEL Maintainer="Directive Games <info@directivegames.com>"
ENV PYTHONUNBUFFERED=1
RUN set -ex \
&& addgroup --gid 1000 gunicorn && useradd -ms /bin/bash gunicorn -g gunicorn \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --chown=gunicorn:gunicorn --from=builder /root/.app/ /home/gunicorn/.local/
COPY . .
ARG VERSION
ARG BUILD_TIMESTAMP
ARG COMMIT_SHA
ARG GIT_REPO_URL
LABEL AppVersion="${VERSION}"
LABEL CommitHash="${COMMIT_SHA}"
ENV DD_GIT_REPOSITORY_URL=${GIT_REPO_URL}
ENV DD_GIT_COMMIT_SHA=${COMMIT_SHA}
# For runtime consumption
RUN echo '{"version": "'${VERSION}'", "build_timestamp": "'${BUILD_TIMESTAMP}'", "commit_hash": "'${COMMIT_SHA}'"}' > .build_info
USER gunicorn
ENV PATH=/home/gunicorn/.local/bin:$PATH
CMD ["gunicorn", "--config", "./config/gunicorn.conf.py"]