Update docker config (#20)

* Update: Dockerfile $ docker-compose.yml

* Update dependencies

---------

Co-authored-by: mgur <mgur@pop-os.localdomain>

.dockerignore

@@ -9,6 +9,7 @@
 Dockerfile
 README.md
 docker-compose.yml
+compose.yaml
 **/.DS_Store
 **/venv
 **/env

Dockerfile

@@ -1,17 +1,45 @@
 # pull official base image
-FROM python:3.10.12-slim-bookworm
+FROM python:3.10.14-slim-bookworm
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
   curl \
   postgresql-client \
   && rm -rf /var/lib/apt/lists/*
 
+# Prevents Python from writing pyc files.
+ENV PYTHONDONTWRITEBYTECODE=1
 
-RUN useradd -r -s /bin/bash alex
+# Keeps Python from buffering stdout and stderr to avoid situations where
+# the application crashes without emitting any logs due to buffering.
+ENV PYTHONUNBUFFERED=1
 
-# set environment variables
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
+# Enable python stacktraces on segfaults
+ENV PYTHONFAULTHANDLER=1
+
+WORKDIR /src
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/go/dockerfile-user-best-practices/
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    appuser
+
+
+# Download dependencies as a separate step to take advantage of Docker's caching.
+# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
+# Leverage a bind mount to requirements.txt to avoid having to copy them into
+# into this layer.
+RUN --mount=type=cache,target=/root/.cache/pip \
+    --mount=type=bind,source=requirements.txt,target=requirements.txt \
+    python -m pip install -r requirements.txt
+
+# TODO: UV - https://github.com/djangopackages/djangopackages/blob/main/dockerfiles/django/Dockerfile-dev
 
 # set argument vars in docker-run command
 ARG AWS_ACCESS_KEY_ID
@@ -31,11 +59,11 @@ ARG APP_HOST
 ARG SENTRY_DSN
 
 # GUS
-ARG GUS_API_DEV 
+ARG GUS_API_DEV
 
 # API_VIDEO
-ARG API_VIDEO 
-ARG API_VIDEO_UPLOAD 
+ARG API_VIDEO
+ARG API_VIDEO_UPLOAD
 
 # AWS RDS vars
 ARG DB_USERNAME
@@ -73,7 +101,7 @@ ENV AWS_S3_SECRET_ACCESS_KEY $AWS_S3_SECRET_ACCESS_KEY
 ENV SENTRY_DSN $SENTRY_DSN
 ENV GUS_API_DEV $GUS_API_DEV
 ENV API_VIDEO $API_VIDEO
-ENV API_VIDEO_UPLOAD $API_VIDEO_UPLOAD 
+ENV API_VIDEO_UPLOAD $API_VIDEO_UPLOAD
 
 ENV EMAIL_LABS_APP_KEY $EMAIL_LABS_APP_KEY
 ENV EMAIL_LABS_SECRET_KEY $EMAIL_LABS_SECRET_KEY
@@ -93,31 +121,19 @@ ENV DB_HOST $DB_HOST
 ENV DB_PORT $DB_PORT
 ENV DB_DATABASE $DB_DATABASE
 
-COPY ./requirements.txt /requirements.txt
-
-RUN pip install --no-cache-dir --upgrade -r /requirements.txt
-# EXPOSE 80
+# Switch to the non-privileged user to run the application.
+USER appuser
 
 #USER alex
-COPY --chown=alex:alex ./commands /src/commands
-COPY --chown=alex:alex ./migrations /src/migrations
-COPY --chown=alex:alex ./alembic.ini /src/alembic.ini
-COPY --chown=alex:alex ./app /src/app
-COPY --chown=alex:alex ./tests/api_responses /src/tests/api_responses
-
+COPY --chown=appuser:appuser ./commands /src/commands
+COPY --chown=appuser:appuser ./migrations /src/migrations
+COPY --chown=appuser:appuser ./alembic.ini /src/alembic.ini
+COPY --chown=appuser:appuser ./app /src/app
+COPY --chown=appuser:appuser ./tests/api_responses /src/tests/api_responses
 
-WORKDIR /src
-
-# EXPOSE 80
+# Expose the port that the application listens on.
+EXPOSE 5000
 
-# ENTRYPOINT ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "5000" "--reload", "--debug"]
-# CMD uvicorn app.main:app --host 0.0.0.0 --port 5000 --reload --debug --reload-dir /src/app
-# CMD uvicorn app.main:app --host 0.0.0.0 --port 5000 
 CMD ["uvicorn", "app.main:app","--no-server-header","--no-proxy-headers", "--host", "0.0.0.0", "--port", "5000" ]
 
-# ENTRYPOINT ["gunicorn", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", ":5000", "app.main:app"]
-
-
-HEALTHCHECK --interval=21s --timeout=3s --start-period=10s CMD curl --fail http://localhost:5000/health || exit 1
-
-# EXPOSE 5432
+HEALTHCHECK --interval=21s --timeout=3s --start-period=10s CMD curl --fail http://localhost:5000/health || exit 1

app/storage/base.py

@@ -8,22 +8,19 @@ class BaseStorage(ABC):  # pragma: no cover
     if the name is the same or add a suffix to the filename."""
 
     @abstractmethod
-    def get_name(self, name: str) -> str:
-        ...
+    def get_name(self, name: str) -> str: ...
 
     # def get_path(self, name: str) -> str:
     #     ...
 
     @abstractmethod
-    def get_size(self, name: str) -> int:
-        ...
+    def get_size(self, name: str) -> int: ...
 
     # def open(self, name: str) -> BinaryIO:
     #     ...
 
     @abstractmethod
-    def write(self, file: BinaryIO, name: str) -> str:
-        ...
+    def write(self, file: BinaryIO, name: str) -> str: ...
 
     # def generate_new_filename(self, filename: str) -> str:
     #     ...

app/storage/s3.py

@@ -160,8 +160,6 @@ def write(self, file: BinaryIO, name: str) -> str:
         self._bucket.upload_fileobj(Fileobj=file, Key=name)  # , ExtraArgs={"ACL": self.AWS_DEFAULT_ACL}
         return key
 
-    def read(self):
-        ...
+    def read(self): ...
 
-    def remove_file(self):
-        ...
+    def remove_file(self): ...

compose.yaml

@@ -0,0 +1,32 @@
+services:
+  web:
+    build:
+      context: .
+      # dockerfile: ./Dockerfile
+      dockerfile: dev.Dockerfile
+      args:
+        - "UID=${UID:-1000}"
+    volumes:
+      - ./app:/src/app
+    ports:
+      - "5000:5000"
+      - "5678:5678"
+    env_file: ./app/.env
+    depends_on:
+      db:
+        condition: service_healthy # Disable this if you are using an external Postgres database
+  db:
+    image: postgres:15
+    healthcheck:
+      test: pg_isready -U postgres -h localhost
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    expose:
+      - 5432
+    ports:
+      - "5432:5432"
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_DB=pg_db

Dockerfile.dev → dev.Dockerfile

@@ -1,18 +1,45 @@
 # pull official base image
-FROM python:3.10.12-slim-bookworm
+FROM python:3.10.14-slim-bookworm
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
   curl \
   postgresql-client \
   && rm -rf /var/lib/apt/lists/*
 
+# Prevents Python from writing pyc files.
+ENV PYTHONDONTWRITEBYTECODE=1
 
-RUN useradd -r -s /bin/bash alex
+# Keeps Python from buffering stdout and stderr to avoid situations where
+# the application crashes without emitting any logs due to buffering.
+ENV PYTHONUNBUFFERED=1
 
-# set environment variables
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
-ENV PYTHONFAULTHANDLER 1
+# Enable python stacktraces on segfaults
+ENV PYTHONFAULTHANDLER=1
+
+WORKDIR /src
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/go/dockerfile-user-best-practices/
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    appuser
+
+
+# Download dependencies as a separate step to take advantage of Docker's caching.
+# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
+# Leverage a bind mount to requirements.txt to avoid having to copy them into
+# into this layer.
+RUN --mount=type=cache,target=/root/.cache/pip \
+    --mount=type=bind,source=requirements.txt,target=requirements.txt \
+    python -m pip install -r requirements.txt
+
+# TODO: UV - https://github.com/djangopackages/djangopackages/blob/main/dockerfiles/django/Dockerfile-dev
 
 # set argument vars in docker-run command
 ARG AWS_ACCESS_KEY_ID
@@ -32,11 +59,11 @@ ARG APP_HOST
 ARG SENTRY_DSN
 
 # GUS
-ARG GUS_API_DEV 
+ARG GUS_API_DEV
 
 # API_VIDEO
-ARG API_VIDEO 
-ARG API_VIDEO_UPLOAD 
+ARG API_VIDEO
+ARG API_VIDEO_UPLOAD
 
 # AWS RDS vars
 ARG DB_USERNAME
@@ -74,7 +101,7 @@ ENV AWS_S3_SECRET_ACCESS_KEY $AWS_S3_SECRET_ACCESS_KEY
 ENV SENTRY_DSN $SENTRY_DSN
 ENV GUS_API_DEV $GUS_API_DEV
 ENV API_VIDEO $API_VIDEO
-ENV API_VIDEO_UPLOAD $API_VIDEO_UPLOAD 
+ENV API_VIDEO_UPLOAD $API_VIDEO_UPLOAD
 
 ENV EMAIL_LABS_APP_KEY $EMAIL_LABS_APP_KEY
 ENV EMAIL_LABS_SECRET_KEY $EMAIL_LABS_SECRET_KEY
@@ -94,32 +121,19 @@ ENV DB_HOST $DB_HOST
 ENV DB_PORT $DB_PORT
 ENV DB_DATABASE $DB_DATABASE
 
-COPY ./requirements.txt /requirements.txt
-
-RUN pip install --no-cache-dir --upgrade -r /requirements.txt
-# EXPOSE 80
+# Switch to the non-privileged user to run the application.
+USER appuser
 
 #USER alex
-COPY --chown=alex:alex ./commands /src/commands
-COPY --chown=alex:alex ./migrations /src/migrations
-COPY --chown=alex:alex ./alembic.ini /src/alembic.ini
-COPY --chown=alex:alex ./app /src/app
-COPY --chown=alex:alex ./tests/api_responses /src/tests/api_responses
-
-
-WORKDIR /src
-
-
-
-# EXPOSE 80
-
-# ENTRYPOINT ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "5000" "--reload", "--debug"]
-CMD uvicorn app.main:app --host 0.0.0.0 --port 5000 --reload --reload-dir /src/app
-# CMD ["uvicorn", "app.main:app", "--proxy-headers", "--host", "0.0.0.0", "--port", "5000"]
-
-# ENTRYPOINT ["gunicorn", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", ":5000", "app.main:app"]
+COPY --chown=appuser:appuser ./commands /src/commands
+COPY --chown=appuser:appuser ./migrations /src/migrations
+COPY --chown=appuser:appuser ./alembic.ini /src/alembic.ini
+COPY --chown=appuser:appuser ./app /src/app
+COPY --chown=appuser:appuser ./tests/api_responses /src/tests/api_responses
 
+# Expose the port that the application listens on.
+EXPOSE 5000
 
-HEALTHCHECK --interval=21s --timeout=3s --start-period=10s CMD curl --fail http://localhost:5000/health || exit 1
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "5000", "--reload", "--reload-dir", "/src/app"]
 
-# EXPOSE 5432
+HEALTHCHECK --interval=21s --timeout=3s --start-period=10s CMD curl --fail http://localhost:5000/health || exit 1