forked from peeringdb/peeringdb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
182 lines (141 loc) · 4.4 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
ARG python_version=3.12
ARG build_deps=" \
build-essential \
ca-certificates \
git \
pkg-config \
python3-setuptools \
python${python_version}-dev \
libfreetype6-dev \
libjpeg-turbo8-dev \
linux-headers-generic \
libmariadb-dev \
libffi-dev \
curl \
rustc \
cargo \
"
ARG run_deps=" \
python${python_version} \
libpython${python_version} \
libpcre3 \
libxml2 \
libfreetype6 \
fonts-freefont-ttf \
gettext \
libjpeg-turbo8 \
graphviz \
libmariadb3 \
libgcc-s1 \
"
FROM ubuntu:24.04 AS base
ARG virtual_env=/srv/www.peeringdb.com/venv
ARG python_version
ENV VIRTUAL_ENV="$virtual_env"
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Silence uv complaining about not being able to use hard links,
ENV UV_LINK_MODE=copy
# tell uv to byte-compile packages for faster application startups,
ENV UV_COMPILE_BYTECODE=1
# prevent uv from accidentally downloading isolated Python builds,
ENV UV_PYTHON_DOWNLOADS=never
# set python version
ENV UV_PYTHON=python${python_version}
# declare venv as the target for `uv sync`
ENV UV_PROJECT_ENVIRONMENT=$VIRTUAL_ENV
# base docker file from https://hynek.me/articles/docker-uv/
FROM base AS builder
ARG python_version
ARG build_deps
### Start Build Prep.
### This should be a separate build container for better reuse.
RUN apt-get update -qy \
&& apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
$build_deps
COPY --from=ghcr.io/astral-sh/uv:0.5 /uv /usr/local/bin/uv
WORKDIR /srv/www.peeringdb.com
# Since there's no point in shipping lock files, we move them
# into a directory that is NOT copied into the runtime image.
# The trailing slash makes COPY create `/_lock/` automagically.
# keep the lock with the image in case we are debugging
COPY uv.lock pyproject.toml ./
RUN uv venv $virtual_env
# Synchronize DEPENDENCIES without the application itself.
# This layer is cached until uv.lock or pyproject.toml change.
# You can create `/app` using `uv venv` in a separate `RUN`
# step to have it cached, but with uv it's so fast, it's not worth
# it, so we let `uv sync` create it for us automagically.
RUN --mount=type=cache,target=/root/.cache \
uv sync --locked --no-dev --no-install-project
COPY . /src
RUN cd /src && uv sync --locked --no-dev --no-editable
#### final image here
FROM base as final
ARG run_deps
ARG uid=996
# extra settings file if needed
ARG ADD_SETTINGS_FILE=mainsite/settings/dev.py
# setup pdb user
RUN groupadd -r pdb \
&& useradd -r -u $uid -g pdb -N pdb
ENTRYPOINT ["/entrypoint"]
# See <https://hynek.me/articles/docker-signals/>.
STOPSIGNAL SIGINT
RUN apt-get update -qy \
&& apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
$run_deps \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /srv/www.peeringdb.com
RUN mkdir -p api-cache etc locale media static var/log
COPY --from=builder "$VIRTUAL_ENV" "$VIRTUAL_ENV"
COPY Ctl/docker/django-uwsgi.ini etc/
COPY manage.py .
COPY Ctl/VERSION etc
COPY Ctl/docker/entrypoint.sh ./
COPY docs/ docs
COPY mainsite/ mainsite
COPY $ADD_SETTINGS_FILE mainsite/settings/
COPY src/peeringdb_server/ peeringdb_server
COPY fixtures/ fixtures
COPY .coveragerc .coveragerc
RUN mkdir coverage \
&& ln -s srv/www.peeringdb.com/entrypoint.sh /entrypoint
COPY scripts/manage /usr/bin/
COPY --from=builder /usr/local/bin/uv /usr/bin/uv
COPY --from=builder /srv/www.peeringdb.com/uv.lock uv.lock
COPY --from=builder /srv/www.peeringdb.com/pyproject.toml pyproject.toml
RUN SECRET_KEY=no manage collectstatic --no-input
RUN chown -R pdb:pdb api-cache locale media var/log coverage
USER pdb
ENTRYPOINT ["/entrypoint"]
CMD ["runserver"]
#### test image here
FROM final as tester
ARG build_deps
USER root
WORKDIR /srv/www.peeringdb.com
COPY tests/ tests
RUN chown -R pdb:pdb tests/
# install dev deps
RUN apt-get update -qy \
&& apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
$build_deps \
&& apt-get clean \
&& uv sync --locked --dev --no-install-project \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Same as final entrypoint for running in dev mode
USER pdb
#### entry point from final image, not tester
FROM final
USER pdb
# smoke test
RUN python -V \
&& python -Im site \
&& python -c 'import peeringdb_server'