generated from FAIRmat-NFDI/nomad-distro-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
161 lines (123 loc) · 4.15 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# syntax=docker/dockerfile:1
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
ARG PYTHON_VERSION=3.12
FROM python:${PYTHON_VERSION}-slim AS base
# Secrets
ARG CLIENT_ID
ARG CLIENT_SECRET
ARG KEYCLOAK_USER
ARG KEYCLOAK_PASSWORD
ENV CLIENT_ID=${CLIENT_ID}
ENV CLIENT_SECRET=${CLIENT_SECRET}
ENV KEYCLOAK_USER=${KEYCLOAK_USER}
ENV KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
ENV VIRTUAL_ENV=/opt/venv \
PATH="/opt/venv/bin:$PATH" \
UV_LINK_MODE=copy \
UV_PROJECT_ENVIRONMENT=/opt/venv
# Final stage to create the runnable image with minimal size
FROM base AS base_final
WORKDIR /app
RUN apt-get update \
&& apt-get install --yes --quiet --no-install-recommends \
libgomp1 \
libmagic1 \
curl \
zip \
unzip \
nodejs \
npm \
&& npm install -g configurable-http-proxy@^4.2.0 \
# clean cache and logs
&& rm -rf /var/lib/apt/lists/* /var/log/* /var/tmp/* ~/.npm
# Activate the virtualenv in the container
# See here for more information:
# https://pythonspeed.com/articles/multi-stage-docker-python/
ENV PATH="/opt/venv/bin:$PATH"
# Create a non-privileged user that the frenrug will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=1000
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
nomad
FROM base AS builder
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
ENV RUNTIME=docker
WORKDIR /app
RUN apt-get update \
&& apt-get install --yes --quiet --no-install-recommends \
libgomp1 \
libmagic1 \
file \
gcc \
build-essential \
curl \
zip \
unzip \
git \
&& rm -rf /var/lib/apt/lists/*
# Create a non-privileged user that the frenrug will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=1000
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
nomad
# Install UV
COPY --from=ghcr.io/astral-sh/uv:0.4 /uv /bin/uv
RUN --mount=type=cache,target=/root/.cache/uv \
--mount=type=bind,source=uv.lock,target=uv.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
uv sync --extra plugins --frozen --no-install-project
COPY scripts ./scripts
FROM base_final AS final
COPY --chown=nomad:1000 --from=builder /opt/venv /opt/venv
COPY --chown=nomad:1000 scripts/run.sh .
COPY --chown=nomad:1000 scripts/run-worker.sh .
COPY configs/nomad.yaml nomad.yaml
RUN mkdir -p /app/.volumes/fs \
&& chown -R nomad:1000 /app \
&& chown -R nomad:1000 /opt/venv \
&& mkdir nomad \
&& cp /opt/venv/lib/python3.12/site-packages/nomad/jupyterhub_config.py nomad/
USER nomad
# The application ports
EXPOSE 8000
EXPOSE 9000
VOLUME /app/.volumes/fs
FROM jupyter/datascience-notebook:lab-3.6.2 AS jupyter
# Fix: https://github.com/hadolint/hadolint/wiki/DL4006
# Fix: https://github.com/koalaman/shellcheck/wiki/SC3014
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
USER root
RUN apt-get update \
&& apt-get install --yes --quiet --no-install-recommends \
libmagic1 \
# clean cache and logs
&& rm -rf /var/lib/apt/lists/* /var/log/* /var/tmp/* ~/.npm
# Switch back to jovyan to avoid accidental container runs as root
USER ${NB_UID}
WORKDIR "${HOME}"
COPY --from=ghcr.io/astral-sh/uv:0.4 /uv /bin/uv
RUN --mount=type=cache,target=/root/.cache/uv \
--mount=type=bind,source=uv.lock,target=uv.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
uv export --extra plugins --extra jupyter | uv pip install -r /dev/stdin --system
# Get rid ot the following message when you open a terminal in jupyterlab:
# groups: cannot find name for group ID 11320
RUN touch ${HOME}/.hushlogin