-
-
Notifications
You must be signed in to change notification settings - Fork 54
/
Dockerfile
136 lines (107 loc) · 3.23 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# syntax=docker/dockerfile:1.6
# full semver just for python base image
ARG PYTHON_VERSION=3.11.4
FROM python:${PYTHON_VERSION}-slim-bullseye AS builder
# avoid stuck build due to user prompt
ARG DEBIAN_FRONTEND=noninteractive
# update apt repos and install dependencies
RUN apt -qq update && apt -qq install \
--no-install-recommends -y \
curl \
gcc \
libpq-dev \
python3-dev \
&& rm -rf /var/lib/apt/lists/*
# pip env vars
ENV PIP_NO_CACHE_DIR=off
ENV PIP_DISABLE_PIP_VERSION_CHECK=on
ENV PIP_DEFAULT_TIMEOUT=100
# poetry env vars
ENV POETRY_HOME="/opt/poetry"
ENV POETRY_VERSION=1.5.1
ENV POETRY_VIRTUALENVS_IN_PROJECT=true
ENV POETRY_NO_INTERACTION=1
# path
ENV VENV="/opt/venv"
ENV PATH="$POETRY_HOME/bin:$VENV/bin:$PATH"
COPY requirements.txt requirements.txt
RUN python -m venv $VENV \
&& . "${VENV}/bin/activate"\
&& python -m pip install "poetry==${POETRY_VERSION}" \
&& python -m pip install -r requirements.txt
FROM python:${PYTHON_VERSION}-slim-bullseye AS runner
# setup standard non-root user for use downstream
ENV USER_NAME=appuser
ENV USER_GROUP=appuser
ENV HOME="/home/${USER_NAME}"
ENV HOSTNAME="${HOST:-localhost}"
ENV VENV="/opt/venv"
ENV PATH="${VENV}/bin:${VENV}/lib/python${PYTHON_VERSION}/site-packages:/usr/local/bin:${HOME}/.local/bin:/bin:/usr/bin:/usr/share/doc:$PATH"
# standardise on locale, don't generate .pyc, enable tracebacks on seg faults
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
# workers per core
# https://github.com/tiangolo/uvicorn-gunicorn-fastapi-docker/blob/master/README.md#web_concurrency
ENV WEB_CONCURRENCY=2
# avoid stuck build due to user prompt
ARG DEBIAN_FRONTEND=noninteractive
# install dependencies
RUN apt -qq update && apt -qq install \
--no-install-recommends -y \
bat \
curl \
dpkg \
git \
iputils-ping \
lsof \
p7zip \
perl \
shellcheck \
tldr \
tree \
&& rm -rf /var/lib/apt/lists/*
RUN groupadd $USER_NAME \
&& useradd -m $USER_NAME -g $USER_GROUP
# create read/write dirs
RUN <<EOF
#!/usr/bin/env bash
mkdir -p /app/{certs,staticfiles}
chown -R "${USER_NAME}:${USER_GROUP}" /app/
EOF
USER $USER_NAME
WORKDIR $HOME
COPY --from=builder --chown=${USER_NAME}:${USER_GROUP} $VENV $VENV
# qol: tooling
RUN <<EOF
#!/usr/bin/env bash
# gh
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
apt update && apt install gh -y
apt remove dpkg -y
rm -rf /var/lib/apt/lists/*
# fzf
git clone --depth 1 https://github.com/junegunn/fzf.git ~/.fzf
yes | ~/.fzf/install
EOF
# qol: .bashrc
RUN tee -a $HOME/.bashrc <<EOF
# shared history
HISTFILE=/var/tmp/.bash_history
HISTFILESIZE=100
HISTSIZE=100
stty -ixon
[ -f ~/.fzf.bash ] && . ~/.fzf.bash
# aliases
alias ..='cd ../'
alias ...='cd ../../'
alias ll='ls -la --color=auto'
EOF
# $PATH
ENV PATH=$VENV_PATH/bin:$HOME/.local/bin:$PATH
# port needed by app
EXPOSE 8000
CMD ["sleep", "infinity"]