-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
137 lines (109 loc) · 2.86 KB
/
Dockerfile
File metadata and controls
137 lines (109 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# hadolint global ignore=DL3008
FROM ghcr.io/astral-sh/uv:0.10.10@sha256:cbe0a44ba994e327b8fe7ed72beef1aaa7d2c4c795fd406d1dbf328bacb2f1c5 AS uv
##
# base
##
FROM debian:stable-slim@sha256:85dfcffff3c1e193877f143d05eaba8ae7f3f95cb0a32e0bc04a448077e1ac69 AS base
# set up user
ARG USER=user
ARG UID=1000
RUN useradd --create-home --shell /bin/false --uid ${UID} ${USER}
# set up environment
ARG APP_HOME=/work/app
ARG DEBIAN_FRONTEND=noninteractive
ARG VIRTUAL_ENV=${APP_HOME}/.venv
ENV PATH=${VIRTUAL_ENV}/bin:${PATH} \
PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
UV_LOCKED=1 \
UV_NO_SYNC=1 \
UV_PYTHON_DOWNLOADS=manual \
UV_PYTHON_INSTALL_DIR=/opt/python \
VIRTUAL_ENV=${VIRTUAL_ENV}
WORKDIR ${APP_HOME}
COPY <<-EOF /etc/apt/apt.conf.d/99-disable-recommends
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
EOF
RUN apt-get update && \
apt-get upgrade --yes && \
apt-get install --yes --no-install-recommends curl \
&& rm -rf /var/lib/apt/lists/*
##
# dev
##
FROM base AS dev
RUN apt-get update && \
apt-get install --yes --no-install-recommends build-essential \
&& rm -rf /var/lib/apt/lists/*
ARG PYTHONDONTWRITEBYTECODE=1
ARG UV_NO_CACHE=1
# set up python
COPY --from=uv /uv /uvx /bin/
COPY .python-version pyproject.toml uv.lock ./
RUN uv python install && \
uv sync --no-default-groups --no-install-project && \
chown -R "${USER}:${USER}" "${VIRTUAL_ENV}" && \
chown -R "${USER}:${USER}" "${APP_HOME}" && \
uv pip list
# set up project
COPY src src
RUN uv sync --no-default-groups
EXPOSE 8000
ARG ENVIRONMENT=dev
ENV ENVIRONMENT=${ENVIRONMENT}
USER ${USER}
CMD ["gunicorn", "-c", "python:example_app.gunicorn_conf", "--reload"]
##
# ci
##
FROM dev AS ci
USER root
RUN uv sync && \
uv pip list
COPY tests tests
COPY Makefile Makefile
USER ${USER}
RUN mkdir -p "${HOME}/.cache"
CMD ["make", "lint", "test"]
##
# compile
##
FROM dev AS compile
USER root
RUN apt-get update && \
apt-get install --yes --no-install-recommends \
binutils \
patchelf \
&& rm -rf /var/lib/apt/lists/*
RUN uv pip install --no-cache-dir scons~=4.9 && \
uv sync --group compile && \
uv pip list
COPY main.py main.py
RUN pyinstaller --hidden-import example_app.main --onefile main.py && \
staticx --strip dist/main /main
USER ${USER}
ENTRYPOINT [ "/dist/main" ]
##
# scratch
##
FROM scratch AS minimal
COPY --from=compile /tmp /tmp
COPY --from=compile /main /main
ENTRYPOINT [ "/main" ]
##
# prod
##
FROM base AS prod
# set up project
USER ${USER}
COPY --from=dev ${UV_PYTHON_INSTALL_DIR} ${UV_PYTHON_INSTALL_DIR}
COPY --from=dev ${VIRTUAL_ENV} ${VIRTUAL_ENV}
COPY --from=dev ${APP_HOME} ${APP_HOME}
EXPOSE 8000
ARG ENVIRONMENT=prod
ENV ENVIRONMENT=${ENVIRONMENT}
CMD ["gunicorn", "-c", "python:example_app.gunicorn_conf"]
HEALTHCHECK CMD ["curl", "-f", "http://localhost/"]