-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathDockerfile
102 lines (85 loc) · 2.44 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
FROM python:3.7.3-alpine3.9 AS builder
ARG CSP
RUN mkdir -p /install/.venv
WORKDIR /install
# Install basic Alpine packages
RUN apk update && \
apk --no-cache add \
build-base \
curl \
ca-certificates \
docker \
git \
gzip \
libffi \
libffi-dev \
libsass \
libsass-dev \
linux-headers \
nodejs \
openssh-client \
openssl \
openssl-dev \
pcre-dev \
postgresql-dev \
rsync \
sudo \
tar \
util-linux \
yarn
COPY . .
# Install app dependencies
RUN ./script/write_dotenv && \
pip install pipenv uwsgi && \
PIPENV_VENV_IN_PROJECT=1 pipenv sync && \
yarn install && \
cp -rf ./node_modules/uswds/src/fonts ./static/ && \
yarn build
## NEW IMAGE
FROM python:3.7.3-alpine3.9
### Very low chance of changing
###############################
# Overridable default config
ARG APP_DIR=/opt/atat/atst
# Environment variables
ENV APP_DIR "${APP_DIR}"
ENV TZ UTC
# Create application directory
RUN set -x ; \
mkdir -p ${APP_DIR}
# Set working dir
WORKDIR ${APP_DIR}
# Add group
RUN addgroup -g 8000 -S "atat" && \
adduser -u 8010 -D -S -G "atat" "atst"
# Install basic Alpine packages
RUN apk update && \
apk --no-cache add \
dumb-init \
postgresql-client \
postgresql-dev \
postgresql-libs \
uwsgi-logfile
COPY --from=builder /install/.venv/ ./.venv/
COPY --from=builder /install/alembic/ ./alembic/
COPY --from=builder /install/alembic.ini .
COPY --from=builder /install/app.py .
COPY --from=builder /install/atst/ ./atst/
COPY --from=builder /install/celery_worker.py ./celery_worker.py
COPY --from=builder /install/config/ ./config/
COPY --from=builder /install/templates/ ./templates/
COPY --from=builder /install/translations.yaml .
COPY --from=builder /install/script/seed_roles.py ./script/seed_roles.py
COPY --from=builder /install/script/sync-crls ./script/sync-crls
COPY --from=builder /install/static/ ./static/
COPY --from=builder /install/uwsgi.ini .
COPY --from=builder /usr/local/bin/uwsgi /usr/local/bin/uwsgi
# Use dumb-init for proper signal handling
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
# Default command is to launch the server
CMD ["uwsgi", "--ini", "uwsgi.ini"]
RUN mkdir /var/run/uwsgi && \
chown -R atst:atat /var/run/uwsgi && \
chown -R atst:atat "${APP_DIR}"
# Run as the unprivileged APP user
USER atst