зеркало из https://github.com/mozilla/bedrock.git
147 строки
3.1 KiB
Docker
147 строки
3.1 KiB
Docker
########
|
|
# Python dependencies builder
|
|
#
|
|
FROM python:3.11-slim-bookworm AS python-builder
|
|
|
|
WORKDIR /app
|
|
ENV LANG=C.UTF-8
|
|
ENV PYTHONDONTWRITEBYTECODE=1
|
|
ENV PYTHONUNBUFFERED=1
|
|
ENV PATH="/venv/bin:$PATH"
|
|
|
|
COPY docker/bin/apt-install /usr/local/bin/
|
|
RUN apt-install gettext build-essential libxml2-dev libxslt1-dev libxslt1.1
|
|
RUN python -m venv /venv
|
|
|
|
COPY requirements/prod.txt ./requirements/
|
|
|
|
# Install Python deps
|
|
RUN pip install --require-hashes --no-cache-dir -r requirements/prod.txt
|
|
|
|
|
|
########
|
|
# assets builder and dev server
|
|
#
|
|
FROM node:20.8.0-slim AS assets
|
|
|
|
ENV PATH=/app/node_modules/.bin:$PATH
|
|
WORKDIR /app
|
|
|
|
# Required for required glean_parser dependencies
|
|
COPY docker/bin/apt-install /usr/local/bin/
|
|
RUN apt-install python3 python3-venv
|
|
RUN python3 -m venv /.venv
|
|
COPY --from=python-builder /venv /.venv
|
|
ENV PATH="/.venv/bin:$PATH"
|
|
|
|
# copy dependency definitions
|
|
COPY package.json package-lock.json ./
|
|
|
|
# install dependencies
|
|
RUN npm ci --verbose
|
|
|
|
# copy supporting files and media
|
|
COPY .eslintrc.js .eslintignore .stylelintrc .prettierrc.json .prettierignore webpack.config.js webpack.static.config.js ./
|
|
COPY ./media ./media
|
|
COPY ./tests/unit ./tests/unit
|
|
COPY ./glean ./glean
|
|
|
|
RUN npm run build --verbose
|
|
|
|
|
|
########
|
|
# django app container
|
|
#
|
|
FROM python:3.11-slim-bookworm AS app-base
|
|
|
|
# Extra python env
|
|
ENV PYTHONDONTWRITEBYTECODE=1
|
|
ENV PYTHONUNBUFFERED=1
|
|
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
|
|
ENV PATH="/venv/bin:$PATH"
|
|
|
|
# add non-priviledged user
|
|
RUN adduser --uid 1000 --disabled-password --gecos '' --no-create-home webdev
|
|
|
|
WORKDIR /app
|
|
EXPOSE 8000
|
|
CMD ["./bin/run.sh"]
|
|
|
|
COPY docker/bin/apt-install /usr/local/bin/
|
|
RUN apt-install gettext libxslt1.1 git curl
|
|
|
|
# copy in Python environment
|
|
COPY --from=python-builder /venv /venv
|
|
|
|
# changes infrequently
|
|
COPY docker/gitconfig /etc/
|
|
COPY ./bin ./bin
|
|
COPY ./etc ./etc
|
|
COPY ./lib ./lib
|
|
COPY ./root_files ./root_files
|
|
COPY ./scripts ./scripts
|
|
COPY ./wsgi ./wsgi
|
|
COPY manage.py LICENSE newrelic.ini contribute.json ./
|
|
|
|
# changes more frequently
|
|
COPY ./docker ./docker
|
|
COPY ./bedrock ./bedrock
|
|
COPY ./l10n ./l10n
|
|
COPY ./l10n-pocket ./l10n-pocket
|
|
COPY ./media ./media
|
|
|
|
|
|
########
|
|
# expanded webapp image for testing and dev
|
|
#
|
|
FROM app-base AS devapp
|
|
|
|
CMD ["./bin/run-tests.sh"]
|
|
|
|
RUN apt-install make sqlite3
|
|
COPY docker/bin/ssllabs-scan /usr/local/bin/ssllabs-scan
|
|
COPY requirements/* ./requirements/
|
|
RUN pip install --require-hashes --no-cache-dir -r requirements/dev.txt
|
|
RUN pip install --require-hashes --no-cache-dir -r requirements/docs.txt
|
|
COPY ./setup.cfg ./
|
|
COPY ./pyproject.toml ./
|
|
COPY ./.coveragerc ./
|
|
COPY ./tests ./tests
|
|
|
|
RUN bin/run-sync-all.sh
|
|
|
|
RUN chown webdev.webdev -R .
|
|
|
|
# for bpython
|
|
RUN mkdir /home/webdev/
|
|
RUN touch /home/webdev/.pythonhist
|
|
RUN chown -R webdev /home/webdev/
|
|
|
|
USER webdev
|
|
|
|
# build args
|
|
ARG GIT_SHA=latest
|
|
ENV GIT_SHA=${GIT_SHA}
|
|
|
|
|
|
########
|
|
# final image for deployment
|
|
#
|
|
FROM app-base AS release
|
|
|
|
RUN bin/run-sync-all.sh
|
|
|
|
COPY --from=assets /app/assets /app/assets
|
|
|
|
RUN honcho run --env docker/envfiles/prod.env docker/bin/build_staticfiles.sh
|
|
|
|
# Change User
|
|
RUN chown webdev.webdev -R .
|
|
USER webdev
|
|
|
|
# build args
|
|
ARG GIT_SHA=latest
|
|
ENV GIT_SHA=${GIT_SHA}
|
|
|
|
RUN echo "${GIT_SHA}" > ./root_files/revision.txt
|