kitsune/Dockerfile

################################
# Frontend dependencies builder
#
FROM node:12 AS frontend-base

WORKDIR /app
COPY ["./package.json", "./package-lock.json", "prepare_django_assets.js", "/app/"]
COPY ./kitsune/sumo/static/sumo /app/kitsune/sumo/static/sumo
RUN npm run production

################################
# Python dependencies builder
#
FROM python:3.9-buster AS base

WORKDIR /app
EXPOSE 8000

ARG PIP_DEFAULT_TIMEOUT=60
ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/venv/bin:$PATH"

RUN python -m venv /venv
RUN mkdir /vendor
RUN pip install --upgrade "pip==20.2.4"
RUN useradd -d /app -M --uid 1000 --shell /usr/sbin/nologin kitsune

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    gettext build-essential \
    libxml2-dev libxslt1-dev zlib1g-dev git \
    libjpeg-dev libffi-dev libssl-dev libxslt1.1 \
    libmariadb3 mariadb-client && \
    rm -rf /var/lib/apt/lists/*

COPY ./requirements/*.txt /app/requirements/

RUN pip install --no-cache-dir --require-hashes -r requirements/default.txt && \
    pip install --no-cache-dir --require-hashes -r requirements/dev.txt && \
    pip install --no-cache-dir --require-hashes --no-deps -t /vendor -r requirements/es7.txt

ARG GIT_SHA=head
ENV GIT_SHA=${GIT_SHA}


################################
# Developer image
#
FROM base AS base-dev
RUN apt-get update && apt-get install apt-transport-https && \
    curl -sL https://deb.nodesource.com/setup_12.x | bash -
RUN apt-get update && apt-get install -y --no-install-recommends optipng nodejs zip && \
    rm -rf /var/lib/apt/lists/*


################################
# Fetch locales
#
FROM python:3.9-buster AS locales

WORKDIR /app

RUN apt-get update && \
    apt-get install -y --no-install-recommends  gettext

ENV PATH="/venv/bin:$PATH"

COPY --from=base /venv /venv

COPY . .

ARG LOCALE_ENV=master
ENV LOCALE_ENV=${LOCALE_ENV}
RUN ./docker/bin/fetch-l10n-files.sh
RUN ./scripts/compile-linted-mo.sh && \
    find ./locale ! -name '*.mo' -type f -delete

ARG GIT_SHA=head
ENV GIT_SHA ${GIT_SHA}


################################
# Staticfiles builder
#
FROM base-dev AS staticfiles

COPY --from=frontend-base --chown=kitsune:kitsune /app/assets /app/assets
COPY --from=frontend-base --chown=kitsune:kitsune /app/node_modules /app/node_modules
COPY --from=locales /app/locale /app/locale

COPY . .

RUN cp .env-build .env && \
    ./manage.py nunjucks_precompile && \
    ./manage.py compilejsi18n && \
    # minify jsi18n files:
    find jsi18n/ -name "*.js" -exec sh -c 'npx uglifyjs "$1" -o "${1%.js}-min.js"' sh {} \; && \
    ./manage.py collectstatic --noinput && \
    npx svgo -r -f static


################################
# Full prod image sans locales
#
FROM python:3.9-slim-buster AS full-no-locales

WORKDIR /app

EXPOSE 8000

ENV PATH="/venv/bin:$PATH"
ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    libmariadb3 optipng mariadb-client \
    libxslt1.1 && \
    rm -rf /var/lib/apt/lists/*

RUN groupadd --gid 1000 kitsune && useradd -g kitsune --uid 1000 --shell /usr/sbin/nologin kitsune

COPY --from=base --chown=kitsune:kitsune /venv /venv
COPY --from=base --chown=kitsune:kitsune /vendor /vendor
COPY --from=staticfiles --chown=kitsune:kitsune /app/static /app/static

COPY --chown=kitsune:kitsune . .

RUN mkdir /app/media && chown kitsune:kitsune /app/media

USER kitsune

ARG GIT_SHA=head
ENV GIT_SHA ${GIT_SHA}


################################
# Full final prod image
#
FROM full-no-locales AS full

USER root
COPY --from=locales --chown=kitsune:kitsune /app/locale /app/locale
USER kitsune