зеркало из https://github.com/mozilla/kitsune.git
116 строки
3.0 KiB
Docker
116 строки
3.0 KiB
Docker
#######################
|
|
# Common dependencies #
|
|
#######################
|
|
FROM python:3.11-bullseye AS base
|
|
|
|
WORKDIR /app
|
|
EXPOSE 8000
|
|
|
|
ENV LANG=C.UTF-8 \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1 \
|
|
PATH="/venv/bin:$PATH" \
|
|
POETRY_VERSION=1.3.2 \
|
|
PIP_VERSION=23.0
|
|
|
|
RUN useradd -d /app -M --uid 1000 --shell /usr/sbin/nologin kitsune
|
|
|
|
RUN set -xe \
|
|
&& apt-get update && apt-get install apt-transport-https \
|
|
&& curl -sL https://deb.nodesource.com/setup_lts.x | bash - \
|
|
&& apt-get update \
|
|
&& apt-get install -y --no-install-recommends \
|
|
gettext build-essential \
|
|
libxml2-dev libxslt1-dev zlib1g-dev git \
|
|
libjpeg-dev libffi-dev libssl-dev libxslt1.1 \
|
|
libmariadb3 mariadb-client \
|
|
optipng nodejs zip \
|
|
# python
|
|
&& python -m venv /venv \
|
|
&& pip install --upgrade pip==${PIP_VERSION} \
|
|
&& pip install --upgrade poetry==${POETRY_VERSION} \
|
|
&& poetry config virtualenvs.create false \
|
|
# clean up
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY pyproject.toml poetry.lock ./
|
|
RUN poetry install
|
|
|
|
#########################
|
|
# Frontend dependencies #
|
|
#########################
|
|
FROM base AS base-frontend
|
|
|
|
COPY package*.json ./
|
|
RUN npm run install-prod
|
|
|
|
COPY . .
|
|
RUN cp .env-build .env && \
|
|
npm run webpack:build:prod
|
|
|
|
|
|
#################
|
|
# Testing image #
|
|
#################
|
|
FROM base-frontend AS test
|
|
|
|
RUN cp .env-test .env && \
|
|
./scripts/l10n-fetch-lint-compile.sh && \
|
|
./manage.py compilejsi18n && \
|
|
npm run webpack:build:pre-render && \
|
|
./manage.py collectstatic --noinput
|
|
|
|
|
|
##########################
|
|
# Production dependences #
|
|
##########################
|
|
FROM base-frontend AS prod-deps
|
|
|
|
RUN ./scripts/l10n-fetch-lint-compile.sh && \
|
|
find ./locale ! -name '*.mo' -type f -delete && \
|
|
./manage.py compilejsi18n && \
|
|
# minify jsi18n files:
|
|
find jsi18n/ -name "*.js" -exec sh -c 'npx terser "$1" -o "${1%.js}-min.js"' sh {} \; && \
|
|
npm run webpack:build:pre-render && \
|
|
./manage.py collectstatic --noinput
|
|
RUN poetry install --no-dev
|
|
|
|
|
|
##########################
|
|
# Clean production image #
|
|
##########################
|
|
FROM python:3.11-slim-bullseye AS prod
|
|
|
|
WORKDIR /app
|
|
|
|
EXPOSE 8000
|
|
|
|
ENV PATH="/venv/bin:$PATH" \
|
|
LANG=C.UTF-8 \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1
|
|
|
|
RUN groupadd --gid 1000 kitsune && useradd -g kitsune --uid 1000 --shell /usr/sbin/nologin kitsune
|
|
|
|
COPY --from=prod-deps --chown=kitsune:kitsune /venv /venv
|
|
COPY --from=prod-deps --chown=kitsune:kitsune /app/locale /app/locale
|
|
COPY --from=prod-deps --chown=kitsune:kitsune /app/static /app/static
|
|
COPY --from=prod-deps --chown=kitsune:kitsune /app/dist /app/dist
|
|
|
|
COPY --chown=kitsune:kitsune . .
|
|
|
|
# apt-get after copying everything to ensure we're always getting the latest packages in the prod image
|
|
RUN apt-get update && \
|
|
apt-get upgrade -y && \
|
|
apt-get install -y --no-install-recommends \
|
|
libmariadb3 optipng mariadb-client \
|
|
libxslt1.1 && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN mkdir /app/media && chown kitsune:kitsune /app/media
|
|
|
|
USER kitsune
|
|
|
|
ARG GIT_SHA=head
|
|
ENV GIT_SHA ${GIT_SHA}
|