-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
121 lines (90 loc) · 2.5 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# =====================
# BASE IMAGE
# =====================
FROM python:3.13-slim-bullseye AS base
COPY --chmod=0644 <<"EOF" /etc/apt/apt.conf
APT::Get::Assume-Yes "true";
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::Sandbox::User "root";
EOF
ENV PYTHONFAULTHANDLER=1 \
PYTHONHASHSEED=random \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_DEFAULT_TIMEOUT=100 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
PIP_NO_CACHE_DIR=1 \
PIP_ROOT_USER_ACTION=ignore \
WORKDIR_PATH="/tekst"
# =====================
# BUILDER
# =====================
FROM base AS builder
ENV POETRY_VERSION=1.2.2 \
POETRY_HOME="/opt/poetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
POETRY_NO_INTERACTION=1 \
PATH="/root/.local/bin:$PATH"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN python3 -m pip install pipx && \
pipx install poetry==$POETRY_VERSION
WORKDIR "$WORKDIR_PATH"
COPY ./poetry.lock* ./pyproject.toml ./
RUN poetry run pip install --upgrade \
pip \
setuptools \
wheel
# export dependencies as requirements.txt
RUN poetry export \
--without dev \
--without-hashes \
--without-urls \
--format requirements.txt \
--output requirements.txt
# build wheels for dependencies
RUN poetry run pip wheel \
--requirement requirements.txt \
--wheel-dir deps
# copy app source and build wheel
COPY tekst/ tekst/
COPY README.md LICENSE ./
RUN poetry build --format wheel
# ==============
# PROD APP IMAGE
# ==============
FROM base AS prod
ENV FASTAPI_ENV=production
# install needed OS packages
RUN apt-get update && \
apt-get install curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
WORKDIR "$WORKDIR_PATH"
# copy app and dependencies
COPY --from=builder "$WORKDIR_PATH"/deps/ deps/
COPY --from=builder "$WORKDIR_PATH"/dist/ dist/
# install app and dependencies
RUN python3 -m pip install \
--no-index \
--find-links deps \
dist/*.whl
# cleanup
RUN rm -rf dist deps
# install uvicorn ASGI workers and gunicorn WSGI server
RUN python3 -m pip install \
"uvicorn[standard]==0.32.0" \
"gunicorn==23.0.0"
HEALTHCHECK \
--interval=2m \
--timeout=5s \
--retries=3 \
--start-period=30s \
CMD curl http://localhost:8000/status || exit 1
RUN groupadd -g 1000 tekst && \
useradd -m -u 1000 -g tekst tekst
COPY ./deployment/gunicorn/gunicorn_conf.py ./
COPY ./deployment/entrypoint.sh /
USER tekst
EXPOSE 8000
ENTRYPOINT ["/entrypoint.sh"]