Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
kitsune/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
115 lines (89 sloc)
3.04 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ####################### | |
| # Common dependencies # | |
| ####################### | |
| FROM python:3.11-bullseye AS base | |
| WORKDIR /app | |
| EXPOSE 8000 | |
| ENV LANG=C.UTF-8 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 \ | |
| PATH="/venv/bin:$PATH" \ | |
| POETRY_VERSION=1.3.2 \ | |
| PIP_VERSION=23.0 | |
| RUN useradd -d /app -M --uid 1000 --shell /usr/sbin/nologin kitsune | |
| RUN set -xe \ | |
| && apt-get update && apt-get install apt-transport-https \ | |
| && curl -sL https://deb.nodesource.com/setup_lts.x | bash - \ | |
| && apt-get update \ | |
| && apt-get install -y --no-install-recommends \ | |
| gettext build-essential \ | |
| libxml2-dev libxslt1-dev zlib1g-dev git \ | |
| libjpeg-dev libffi-dev libssl-dev libxslt1.1 \ | |
| libmariadb3 mariadb-client \ | |
| optipng nodejs zip \ | |
| # python | |
| && python -m venv /venv \ | |
| && pip install --upgrade pip==${PIP_VERSION} \ | |
| && pip install --upgrade poetry==${POETRY_VERSION} \ | |
| && poetry config virtualenvs.create false \ | |
| # clean up | |
| && rm -rf /var/lib/apt/lists/* | |
| COPY pyproject.toml poetry.lock ./ | |
| RUN poetry install | |
| ######################### | |
| # Frontend dependencies # | |
| ######################### | |
| FROM base AS base-frontend | |
| COPY package*.json ./ | |
| RUN npm run install-prod | |
| COPY . . | |
| RUN cp .env-build .env && \ | |
| npm run webpack:build:prod | |
| ################# | |
| # Testing image # | |
| ################# | |
| FROM base-frontend AS test | |
| RUN cp .env-test .env && \ | |
| ./scripts/l10n-fetch-lint-compile.sh && \ | |
| ./manage.py compilejsi18n && \ | |
| npm run webpack:build:pre-render && \ | |
| ./manage.py collectstatic --noinput | |
| ########################## | |
| # Production dependences # | |
| ########################## | |
| FROM base-frontend AS prod-deps | |
| RUN ./scripts/l10n-fetch-lint-compile.sh && \ | |
| find ./locale ! -name '*.mo' -type f -delete && \ | |
| ./manage.py compilejsi18n && \ | |
| # minify jsi18n files: | |
| find jsi18n/ -name "*.js" -exec sh -c 'npx terser "$1" -o "${1%.js}-min.js"' sh {} \; && \ | |
| npm run webpack:build:pre-render && \ | |
| ./manage.py collectstatic --noinput | |
| RUN poetry install --no-dev | |
| ########################## | |
| # Clean production image # | |
| ########################## | |
| FROM python:3.11-slim-bullseye AS prod | |
| WORKDIR /app | |
| EXPOSE 8000 | |
| ENV PATH="/venv/bin:$PATH" \ | |
| LANG=C.UTF-8 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 | |
| RUN groupadd --gid 1000 kitsune && useradd -g kitsune --uid 1000 --shell /usr/sbin/nologin kitsune | |
| COPY --from=prod-deps --chown=kitsune:kitsune /venv /venv | |
| COPY --from=prod-deps --chown=kitsune:kitsune /app/locale /app/locale | |
| COPY --from=prod-deps --chown=kitsune:kitsune /app/static /app/static | |
| COPY --from=prod-deps --chown=kitsune:kitsune /app/dist /app/dist | |
| COPY --chown=kitsune:kitsune . . | |
| # apt-get after copying everything to ensure we're always getting the latest packages in the prod image | |
| RUN apt-get update && \ | |
| apt-get upgrade -y && \ | |
| apt-get install -y --no-install-recommends \ | |
| libmariadb3 optipng mariadb-client \ | |
| libxslt1.1 && \ | |
| rm -rf /var/lib/apt/lists/* | |
| RUN mkdir /app/media && chown kitsune:kitsune /app/media | |
| USER kitsune | |
| ARG GIT_SHA=head | |
| ENV GIT_SHA ${GIT_SHA} |