-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile.server
More file actions
76 lines (57 loc) · 2.39 KB
/
Dockerfile.server
File metadata and controls
76 lines (57 loc) · 2.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
ARG PYTHON_VERSION=3.13
FROM python:$PYTHON_VERSION-slim-bookworm AS base
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
# Used for healthcheck
curl \
&& rm -rf /var/lib/apt/lists/* /var/cache/*
WORKDIR /app
ENV PYTHONPATH=/app \
PATH="/app/.venv/bin:$PATH" \
POETRY_VIRTUALENVS_IN_PROJECT=1 \
POETRY_VIRTUALENVS_CREATE=1
# add this when logo will be ready
COPY ./docs/_static/*.svg ./syncmaster/server/static/
# Swagger UI
ADD https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui-bundle.js https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui.css \
/app/syncmaster/server/static/swagger/
# Redoc
ADD https://cdn.jsdelivr.net/npm/redoc@latest/bundles/redoc.standalone.js /app/syncmaster/server/static/redoc/redoc.standalone.js
ENV SYNCMASTER__SERVER__OPENAPI__SWAGGER__JS_URL=/static/swagger/swagger-ui-bundle.js \
SYNCMASTER__SERVER__OPENAPI__SWAGGER__CSS_URL=/static/swagger/swagger-ui.css \
SYNCMASTER__SERVER__OPENAPI__REDOC__JS_URL=/static/redoc/redoc.standalone.js \
SYNCMASTER__SERVER__STATIC_FILES__DIRECTORY=/app/syncmaster/server/static
COPY ./docker/entrypoint_server.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh \
&& chmod +r -R /app/syncmaster/server/static
ENTRYPOINT ["/app/entrypoint.sh"]
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["curl", "-f", "http://localhost:8000/monitoring/ping"]
FROM base AS builder
RUN --mount=type=cache,target=/root/.cache/pip \
pip install poetry
COPY ./pyproject.toml ./poetry.lock* ./
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install \
--no-root \
--extras "server" \
--without test,docs,dev \
&& python -m compileall -j 4 .venv
FROM base AS prod
# We don't need poetry in final image
COPY --from=builder /app/.venv/ /app/.venv/
COPY ./syncmaster/ /app/syncmaster/
RUN python -m compileall -b syncmaster
# Do not run production as root, to improve security.
# Also user does not own anything inside the image, including venv and source code.
RUN useradd syncmaster
USER syncmaster
FROM builder AS test
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install \
--no-root \
--extras "server" \
--with test \
--without docs,dev \
&& python -m compileall -j 4 .venv
RUN sed -i 's/python -m/coverage run -m/g' /app/entrypoint.sh