syncmaster/docker/Dockerfile.worker at ec8721d80559d31e0dbbffcee8f406bbaff13e9b · MTSWebServices/syncmaster · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
ARG PYTHON_VERSION=3.13
FROM python:$PYTHON_VERSION-slim AS base

RUN apt-get update && apt-get install -y --no-install-recommends \
        openjdk-17-jdk-headless \
        # required for HDFS/Hive with Kerberos enabled
        krb5-user \
    && rm -rf /var/lib/apt/lists/* /var/cache/*

WORKDIR /app
ENV PYTHONPATH=/app \
    PATH="/app/.venv/bin:$PATH" \
    POETRY_VIRTUALENVS_IN_PROJECT=1 \
    POETRY_VIRTUALENVS_CREATE=1

COPY ./docker/entrypoint_worker.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["--loglevel=info"]


FROM base AS builder

RUN apt-get update && apt-get install -y --no-install-recommends \
        autoconf \
        gcc \
        make \
        # required to build gssapi from sources
        libkrb5-dev \
    && rm -rf /var/lib/apt/lists/* /var/cache/*

RUN --mount=type=cache,target=/root/.cache/pip \
    pip install poetry

COPY ./pyproject.toml ./poetry.lock ./
RUN --mount=type=cache,target=/root/.cache/pypoetry \
    poetry install \
        --no-root \
        --extras "worker" \
        --without test,docs,dev \
    && python -m compileall -j 4 .venv


FROM base AS prod

# We don't need poetry and compilers in final image
COPY --from=builder /app/.venv/ /app/.venv/
COPY ./syncmaster/ /app/syncmaster/
RUN python -m compileall syncmaster

# Do not run production as root, to improve security.
# Also user does not own anything inside the image, including venv and source code.
RUN useradd syncmaster
USER syncmaster


FROM builder AS test

RUN --mount=type=cache,target=/root/.cache/pypoetry \
    poetry install \
        --no-root \
        # CI runs tests in the worker container,
        # so we need server & scheduler dependencies too
        --all-extras \
        --with test \
        --without docs,dev \
    && python -m compileall -j 4 .venv

ENV SYNCMASTER__WORKER__CREATE_SPARK_SESSION_FUNCTION=tests.spark.get_worker_spark_session

# Collect coverage from worker
RUN sed -i 's/python -m/coverage run -m/g' /app/entrypoint.sh

# Replace kinit binary with dummy, to skip Kerberos interaction in tests
RUN mkdir -p /app/.local/bin && \
    echo "#!/bin/bash" > /app/.local/bin/kinit \
    && chmod +x /app/.local/bin/kinit
ENV PATH="/app/.local/bin:$PATH"