forked from WeblateOrg/docker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
128 lines (108 loc) · 5.14 KB
/
Dockerfile
File metadata and controls
128 lines (108 loc) · 5.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
FROM weblate/dev:2025.39.0@sha256:2172ed1a31d0240afcc1d0c7dd45ba38e6bc5aaf7c65068d43b968cc05326df5 AS build
ARG TARGETARCH
# renovate: datasource=pypi depName=Weblate versioning=pep440
ENV WEBLATE_VERSION=5.13.3
ENV WEBLATE_EXTRAS=all,MySQL,zxcvbn,saml
SHELL ["/bin/bash", "-o", "pipefail", "-x", "-c"]
COPY --link requirements.txt patches /app/src/
# Install dependencies
# hadolint ignore=DL3008,DL3013,SC2046,DL3003,SC1091
RUN \
--mount=type=tmpfs,target=/tmp \
--mount=type=cache,target=/.uv-cache,sharing=locked \
export UV_CACHE_DIR=/.uv-cache UV_LINK_MODE=copy \
&& uv venv --python "python${PYVERSION}" /app/venv \
&& . /app/venv/bin/activate \
&& uv --version \
&& python --version \
&& case "$WEBLATE_VERSION" in \
*+* ) \
uv pip install \
--compile-bytecode \
--no-binary xmlsec \
--no-binary lxml \
-r /app/src/requirements.txt \
"https://github.com/python-social-auth/social-core/archive/master.zip" \
"https://github.com/MilthmLang/translate/archive/master.zip" \
"https://github.com/WeblateOrg/language-data/archive/main.zip" \
"https://github.com/ParaParty/paraparty_social_core/archive/master.zip" \
"https://github.com/MorizeroDev/milkloud_social_core/archive/master.zip" \
"https://github.com/MilthmLang/weblate/archive/$WEBLATE_DOCKER_GIT_REVISION.zip#egg=Weblate[$WEBLATE_EXTRAS]" \
;; \
* ) \
uv pip install \
--compile-bytecode \
--no-binary xmlsec \
--no-binary lxml \
-r /app/src/requirements.txt \
"Weblate[$WEBLATE_EXTRAS]==$WEBLATE_VERSION" \
;; \
esac \
&& rm -rf /app/venv/lib/python*/site-packages/slapdtest \
&& uv cache prune --ci \
&& du -sh "$UV_CACHE_DIR" \
&& /app/venv/bin/python -c 'from phply.phpparse import make_parser; make_parser()' \
&& ln -s /app/venv/share/weblate/examples/ /app/
# Apply hotfixes on Weblate
RUN find /app/src -name '*.patch' -print0 | sort -z | \
xargs -n1 -0 -r patch -p0 -d "/app/venv/lib/python${PYVERSION}/site-packages/" -i
FROM weblate/base:2025.39.0@sha256:8498d7afb2adf5b044b5562dc1f7b203c929628a8b50e2d86ce9988e63bea8fa AS final
# renovate: datasource=pypi depName=Weblate versioning=pep440
ENV WEBLATE_VERSION=5.13.3
LABEL name="Weblate"
LABEL version=$WEBLATE_VERSION
LABEL maintainer="Michal Čihař <michal@cihar.com>"
LABEL org.opencontainers.image.url="https://weblate.org/"
LABEL org.opencontainers.image.documentation="https://docs.weblate.org/en/latest/admin/install/docker.html"
LABEL org.opencontainers.image.source="https://github.com/WeblateOrg/docker"
LABEL org.opencontainers.image.version=$WEBLATE_VERSION
LABEL org.opencontainers.image.author="Michal Čihař <michal@weblate.org>"
LABEL org.opencontainers.image.vendor="Weblate"
LABEL org.opencontainers.image.title="Weblate"
LABEL org.opencontainers.image.description="A web-based continuous localization system with tight version control integration"
LABEL org.opencontainers.image.licenses="GPL-3.0-or-later"
# Increased start period for migrations run
HEALTHCHECK --interval=30s --timeout=3s --start-period=5m CMD /app/bin/health_check
# Use Docker specific settings
ENV DJANGO_SETTINGS_MODULE=weblate.settings_docker
# Copy built environment
COPY --from=build /app /app
# Configuration for Weblate, nginx and supervisor
COPY --link etc /etc/
# Customize Python:
# - Search path for custom modules
RUN \
echo "/app/data/python" > "/app/venv/lib/python${PYVERSION}/site-packages/weblate-docker.pth" && \
mkdir -p /app/data/python/customize && \
touch /app/data/python/customize/__init__.py && \
touch /app/data/python/customize/models.py && \
chown -R weblate:weblate /app/data/python
# Fix permissions and adjust files to be able to edit them as user on start
# - localtime is needed for setting system timezone based on environment
# - timezone is removed to avoid dpkg handling localtime updates
# - we generate nginx configuration based on environment
# - autorize passwd edition so we can fix weblate uid on startup
# - log, run and home directories
# - disable su for non root to avoid privilege escapation by chaging /etc/passwd
RUN rm -f /etc/localtime /etc/timezone \
&& ln -s /tmp/localtime /etc/localtime \
&& chgrp -R 0 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home/weblate /etc/supervisor/conf.d \
&& chmod -R 770 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home /home/weblate /etc/supervisor/conf.d \
&& rm -f /etc/nginx/sites-available/default \
&& ln -s /tmp/nginx/weblate-site.conf /etc/nginx/sites-available/default \
&& rm -f /var/log/nginx/access.log /var/log/nginx/error.log \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& rm -rf /run/* \
&& chmod 664 /etc/passwd /etc/group \
&& sed -i '/pam_rootok.so/a auth requisite pam_deny.so' /etc/pam.d/su
# Entrypoint
COPY --link --chmod=0755 start health_check /app/bin/
EXPOSE 8080
VOLUME /app/data
VOLUME /app/cache
# Numerical value is needed for OpenShift S2I, see
# https://docs.openshift.com/container-platform/latest/openshift_images/create-images.html
USER 1000
ENTRYPOINT ["/app/bin/start"]
CMD ["runserver"]