Mercurial > p > roundup > code

comparison scripts/Docker/Dockerfile @ 6994:4336e655b2be

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update packages in docker image; supress pip warning; improve cache use apk to update packages in image to get security fixes pip warns when run as root. In a dcker environment this can be ignored as the entire image is effectively a venv. Move inclusion of specific pip packages lower in the build procedure so we can cache all prior layers. Including it earlier resulted in layers that could be cached being invalidated.
author John Rouillard <rouilj@ieee.org>
date Sat, 01 Oct 2022 23:40:48 -0400
parents a24ec63759f6
children 60ea33643a01
comparison
equal deleted inserted replaced
6993:570bdfad078d 6994:4336e655b2be
23 # Inherit global values https://github.com/moby/moby/issues/37345 23 # Inherit global values https://github.com/moby/moby/issues/37345
24 ARG appdir 24 ARG appdir
25 25
26 WORKDIR $appdir 26 WORKDIR $appdir
27 27
28 # Update to get security and other improvements;
29 RUN apk --update-cache upgrade
30
28 # Add packages needed to compile mysql, pgsql and other python modules. 31 # Add packages needed to compile mysql, pgsql and other python modules.
29 # Can't use apk to add them as that installs a 3.9 python version. 32 # Can't use apk to add them as that installs a 3.9 python version.
30 # g++ installs cc1plus needed by pip install 33 # g++ installs cc1plus needed by pip install
31 RUN apk add \ 34 RUN apk add \
32 g++ \ 35 g++ \
44 # build xapian bindings: 47 # build xapian bindings:
45 # file with sphinx build dependencies to remove after build 48 # file with sphinx build dependencies to remove after build
46 # they are over 70MB of space. 49 # they are over 70MB of space.
47 COPY scripts/Docker/sphinxdeps.txt . 50 COPY scripts/Docker/sphinxdeps.txt .
48 51
52 # suppress warning when running pip as root
53 ENV PIP_ROOT_USER_ACTION=ignore
54
49 RUN set -xv && CWD=$PWD && \ 55 RUN set -xv && CWD=$PWD && \
50 VER=$(apk list -I 'xapian-core-dev' | \ 56 VER=$(apk list -I 'xapian-core-dev' | \
51 sed 's/^xapian-core-dev-\([0-9.]*\)-.*/\1/') && \ 57 sed 's/^xapian-core-dev-\([0-9.]*\)-.*/\1/') && \
52 cd /tmp && \ 58 cd /tmp && \
53 wget https://oligarchy.co.uk/xapian/$VER/xapian-bindings-$VER.tar.xz && \ 59 wget https://oligarchy.co.uk/xapian/$VER/xapian-bindings-$VER.tar.xz && \
62 # add requirements for pip here, e.g. Whoosh, gpg, zstd or other 68 # add requirements for pip here, e.g. Whoosh, gpg, zstd or other
63 # modules not installed in the base library. 69 # modules not installed in the base library.
64 # ignore warnings from pip to use virtualenv 70 # ignore warnings from pip to use virtualenv
65 COPY scripts/Docker/requirements.txt . 71 COPY scripts/Docker/requirements.txt .
66 RUN pip install --no-cache-dir -r requirements.txt 72 RUN pip install --no-cache-dir -r requirements.txt
67
68 # Allow user to add more modules during build
69 ARG pip_mod
70 RUN if [ -n "$pip_mod" ]; then pip install --no-cache-dir ${pip_mod}; fi
71 73
72 # copy the elements of the release directory to the docker image 74 # copy the elements of the release directory to the docker image
73 COPY setup.py install/ 75 COPY setup.py install/
74 COPY doc install/doc/ 76 COPY doc install/doc/
75 COPY frontends install/frontends/ 77 COPY frontends install/frontends/
92 --use-feature=in-tree-build . ; fi; \ 94 --use-feature=in-tree-build . ; fi; \
93 if [ "$source" = "pypi" ]; then pip install roundup; \ 95 if [ "$source" = "pypi" ]; then pip install roundup; \
94 cp -ril /usr/local/lib/python3.10/site-packages/usr/local/share/* \ 96 cp -ril /usr/local/lib/python3.10/site-packages/usr/local/share/* \
95 /usr/local/share; fi 97 /usr/local/share; fi
96 98
99 # Allow user to add more modules during build
100 ARG pip_mod
101 RUN if [ -n "$pip_mod" ]; then pip install --no-cache-dir ${pip_mod}; fi
102
97 # build a new smaller docker image for execution. Build image above 103 # build a new smaller docker image for execution. Build image above
98 # is 1G in size. 104 # is 1G in size.
99 FROM python:3-alpine 105 FROM python:3-alpine
100 106
101 # import from global 107 # import from global
102 ARG appdir 108 ARG appdir
103 109
104 WORKDIR $appdir 110 WORKDIR $appdir
105 111
112 # suppress warning when running pip as root
113 ENV PIP_ROOT_USER_ACTION=ignore
114
115 # upgrade to get any security updates; bundle with
116 # rest of apk actions to reduce layers/wasted space
106 # add libraries needed to run gpg/mysql/pgsql/brotli 117 # add libraries needed to run gpg/mysql/pgsql/brotli
107 RUN apk add \ 118 # clean out any caches to save space
119 RUN apk --update-cache upgrade; \
120 apk add \
121 brotli-libs \
108 gpgme \ 122 gpgme \
109 mariadb-connector-c \ 123 mariadb-connector-c \
110 libpq \ 124 libpq \
111 libstdc++ \ 125 libstdc++ \
112 libxapian 126 libxapian \
127 zstd-libs; \
128 rm -f /var/cache/apk/*
113 129
114 ARG source 130 ARG source
115 LABEL "org.roundup-tracker.vendor"="Roundup Issue Tracker Team" \ 131 LABEL "org.roundup-tracker.vendor"="Roundup Issue Tracker Team" \
116 "org.roundup-tracker.description"="Roundup Issue Tracker using sqlite" \ 132 "org.roundup-tracker.description"="Roundup Issue Tracker multi-backend" \
117 "version"="2.1.0 $source" \ 133 "version"="2.2.0 $source" \
118 "org.opencontainers.image.authors"="roundup-devel@lists.sourceforge.net" 134 "org.opencontainers.image.authors"="roundup-devel@lists.sourceforge.net"
119 135
120 136
121 # pull over built assets 137 # pull over built assets
122 COPY --from=build /usr/local/lib/python3.10/site-packages /usr/local/lib/python3.10/site-packages/ 138 COPY --from=build /usr/local/lib/python3.10/site-packages /usr/local/lib/python3.10/site-packages/
Roundup Issue Tracker: http://roundup-tracker.org/