Mercurial > p > roundup > code
comparison scripts/Docker/Dockerfile @ 7237:f636acd7d63c
hadolint fixes/best practices added
Enable -o pipefail for RUN commands with pipes so any errors in the
pipeline cause a failure.
use wget -q to reduce log size for large file downloads.
Run all apk with --no-cache so I don't need to remove /var/cache/apk/*.
Quote variables in RUN shell scripts unless they need to be expanded.
Don't use direct variable substitution in printf.
Update comment for installing python packages using apk.
Remove --use-feature=in-tree-build from local_pip pip command. This
feature is the default with newer pips and is now an error if used.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 30 Mar 2023 19:35:08 -0400 |
| parents | 282ba72a5615 |
| children | bb070f559a80 |
comparison
equal
deleted
inserted
replaced
| 7236:821429f560cd | 7237:f636acd7d63c |
|---|---|
| 1 # hadolint global ignore=DL3003 | |
| 1 # build in root dir using: | 2 # build in root dir using: |
| 2 # | 3 # |
| 3 # docker build -t roundup-app --rm -f scripts/Dockerfile . | 4 # docker build -t roundup-app --rm -f scripts/Dockerfile . |
| 4 # | 5 # |
| 5 # run using: | 6 # run using: |
| 29 ARG appdir | 30 ARG appdir |
| 30 | 31 |
| 31 WORKDIR $appdir | 32 WORKDIR $appdir |
| 32 | 33 |
| 33 # Update to get security and other improvements; | 34 # Update to get security and other improvements; |
| 34 RUN apk --update-cache upgrade | 35 RUN apk --no-cache upgrade |
| 35 | 36 |
| 36 # Add packages needed to compile mysql, pgsql and other python modules. | 37 # Add packages needed to compile mysql, pgsql and other python modules. |
| 37 # Can't use apk to add them as that installs a 3.9 python version. | 38 # Can't use apk to add python packages as it installs 3.9 python version. |
| 38 # g++ installs cc1plus needed by pip install | 39 # g++ installs cc1plus needed by pip install |
| 39 RUN apk add \ | 40 RUN apk --no-cache add \ |
| 40 g++ \ | 41 g++ \ |
| 41 gcc \ | 42 gcc \ |
| 42 gpgme-dev \ | 43 gpgme-dev \ |
| 43 libxapian \ | 44 libxapian \ |
| 44 linux-headers \ | 45 linux-headers \ |
| 52 ARG pythonversion | 53 ARG pythonversion |
| 53 # verify that pythonversion matches the one in the image. | 54 # verify that pythonversion matches the one in the image. |
| 54 RUN image_python_version=$(python -c 'import sys; print("%s.%s"%sys.version_info[0:2])'); \ | 55 RUN image_python_version=$(python -c 'import sys; print("%s.%s"%sys.version_info[0:2])'); \ |
| 55 if [ "${pythonversion}" != "${image_python_version}" ]; then \ | 56 if [ "${pythonversion}" != "${image_python_version}" ]; then \ |
| 56 printf "\n\n*****\npythonversion does not match.\n" ; \ | 57 printf "\n\n*****\npythonversion does not match.\n" ; \ |
| 57 printf "Add:\n --build-arg=\"pythonversion=${image_python_version}\"\nto docker build\n******\n\n"; \ | 58 printf "Add:\n --build-arg=\"pythonversion=%s\"\nto docker build\n******\n\n" "${image_python_version}"; \ |
| 58 exit 1; \ | 59 exit 1; \ |
| 59 fi | 60 fi |
| 60 | 61 |
| 61 # build xapian bindings: | 62 # build xapian bindings: |
| 62 # file with sphinx build dependencies to remove after build | 63 # file with sphinx build dependencies to remove after build |
| 64 COPY scripts/Docker/sphinxdeps.txt . | 65 COPY scripts/Docker/sphinxdeps.txt . |
| 65 | 66 |
| 66 # suppress warning when running pip as root | 67 # suppress warning when running pip as root |
| 67 ENV PIP_ROOT_USER_ACTION=ignore | 68 ENV PIP_ROOT_USER_ACTION=ignore |
| 68 | 69 |
| 70 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] | |
| 69 RUN set -xv && CWD=$PWD && \ | 71 RUN set -xv && CWD=$PWD && \ |
| 70 upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ | 72 upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ |
| 71 list --outdated | awk 'NR > 2 {print $1}'); \ | 73 list --outdated | awk 'NR > 2 {print $1}'); \ |
| 72 if [ -n "$upgrades" ]; then \ | 74 if [ -n "$upgrades" ]; then \ |
| 73 echo Pip updating $upgrades; \ | 75 echo "Pip updating $upgrades"; \ |
| 74 python -m pip --no-cache --disable-pip-version-check \ | 76 python -m pip --no-cache --disable-pip-version-check \ |
| 75 install -U $upgrades < /dev/null; \ | 77 install -U $upgrades < /dev/null; \ |
| 76 else \ | 78 else \ |
| 77 echo Nothing to pip update; \ | 79 echo Nothing to pip update; \ |
| 78 fi; \ | 80 fi; \ |
| 79 ls -l /usr/local/lib/python3.11/site-packages; \ | 81 ls -l /usr/local/lib/python3.11/site-packages; \ |
| 80 VER=$(apk list -I 'xapian-core-dev' | \ | 82 VER=$(apk list -I 'xapian-core-dev' | \ |
| 81 sed 's/^xapian-core-dev-\([0-9.]*\)-.*/\1/') && \ | 83 sed 's/^xapian-core-dev-\([0-9.]*\)-.*/\1/') && \ |
| 82 cd /tmp && \ | 84 cd /tmp && \ |
| 83 wget https://oligarchy.co.uk/xapian/$VER/xapian-bindings-$VER.tar.xz && \ | 85 wget -q "https://oligarchy.co.uk/xapian/$VER/xapian-bindings-$VER.tar.xz" && \ |
| 84 tar -Jxvf xapian-bindings-$VER.tar.xz && \ | 86 tar -Jxvf "xapian-bindings-$VER.tar.xz" && \ |
| 85 cd xapian-bindings-$VER/ && \ | 87 cd xapian-bindings-$VER/ && \ |
| 86 pip --no-cache-dir install sphinx && \ | 88 pip --no-cache-dir install sphinx && \ |
| 87 sed -i -e '/PYTHON3_SO=/s/distutils\.//g' \ | 89 sed -i -e '/PYTHON3_SO=/s/distutils\.//g' \ |
| 88 -e '/PYTHON3_SO=/s/"SO"/"EXT_SUFFIX"/g' configure && \ | 90 -e '/PYTHON3_SO=/s/"SO"/"EXT_SUFFIX"/g' configure && \ |
| 89 ./configure --prefix=/usr/local --with-python3 --disable-documentation && \ | 91 ./configure --prefix=/usr/local --with-python3 --disable-documentation && \ |
| 114 [ "$source" = "pypi" ] || \ | 116 [ "$source" = "pypi" ] || \ |
| 115 [ "$source" = "local_pip" ]; then :; \ | 117 [ "$source" = "local_pip" ]; then :; \ |
| 116 else echo "invalid value for source: $source"; \ | 118 else echo "invalid value for source: $source"; \ |
| 117 echo "must be local or pypi"; exit 1; fi; \ | 119 echo "must be local or pypi"; exit 1; fi; \ |
| 118 if [ "$source" = "local" ]; then cd install && ./setup.py install; fi; \ | 120 if [ "$source" = "local" ]; then cd install && ./setup.py install; fi; \ |
| 119 if [ "$source" = "local_pip" ]; then cd install && pip install \ | 121 if [ "$source" = "local_pip" ]; then cd install && \ |
| 120 --use-feature=in-tree-build . ; fi; \ | 122 pip -V && \ |
| 121 if [ "$source" = "pypi" ]; then pip install roundup; \ | 123 pip install --no-cache-dir . ; \ |
| 122 cp -ril /usr/local/lib/python${pythonversion}/site-packages/usr/local/share/* \ | 124 fi; \ |
| 125 if [ "$source" = "pypi" ]; then pip install --no-cache-dir roundup; \ | |
| 126 cp -ril /usr/local/lib/"python${pythonversion}"/site-packages/usr/local/share/* \ | |
| 123 /usr/local/share; fi | 127 /usr/local/share; fi |
| 124 | 128 |
| 125 # Allow user to add more modules during build | 129 # Allow user to add more modules during build |
| 126 ARG pip_mod | 130 ARG pip_mod |
| 127 RUN if [ -n "$pip_mod" ]; then pip install --no-cache-dir ${pip_mod}; fi | 131 RUN if [ -n "$pip_mod" ]; then pip install --no-cache-dir ${pip_mod}; fi |
| 143 # rest of apk actions to reduce layers/wasted space | 147 # rest of apk actions to reduce layers/wasted space |
| 144 # add libraries needed to run gpg/mysql/pgsql/brotli | 148 # add libraries needed to run gpg/mysql/pgsql/brotli |
| 145 # clean out any caches to save space | 149 # clean out any caches to save space |
| 146 # upgrade pip packages to get security and other updates | 150 # upgrade pip packages to get security and other updates |
| 147 # bundle with apk updates | 151 # bundle with apk updates |
| 148 RUN apk --update-cache upgrade; \ | 152 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] |
| 149 apk add \ | 153 RUN apk --no-cache upgrade; \ |
| 154 apk --no-cache add \ | |
| 150 brotli-libs \ | 155 brotli-libs \ |
| 151 gpgme \ | 156 gpgme \ |
| 152 mariadb-connector-c \ | 157 mariadb-connector-c \ |
| 153 libpq \ | 158 libpq \ |
| 154 libstdc++ \ | 159 libstdc++ \ |
| 155 libxapian \ | 160 libxapian \ |
| 156 zstd-libs; \ | 161 zstd-libs; \ |
| 157 rm -f /var/cache/apk/*; \ | |
| 158 upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ | 162 upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ |
| 159 list --outdated | awk 'NR > 2 {print $1}'); \ | 163 list --outdated | awk 'NR > 2 {print $1}'); \ |
| 160 if [ -n "$upgrades" ]; then \ | 164 if [ -n "$upgrades" ]; then \ |
| 161 echo Pip updating $upgrades; \ | 165 echo "Pip updating $upgrades"; \ |
| 162 python -m pip --no-cache --disable-pip-version-check \ | 166 python -m pip --no-cache --disable-pip-version-check \ |
| 163 install -U $upgrades < /dev/null; \ | 167 install -U $upgrades < /dev/null; \ |
| 164 else \ | 168 else \ |
| 165 echo Nothing to pip update; \ | 169 echo Nothing to pip update; \ |
| 166 fi | 170 fi |