Mercurial > p > roundup > code
view scripts/Docker/Dockerfile @ 7119:59908110ccc9
More changes to remove stragglers of old setuptools.
Pip update needs to be done in both the stage1 and stage2 images.
site-packages contain setuptools-65.5.0 in both stage1 and stage2.
Because I copy stage1's site-packages to stage2, I need to remove the
-65.5.0 directory in stage1 to prevent it from making the jump to
stage 2.
I do the pip update in stage2 before the copy, not after. So I don't
have to worry about pip update messing with my locally installed
files. But it does mean I have to pip update both stage1 and stage2.
I could probably get away with just 1 pip update if I did it after the
copy operation from stage1 into stage2 but... This way is probably
safer.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 28 Dec 2022 23:45:14 -0500 |
| parents | 9f3ca362a415 |
| children | 282ba72a5615 |
line wrap: on
line source
# build in root dir using: # # docker build -t roundup-app --rm -f scripts/Dockerfile . # # run using: # # docker run --rm -v /.../issue.tracker:/usr/src/app/tracker \ # -p 9017:8080 roundup-app:latest # Global vars for all build stages # application directory ARG appdir=/usr/src/app # support roundup install from 'local' directory, # 'local_pip' local directory using pip to install or # latest release from 'pypi' ARG source=local # Python version as a.b Used for installation directory and # COPY from install dir in second stage. ARG pythonversion=3.11 FROM python:3-alpine as build # Inherit global values https://github.com/moby/moby/issues/37345 ARG appdir WORKDIR $appdir # Update to get security and other improvements; RUN apk --update-cache upgrade # Add packages needed to compile mysql, pgsql and other python modules. # Can't use apk to add them as that installs a 3.9 python version. # g++ installs cc1plus needed by pip install RUN apk add \ g++ \ gcc \ gpgme-dev \ libxapian \ linux-headers \ make \ musl-dev \ mysql-dev \ postgresql-dev \ swig \ xapian-core-dev ARG pythonversion # verify that pythonversion matches the one in the image. RUN image_python_version=$(python -c 'import sys; print("%s.%s"%sys.version_info[0:2])'); \ if [ "${pythonversion}" != "${image_python_version}" ]; then \ printf "\n\n*****\npythonversion does not match.\n" ; \ printf "Add:\n --build-arg=\"pythonversion=${image_python_version}\"\nto docker build\n******\n\n"; \ exit 1; \ fi # build xapian bindings: # file with sphinx build dependencies to remove after build # they are over 70MB of space. COPY scripts/Docker/sphinxdeps.txt . # suppress warning when running pip as root ENV PIP_ROOT_USER_ACTION=ignore RUN set -xv && CWD=$PWD && \ upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ list --outdated | awk 'NR > 2 {print $1}'); \ if [ -n "$upgrades" ]; then \ echo Pip updating $upgrades; \ python -m pip --no-cache --disable-pip-version-check \ install -U $upgrades < /dev/null; \ else \ echo Nothing to pip update; \ fi; \ ls -l /usr/local/lib/python3.11/site-packages; \ VER=$(apk list -I 'xapian-core-dev' | \ sed 's/^xapian-core-dev-\([0-9.]*\)-.*/\1/') && \ cd /tmp && \ wget https://oligarchy.co.uk/xapian/$VER/xapian-bindings-$VER.tar.xz && \ tar -Jxvf xapian-bindings-$VER.tar.xz && \ cd xapian-bindings-$VER/ && \ pip --no-cache-dir install sphinx && \ sed -i -e '/PYTHON3_SO=/s/distutils\.//g' \ -e '/PYTHON3_SO=/s/"SO"/"EXT_SUFFIX"/g' configure && \ ./configure --prefix=/usr/local --with-python3 --disable-documentation && \ make && make install && \ pip uninstall --no-cache-dir -y sphinx && \ pip uninstall --no-cache-dir -y -r $CWD/sphinxdeps.txt # add requirements for pip here, e.g. Whoosh, gpg, zstd or other # modules not installed in the base library. # ignore warnings from pip to use virtualenv COPY scripts/Docker/requirements.txt . RUN pip install --no-cache-dir -r requirements.txt # copy the elements of the release directory to the docker image COPY setup.py install/ COPY doc install/doc/ COPY frontends install/frontends/ COPY locale install/locale/ COPY roundup install/roundup/ COPY share install/share/ # verify source has one of two valid values then # install in python3 standard directories from local copy # or install in python3 standard directories from pypi using pip # import from global/command line ARG source RUN set -xv && if [ "$source" = "local" ] || \ [ "$source" = "pypi" ] || \ [ "$source" = "local_pip" ]; then :; \ else echo "invalid value for source: $source"; \ echo "must be local or pypi"; exit 1; fi; \ if [ "$source" = "local" ]; then cd install && ./setup.py install; fi; \ if [ "$source" = "local_pip" ]; then cd install && pip install \ --use-feature=in-tree-build . ; fi; \ if [ "$source" = "pypi" ]; then pip install roundup; \ cp -ril /usr/local/lib/python${pythonversion}/site-packages/usr/local/share/* \ /usr/local/share; fi # Allow user to add more modules during build ARG pip_mod RUN if [ -n "$pip_mod" ]; then pip install --no-cache-dir ${pip_mod}; fi # build a new smaller docker image for execution. Build image above # is 1G in size. FROM python:3-alpine # import from global ARG appdir WORKDIR $appdir # suppress warning when running pip as root ENV PIP_ROOT_USER_ACTION=ignore # upgrade to get any security updates; bundle with # rest of apk actions to reduce layers/wasted space # add libraries needed to run gpg/mysql/pgsql/brotli # clean out any caches to save space # upgrade pip packages to get security and other updates # bundle with apk updates RUN apk --update-cache upgrade; \ apk add \ brotli-libs \ gpgme \ mariadb-connector-c \ libpq \ libstdc++ \ libxapian \ zstd-libs; \ rm -f /var/cache/apk/*; \ upgrades=$(python3 -m pip --no-cache --disable-pip-version-check \ list --outdated | awk 'NR > 2 {print $1}'); \ if [ -n "$upgrades" ]; then \ echo Pip updating $upgrades; \ python -m pip --no-cache --disable-pip-version-check \ install -U $upgrades < /dev/null; \ else \ echo Nothing to pip update; \ fi ARG source LABEL "org.roundup-tracker.vendor"="Roundup Issue Tracker Team" \ "org.roundup-tracker.description"="Roundup Issue Tracker multi-backend" \ "version"="2.2.0 $source" \ "org.opencontainers.image.authors"="roundup-devel@lists.sourceforge.net" ARG pythonversion # pull over built assets COPY --from=build /usr/local/lib/python${pythonversion}/site-packages /usr/local/lib/python${pythonversion}/site-packages/ COPY --from=build /usr/local/bin/roundup* /usr/local/bin/ COPY --from=build /usr/local/share /usr/local/share/ COPY scripts/Docker/roundup_start . COPY scripts/Docker/roundup_healthcheck . # make roundup scripts execuable and mount a trackerdir on tracker location RUN chmod +x roundup_start roundup_healthcheck; mkdir tracker VOLUME $appdir/tracker # map port 8080 to your local port EXPOSE 8080/tcp HEALTHCHECK --start-period=1m \ CMD ./roundup_healthcheck # do not run roundup as root. This creates roundup user and group. ARG roundup_uid RUN adduser -D -h ${appdir} -u ${roundup_uid:-1000} roundup USER roundup # run the server, disable output buffering so we can see logs. ENV PYTHONUNBUFFERED=1 #ENTRYPOINT [ "roundup-server", "-n", "0.0.0.0" ] ENTRYPOINT [ "./roundup_start" ] # allow the invoker to override cmd with multiple trackers # in each subdirectory under $appdir/tracker. E.G. # docker run .... \ # issues=tracker/issues foo=tracker/foo # # note using "issue=$appdir/tracker" results in error: # # No valid configuration files found in directory /usr/src/app/$appdir/tracker # # so $appdir not expanded and $PWD prefixed onto the (relative path) # $appdir/tracker. Hence use relative path for spec. CMD [ "issues=tracker" ]