forked from mozilla/bedrock
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
145 lines (107 loc) · 3.07 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
########
# Python dependencies builder
#
FROM python:3.12-slim-bookworm AS python-builder
WORKDIR /app
ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/venv/bin:$PATH"
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext build-essential libxml2-dev libxslt1-dev libxslt1.1
RUN python -m venv /venv
COPY requirements/prod.txt ./requirements/
# Install Python deps
RUN pip install --require-hashes --no-cache-dir -r requirements/prod.txt
########
# assets builder and dev server
#
FROM node:20.14.0-slim AS assets
ENV PATH=/app/node_modules/.bin:$PATH
WORKDIR /app
# Required for required glean_parser dependencies
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install python3 python3-venv
RUN python3 -m venv /.venv
COPY --from=python-builder /venv /.venv
ENV PATH="/.venv/bin:$PATH"
# copy dependency definitions
COPY package.json package-lock.json ./
# install dependencies
RUN npm ci --verbose
# copy supporting files and media
COPY eslint.config.js .stylelintrc .prettierrc.json .prettierignore webpack.config.js webpack.static.config.js ./
COPY ./media ./media
COPY ./tests/unit ./tests/unit
COPY ./glean ./glean
RUN npm run build --verbose
########
# django app container
#
FROM python:3.12-slim-bookworm AS app-base
# Extra python env
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PATH="/venv/bin:$PATH"
# add non-priviledged user
RUN adduser --uid 1000 --disabled-password --gecos '' --no-create-home webdev
WORKDIR /app
EXPOSE 8000
CMD ["./bin/run.sh"]
COPY docker/bin/apt-install /usr/local/bin/
RUN apt-install gettext libxslt1.1 git curl sqlite3
# copy in Python environment
COPY --from=python-builder /venv /venv
# changes infrequently
COPY docker/gitconfig /etc/
COPY ./bin ./bin
COPY ./etc ./etc
COPY ./lib ./lib
COPY ./root_files ./root_files
COPY ./scripts ./scripts
COPY ./wsgi ./wsgi
COPY manage.py LICENSE newrelic.ini ./
# changes more frequently
COPY ./docker ./docker
COPY ./bedrock ./bedrock
COPY ./l10n ./l10n
COPY ./media ./media
########
# expanded webapp image for testing and dev
#
FROM app-base AS devapp
CMD ["./bin/run-tests.sh"]
RUN apt-install make
COPY docker/bin/ssllabs-scan /usr/local/bin/ssllabs-scan
COPY requirements/* ./requirements/
RUN pip install --require-hashes --no-cache-dir -r requirements/dev.txt
RUN pip install --require-hashes --no-cache-dir -r requirements/docs.txt
COPY ./setup.cfg ./
COPY ./pyproject.toml ./
COPY ./.coveragerc ./
COPY ./tests ./tests
RUN bin/run-sync-all.sh
RUN chown webdev:webdev -R .
# for bpython
RUN mkdir /home/webdev/
RUN touch /home/webdev/.pythonhist
RUN chown -R webdev /home/webdev/
USER webdev
# build args
ARG GIT_SHA=latest
ENV GIT_SHA=${GIT_SHA}
########
# final image for deployment
#
FROM app-base AS release
RUN bin/run-sync-all.sh
COPY --from=assets /app/assets /app/assets
RUN honcho run --env docker/envfiles/prod.env docker/bin/build_staticfiles.sh
# Change User
RUN chown webdev:webdev -R .
USER webdev
# build args
ARG GIT_SHA=latest
ENV GIT_SHA=${GIT_SHA}
RUN echo "${GIT_SHA}" > ./root_files/revision.txt