-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
130 lines (102 loc) · 3.17 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
FROM python:3.11-slim-buster as nsjail-builder
LABEL mantainer="André Felipe Dias <andref.dias@gmail.com>"
RUN apt -y update \
&& apt install -y \
bison=2:3.3.* \
flex=2.6.* \
g++=4:8.3.* \
gcc=4:8.3.* \
git=1:2.20.* \
libprotobuf-dev=3.6.* \
libnl-route-3-dev=3.4.* \
make=4.2.* \
pkg-config=0.29-6 \
protobuf-compiler=3.6.*
WORKDIR /nsjail
ARG NSJAIL_VERSION=3.1
RUN git clone -b $NSJAIL_VERSION --single-branch --depth 1 \
https://github.com/google/nsjail.git .
RUN make
RUN chmod +x nsjail
# ---------------------------------------------------------
FROM python:3.11-slim-buster as builder
LABEL maintainer="André Felipe Dias <andre.dias@pronus.io>"
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y --no-install-recommends build-essential curl
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
RUN python -m venv /venv
ENV POETRY_VERSION=1.5.1
ENV POETRY_HOME=/opt/poetry
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -sSL https://install.python-poetry.org | python -
WORKDIR /app
COPY pyproject.toml poetry.lock ./
RUN . /venv/bin/activate; \
$POETRY_HOME/bin/poetry install --no-interaction
# ---------------------------------------------------------
FROM python:3.11-slim-buster as final-no-rust
RUN apt -y update && apt install -y --no-install-recommends \
# nsjail needs these
libnl-route-3-200=3.4.* \
libprotobuf17=3.6.* \
# sqlite3
sqlite3 \
# clean up
&& apt autoclean -y \
&& rm -rf /var/lib/apt/lists/*
# help debugging
RUN echo 'alias ll="ls -lahF --color"' >> $HOME/.bashrc
# Codebox configuration
COPY --from=builder /venv /venv
COPY --from=nsjail-builder /nsjail/nsjail /usr/sbin
ENV PATH=/venv/bin:${PATH}
# Install Codebox
WORKDIR /codebox
COPY hypercorn.toml .
COPY app/ ./app
CMD ["hypercorn", "--config=hypercorn.toml", "app.main:app"]
# ---------------------------------------------------------
FROM python:3.11-slim-buster as final
RUN apt -y update && apt install -y --no-install-recommends \
# nsjail needs these
libnl-route-3-200=3.4.* \
libprotobuf17=3.6.* \
# sqlite3
sqlite3 \
# clean up
&& apt autoclean -y \
&& rm -rf /var/lib/apt/lists/*
# Rust installation
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH
RUN set -eux; \
apt -y update; \
apt install -y --no-install-recommends \
ca-certificates \
gcc \
libc6-dev \
curl \
; \
curl https://sh.rustup.rs -sSf | \
sh -s -- --no-modify-path --profile minimal --default-host \
x86_64-unknown-linux-gnu \
--default-toolchain stable -y; \
chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \
rustup --version; \
cargo --version; \
rustc --version; \
apt remove -y --auto-remove; \
rm -rf /var/lib/apt/lists/*;
# help debugging
RUN echo 'alias ll="ls -lahF --color"' >> $HOME/.bashrc
# Codebox configuration
COPY --from=builder /venv /venv
COPY --from=nsjail-builder /nsjail/nsjail /usr/sbin
ENV PATH=/venv/bin:${PATH}
# Install Codebox
WORKDIR /app
COPY hypercorn.toml .
COPY codebox/ ./codebox
CMD ["hypercorn", "--config=hypercorn.toml", "codebox.main:app"]