Skip to content

Commit db5cbc9

Browse files
sandhosesandhose
committed
Produce a docker image based on distroless
1 parent d113209 commit db5cbc9

File tree

1 file changed

+16
-5
lines changed

1 file changed

+16
-5
lines changed

docker/Dockerfile

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
# in `poetry export` in the past.
2222

2323
ARG DEBIAN_VERSION=bookworm
24+
ARG DEBIAN_VERSION_NUMERIC=12
2425
ARG PYTHON_VERSION=3.12
2526
ARG POETRY_VERSION=1.8.3
2627

@@ -109,9 +110,9 @@ RUN \
109110
fi
110111

111112
###
112-
### Stage 2: runtime dependencies download for ARM64 and AMD64
113+
## Stage 2: runtime dependencies download for ARM64 and AMD64
113114
###
114-
FROM --platform=$BUILDPLATFORM docker.io/library/debian:${DEBIAN_VERSION} AS runtime-deps
115+
FROM --platform=$BUILDPLATFORM ghcr.io/astral-sh/uv:${DEBIAN_VERSION} AS runtime-deps
115116

116117
# Tell apt to keep downloaded package files, as we're using cache mounts.
117118
RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
@@ -120,6 +121,15 @@ RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloa
120121
RUN dpkg --add-architecture arm64
121122
RUN dpkg --add-architecture amd64
122123

124+
ARG PYTHON_VERSION
125+
RUN uv python install \
126+
cpython-${PYTHON_VERSION}-linux-aarch64-gnu \
127+
cpython-${PYTHON_VERSION}-linux-x86_64_v2-gnu
128+
129+
RUN mkdir -p /install-amd64/usr/lib /install-arm64/usr/lib
130+
RUN mv $(uv python dir)/cpython-*-linux-aarch64-gnu/ /install-arm64/usr/local
131+
RUN mv $(uv python dir)/cpython-*-linux-x86_64_v2-gnu/ /install-amd64/usr/local
132+
123133
# Fetch the runtime dependencies debs for both architectures
124134
RUN \
125135
--mount=type=cache,target=/var/cache/apt,sharing=locked \
@@ -129,8 +139,9 @@ RUN \
129139
mkdir -p /tmp/debs-${arch} && \
130140
cd /tmp/debs-${arch} && \
131141
apt-get download \
132-
curl:${arch} \
133142
gosu:${arch} \
143+
zlib1g:${arch} \
144+
libstdc++6:${arch} \
134145
libjpeg62-turbo:${arch} \
135146
libpq5:${arch} \
136147
libwebp7:${arch} \
@@ -157,7 +168,7 @@ RUN \
157168
### Stage 3: runtime
158169
###
159170

160-
FROM docker.io/library/python:${PYTHON_VERSION}-slim-${DEBIAN_VERSION}
171+
FROM gcr.io/distroless/base-nossl-debian${DEBIAN_VERSION_NUMERIC}:debug
161172

162173
ARG TARGETARCH
163174

@@ -176,4 +187,4 @@ EXPOSE 8008/tcp 8009/tcp 8448/tcp
176187
ENTRYPOINT ["/start.py"]
177188

178189
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
179-
CMD curl -fSs http://localhost:8008/health || exit 1
190+
CMD wget --quiet --tries=1 --spider http://localhost:8008/health || exit 1

0 commit comments

Comments
 (0)