-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(docker): update to use new base image
- Loading branch information
Showing
6 changed files
with
26 additions
and
151 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,86 +1,49 @@ | ||
| ARG AZLINUX_BASE_VERSION=master | ||
| # To build: docker build -t fence:latest . | ||
| # To run interactive: | ||
| # docker run -v ~/.gen3/fence/fence-config.yaml:/var/www/fence/fence-config.yaml -v ./keys/:/fence/keys/ fence:latest | ||
| # To check running container do: docker exec -it CONTAINER bash | ||
|
|
||
| # Base stage with python-build-base | ||
| FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} AS base | ||
| ARG AZLINUX_BASE_VERSION=feat_python-nginx | ||
|
|
||
| # ------ Base stage ------ | ||
| FROM quay.io/cdis/python-nginx-al:${AZLINUX_BASE_VERSION} AS base | ||
|
|
||
| # Comment this in, and comment out the line above, if quay is down | ||
| # FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base | ||
| # FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-nginx-al:${AZLINUX_BASE_VERSION} as base | ||
|
|
||
| ENV appname=fence | ||
| ENV POETRY_NO_INTERACTION=1 \ | ||
| POETRY_VIRTUALENVS_IN_PROJECT=1 \ | ||
| POETRY_VIRTUALENVS_CREATE=1 | ||
|
|
||
| WORKDIR /${appname} | ||
|
|
||
| # create gen3 user | ||
| # Create a group 'gen3' with GID 1000 and a user 'gen3' with UID 1000 | ||
| RUN groupadd -g 1000 gen3 && \ | ||
| useradd -m -s /bin/bash -u 1000 -g gen3 gen3 && \ | ||
| chown -R gen3:gen3 /$appname && \ | ||
| mkdir -p /var/www/$appname && \ | ||
| chown -R gen3:gen3 /var/www/$appname && \ | ||
| chown -R gen3:gen3 /venv | ||
|
|
||
| RUN chown -R gen3:gen3 /${appname} | ||
|
|
||
| # Builder stage | ||
| # ------ Builder stage ------ | ||
| FROM base AS builder | ||
|
|
||
| USER gen3 | ||
|
|
||
|
|
||
| RUN python -m venv /venv | ||
|
|
||
|
|
||
| # Install just the deps without the code as it's own step to avoid redoing this on code changes | ||
| COPY poetry.lock pyproject.toml /${appname}/ | ||
| RUN poetry install -vv --only main --no-interaction | ||
|
|
||
| RUN pip install poetry && \ | ||
| poetry install -vv --only main --no-interaction | ||
|
|
||
| # Move app files into working directory | ||
| COPY --chown=gen3:gen3 . /$appname | ||
| COPY --chown=gen3:gen3 ./deployment/wsgi/wsgi.py /$appname/wsgi.py | ||
|
|
||
| # Run poetry again so this app itself gets installed too | ||
| RUN poetry install --without dev --no-interaction | ||
| # Do the install again incase the app itself needs install | ||
| RUN poetry install -vv --only main --no-interaction | ||
|
|
||
| ENV PATH="$(poetry env info --path)/bin:$PATH" | ||
|
|
||
| # Setup version info | ||
| RUN git config --global --add safe.directory /${appname} && COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" > /$appname/version_data.py \ | ||
| && VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >> /$appname/version_data.py | ||
|
|
||
| # Final stage | ||
| FROM base | ||
|
|
||
| COPY --from=builder /venv /venv | ||
| COPY --from=builder /$appname /$appname | ||
|
|
||
| # install tar | ||
| RUN yum install tar -y | ||
| # RUN yum install tar -y | ||
| # do we need to untar jwt-keys? | ||
|
|
||
| # install nginx | ||
| RUN yum install nginx -y | ||
|
|
||
| RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx | ||
|
|
||
| # chown nginx directories | ||
| RUN chown -R gen3:gen3 /var/log/nginx | ||
|
|
||
| # pipe nginx logs to stdout and stderr | ||
| RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log | ||
|
|
||
| # create /var/lib/nginx/tmp/client_body to allow nginx to write to fence | ||
| RUN mkdir -p /var/lib/nginx/tmp/client_body | ||
| RUN chown -R gen3:gen3 /var/lib/nginx/ | ||
|
|
||
| # copy nginx config | ||
| COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf | ||
|
|
||
|
|
||
| # Switch to non-root user 'gen3' for the serving process | ||
| USER gen3 | ||
|
|
||
| RUN source /venv/bin/activate | ||
|
|
||
| ENV PYTHONUNBUFFERED=1 \ | ||
| PYTHONIOENCODING=UTF-8 | ||
| # ------ Final stage ------ | ||
| FROM base | ||
|
|
||
| COPY --chown=gen3:gen3 --from=builder /$appname /$appname | ||
|
|
||
| CMD ["/bin/bash", "-c", "/fence/dockerrun.bash"] | ||
| CMD ["poetry", "run", "gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"] |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.