-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathDockerfile
More file actions
138 lines (108 loc) · 4.31 KB
/
Dockerfile
File metadata and controls
138 lines (108 loc) · 4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
FROM node:24-bookworm-slim AS node
FROM oven/bun:1.3 AS bun
FROM python:3.12-slim-bookworm AS base
# Copy Node.js from official image (same Debian base, glibc compatible)
COPY --from=node /usr/local/bin/node /usr/local/bin/
COPY --from=bun /usr/local/bin/bun /usr/local/bin/
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
gettext \
libpq5 \
nginx \
libjemalloc2 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& ln -s /usr/lib/*/libjemalloc.so.2 /usr/lib/libjemalloc.so.2
# ============================================================
# FRONTEND DEPENDENCIES
# ============================================================
FROM base AS frontend_deps
WORKDIR /app/front_end
COPY front_end/package.json front_end/bun.lock ./
ENV NODE_ENV=production
RUN bun install --frozen-lockfile
# ============================================================
# BACKEND DEPENDENCIES
# ============================================================
FROM base AS backend_deps
WORKDIR /app
# Install build dependencies for any packages that need compilation
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:0.10 /uv /uvx /usr/local/bin/
COPY pyproject.toml uv.lock .python-version ./
ENV UV_PROJECT_ENVIRONMENT=/app/venv
RUN uv sync --frozen --no-dev
# ============================================================
# DJANGO STATIC FILES (runs in parallel with frontend build)
# ============================================================
FROM base AS backend_static
WORKDIR /app
COPY . /app/
COPY --from=backend_deps /app/venv /app/venv
RUN . venv/bin/activate && ./manage.py collectstatic --noinput
# ============================================================
# FRONTEND BUILD
# ============================================================
FROM base AS frontend_build
WORKDIR /app
# Copy only frontend source files
COPY front_end/ /app/front_end/
# Copy node_modules from deps stage
COPY --from=frontend_deps /app/front_end/node_modules /app/front_end/node_modules
# Build frontend
ENV NODE_ENV=production
RUN cd front_end \
&& NODE_OPTIONS=--max-old-space-size=8192 bun run build \
&& rm -rf .next/cache
# Inject Sentry sourcemaps
RUN cd front_end && bun x sentry-cli sourcemaps inject .next
# ============================================================
# FINAL ENVIRONMENT
# ============================================================
FROM base AS final_env
RUN mkdir -p /app && chown 1001:0 /app
WORKDIR /app
# Configure nginx
COPY ./scripts/nginx/ /
RUN rm -f /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default /etc/nginx/conf.d/default.conf \
&& mkdir -p /var/cache/nginx /var/log/nginx /var/lib/nginx \
&& touch /run/nginx.pid \
&& chown -R 1001:0 /var/cache/nginx /var/log/nginx /var/lib/nginx /run/nginx.pid /etc/nginx \
&& chmod -R 755 /var/lib/nginx /var/log/nginx
# Copy ALL source code (backend + frontend source, but .next is overwritten)
COPY --chown=1001:0 . /app/
# Copy dependencies from build stages
COPY --chown=1001:0 --from=backend_deps /app/venv /app/venv
COPY --chown=1001:0 --from=frontend_deps /app/front_end/node_modules /app/front_end/node_modules
# Copy pre-built frontend (overwrites the source-only front_end/.next)
COPY --chown=1001:0 --from=frontend_build /app/front_end/.next /app/front_end/.next
# Copy pre-collected Django static files
COPY --chown=1001:0 --from=backend_static /app/staticfiles /app/staticfiles
# Switch to non-root user
RUN mkdir -p /home/app && chown 1001:0 /home/app
USER 1001
# Runtime configuration
ENV HOME=/home/app \
PORT=8080 \
GUNICORN_WORKERS=4 \
NODE_INSTANCES=1 \
NODE_HEAP_SIZE=1024 \
LD_PRELOAD=/usr/lib/libjemalloc.so.2 \
MALLOC_CONF=background_thread:true,dirty_decay_ms:1000,muzzy_decay_ms:1000
EXPOSE 8080
# ============================================================
# FINAL TARGETS
# ============================================================
FROM final_env AS release
CMD ["scripts/prod/release.sh"]
FROM final_env AS web
CMD ["scripts/prod/startapp.sh"]
FROM final_env AS django_cron
CMD ["scripts/prod/django_cron.sh"]
FROM final_env AS dramatiq_worker
CMD ["scripts/prod/run_dramatiq.sh"]
FROM final_env AS all_runners
CMD ["scripts/prod/run_all.sh"]