-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
170 lines (164 loc) · 6.6 KB
/
Dockerfile
File metadata and controls
170 lines (164 loc) · 6.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
FROM archlinux:base-devel AS python-base
ARG TZ=Asia/Vladivostok
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
ARG DOCKER_USER_HOME=/home/developer
ARG MIRROR_LIST_COUNTRY=RU
ARG BUILD_PACKAGES="pyenv git gnupg sudo postgresql-libs mariadb-libs openmp"
ARG PYTHON_VERSION=3.14
ARG PIP_DEFAULT_TIMEOUT=300
ARG POETRY_VERSION=2.3.2
RUN echo "* soft core 0" >> /etc/security/limits.conf && \
echo "* hard core 0" >> /etc/security/limits.conf && \
echo "* soft nofile 10000" >> /etc/security/limits.conf
RUN sed -i 's/^UID_MAX.*/UID_MAX 999999999/' /etc/login.defs
RUN sed -i 's/^GID_MAX.*/GID_MAX 999999999/' /etc/login.defs
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime
RUN set -eux; \
groupadd $DOCKER_USER --gid=$DOCKER_HOST_GID && \
useradd --no-log-init -g $DOCKER_USER --uid=$DOCKER_HOST_UID \
-d $DOCKER_USER_HOME -ms /bin/bash $DOCKER_USER
RUN mkdir /application && chown $DOCKER_USER:$DOCKER_USER /application
RUN set -eux; \
tmp="$(mktemp)"; \
if curl -fsSL \
--connect-timeout 10 \
--max-time 30 \
--retry 5 \
--retry-delay 1 \
--retry-all-errors \
"https://archlinux.org/mirrorlist/?country=${MIRROR_LIST_COUNTRY}&protocol=https&ip_version=4&use_mirror_status=on" \
| sed -e 's/^\s*#Server/Server/' -e '/^\s*#/d' \
> "$tmp" \
&& grep -q '^Server' "$tmp"; then \
mv "$tmp" /etc/pacman.d/mirrorlist; \
else \
echo "WARN: mirrorlist update failed; keeping existing /etc/pacman.d/mirrorlist" >&2; \
rm -f "$tmp"; \
fi
RUN grep -q '^DisableSandbox$' /etc/pacman.conf || \
sed -i '/^\[options\]/a DisableSandbox' /etc/pacman.conf && \
pacman -Syu --noconfirm && \
pacman -S --noconfirm --needed $BUILD_PACKAGES && \
pacman -Scc --noconfirm && \
rm -rf /var/lib/pacman/sync/*
RUN echo "${DOCKER_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
ENV PYENV_ROOT=$DOCKER_USER_HOME/.pyenv
ENV PATH=$PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH
RUN pyenv install --skip-existing $PYTHON_VERSION && \
pyenv global $PYTHON_VERSION && \
pyenv rehash && \
rm -rf "$PYENV_ROOT/cache" "$PYENV_ROOT/sources" /tmp/python-build*
ENV PYTHONUNBUFFERED=1
ENV PIP_DEFAULT_TIMEOUT=$PIP_DEFAULT_TIMEOUT
ENV POETRY_NO_INTERACTION=1
ENV POETRY_HOME=/opt/poetry
ENV POETRY_CACHE_DIR=/var/cache/pypoetry
ENV PIP_CACHE_DIR=/var/cache/pip
ENV VIRTUAL_ENV=/opt/venv
RUN python -m venv --copies $VIRTUAL_ENV
ENV PATH=$VIRTUAL_ENV/bin:$PATH
RUN pip install --upgrade pip
RUN curl -sSL https://install.python-poetry.org | POETRY_VERSION=$POETRY_VERSION python -
ENV PATH=$POETRY_HOME/bin:$PATH
ENV PYTHONPATH=/application/src
ENV PROJECT_ROOT=/application
ENV HOME=$DOCKER_USER_HOME
ENV PYTHON_VERSION=$PYTHON_VERSION
FROM python-base AS poetry
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
RUN mkdir -p $POETRY_CACHE_DIR && \
chown -R $DOCKER_USER $POETRY_CACHE_DIR
RUN mkdir -p $PIP_CACHE_DIR && \
chown -R $DOCKER_USER $PIP_CACHE_DIR
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
WORKDIR /application
FROM python-base AS app-build
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
COPY src/ build/src
COPY README.md /build/
COPY pyproject.toml poetry.lock /build/
ARG POETRY_OPTIONS_APP="--only main --compile"
RUN poetry install $POETRY_OPTIONS_APP -n -v -C /build && \
rm -rf $POETRY_CACHE_DIR/* && rm -rf $PIP_CACHE_DIR/*
RUN sed -i "/^${DOCKER_USER}[[:space:]]/d" /etc/sudoers
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
WORKDIR /application
FROM python-base AS build-deps-dev
ARG DOCKER_USER=developer
ARG VIM_PACKAGES="python vim vim-spell-en vim-spell-ru ctags ripgrep bat npm nodejs-lts-jod openai-codex gemini-cli"
ARG POETRY_OPTIONS_DEV="--no-root --with dev --compile"
RUN pacman -Sy --noconfirm && \
pacman -S --noconfirm --needed $VIM_PACKAGES && \
pacman -Scc --noconfirm && \
rm -rf /var/lib/pacman/sync/*
COPY pyproject.toml poetry.lock /build/
RUN poetry install $POETRY_OPTIONS_DEV -n -v -C /build && \
rm -rf $POETRY_CACHE_DIR/* $PIP_CACHE_DIR/*
RUN mkdir -p $POETRY_CACHE_DIR $PIP_CACHE_DIR && \
chown -R $DOCKER_USER $POETRY_CACHE_DIR $PIP_CACHE_DIR
RUN mkdir -p $DOCKER_USER_HOME/.codex && \
chown -R $DOCKER_USER $DOCKER_USER_HOME/.codex
RUN mkdir -p $DOCKER_USER_HOME/.gemini && \
chown -R $DOCKER_USER $DOCKER_USER_HOME/.gemini
RUN mkdir -p $DOCKER_USER_HOME/.config && \
chown -R $DOCKER_USER $DOCKER_USER_HOME/.config
RUN mkdir -p $DOCKER_USER_HOME/.local/share/jupyter && \
chown $DOCKER_USER:$DOCKER_USER $DOCKER_USER_HOME/.local/share/jupyter
FROM build-deps-dev AS dev-build
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
WORKDIR /application
RUN git config --global --add safe.directory /application
FROM build-deps-dev AS vim-ide
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
ARG DOCKER_USER_HOME=/home/developer
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
RUN curl -fLo $DOCKER_USER_HOME/.vim/autoload/plug.vim --create-dirs \
https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
COPY --chown=$DOCKER_USER:$DOCKER_USER .vimrc $DOCKER_USER_HOME/.vimrc
RUN cat $DOCKER_USER_HOME/.vimrc \
|sed -n '/plug#begin/,/plug#end/p' > $DOCKER_USER_HOME/.vimrc_plug
RUN vim -u $DOCKER_USER_HOME/.vimrc_plug +'PlugInstall --sync' +qa
RUN vim -u $DOCKER_USER_HOME/.vimrc_plug \
+'CocInstall -sync coc-pyright coc-json coc-yaml coc-snippets coc-markdownlint' +qa
COPY --chown=$DOCKER_USER:$DOCKER_USER .coc-settings.json \
$DOCKER_USER_HOME/.vim/coc-settings.json
RUN git config --global --add safe.directory /application
ENV TERM=xterm-256color
WORKDIR /application
FROM build-deps-dev AS code-server
ARG DOCKER_HOST_UID=1000
ARG DOCKER_HOST_GID=1000
ARG DOCKER_USER=developer
ARG DOCKER_USER_HOME=/home/developer
ARG CODE_SERVER_EXTENSIONS="ms-python.python ms-pyright.pyright charliermarsh.ruff ms-toolsai.jupyter"
RUN set -eux; \
for attempt in 1 2 3; do \
curl -fsSL https://code-server.dev/install.sh \
| sh -s -- --method standalone --prefix /usr/local \
&& break; \
[ "$attempt" -eq 3 ] && exit 1; \
sleep 5; \
done
RUN /usr/local/bin/code-server --version
RUN mkdir -p $DOCKER_USER_HOME/.local/share/code-server/User && \
chown -R $DOCKER_USER:$DOCKER_USER $DOCKER_USER_HOME/.local/share/code-server
COPY --chown=$DOCKER_USER:$DOCKER_USER .vscode/settings.json.dist \
$DOCKER_USER_HOME/.local/share/code-server/User/settings.json
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
RUN set -eux; \
for ext in $CODE_SERVER_EXTENSIONS; do \
/usr/local/bin/code-server --install-extension "$ext" --force; \
done
RUN git config --global --add safe.directory /application
WORKDIR /application