-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
92 lines (71 loc) · 2.65 KB
/
Dockerfile
File metadata and controls
92 lines (71 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# SPDX-FileCopyrightText: Copyright (C) 2021 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <john.kildea@mcgill.ca>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM python:3.13.13-alpine3.22 AS build
COPY --from=ghcr.io/astral-sh/uv:0.11.7 /uv /uvx /bin/
# dependencies for building Python packages
RUN apk add --no-cache build-base \
# install git in case dependencies are installed from version control
&& apk add --no-cache git \
# mysqlclient dependencies
&& apk add --no-cache mariadb-dev \
# argon2-cffi dependencies
&& apk add --no-cache libffi-dev
# for which environment the build is done: dev or prod
ARG ENV=prod
WORKDIR /app
# Install dependencies
RUN --mount=type=cache,target=/root/.cache/uv \
--mount=type=bind,source=uv.lock,target=uv.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
if [ "$ENV" = "prod" ]; then \
uv sync --locked --no-editable --no-default-groups --extra prod --compile-bytecode; \
else \
uv sync --locked --no-editable --no-default-groups --group dev --compile-bytecode; \
fi
FROM python:3.13.13-alpine3.22
RUN apk upgrade --no-cache \
# mysqlclient runtime dependencies
&& apk add --no-cache mariadb-dev \
# Translation dependencies
&& apk add --no-cache gettext \
# kaleido dependencies
&& apk add --no-cache chromium
# add venv to search path
ENV PATH=/app/.venv/bin:$PATH
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
EXPOSE 8000
WORKDIR /app
RUN addgroup --system appuser \
&& adduser --system --ingroup appuser appuser \
&& chown -R appuser:appuser /app
# get venv from build stage
COPY --from=build /app/.venv /app/.venv
COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
# copy only the required files
COPY ./config/ ./config
COPY ./opal/ ./opal
COPY ./locale/ ./locale
COPY ./LICENSES ./LICENSES
COPY manage.py .
COPY .env.sample .
COPY docker/start.sh ./start.sh
COPY LICENSE .
COPY REUSE.toml .
# Compile messages so translations are baked into the image
RUN cp .env.sample .env \
&& DJANGO_SETTINGS_MODULE=config.settings.test python manage.py compilemessages --ignore .venv \
&& rm .env \
# ensure the uploads directory exists with appuser as the owner
&& mkdir -p ./opal/media/uploads \
&& chown appuser:appuser ./opal/media/uploads \
# ensure the logs directory exists for production logs
&& mkdir /logs \
&& chown appuser:appuser /logs
USER appuser
ENV DJANGO_SETTINGS_MODULE=config.settings.production
ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "/app/start.sh" ]