commit
3635e4b9c3
27
.dockerignore
Normal file
27
.dockerignore
Normal file
@ -0,0 +1,27 @@
|
||||
# Files to exclude from COPY and ADD commands when
|
||||
# building a docker image from this directory
|
||||
|
||||
# Exclude Docker build related files
|
||||
Dockerfile
|
||||
.dockerignore
|
||||
|
||||
# Exclude the git directory and gitignore file
|
||||
.git
|
||||
.gitignore
|
||||
|
||||
# Skip any existing logs
|
||||
log/*
|
||||
|
||||
# Skip LICENSE, README, etc.
|
||||
LICENSE
|
||||
*.md
|
||||
|
||||
# Skip pipenv/virtualenv related things
|
||||
.envrc
|
||||
.venv
|
||||
|
||||
# Skip ansible-container stuff
|
||||
ansible*
|
||||
container.yml
|
||||
meta.yml
|
||||
requirements.yml
|
33
.travis.yml
33
.travis.yml
@ -1,10 +1,29 @@
|
||||
sudo: required
|
||||
language: python
|
||||
python:
|
||||
- "3.6"
|
||||
python: "3.6"
|
||||
services: docker
|
||||
env:
|
||||
global:
|
||||
- TESTER_IMAGE_NAME=atst-tester
|
||||
- PROD_IMAGE_NAME=atst-prod
|
||||
|
||||
before_install:
|
||||
- pip install pipenv
|
||||
- pipenv install --dev --skip-lock
|
||||
- gem install sass
|
||||
- npm install
|
||||
- docker login -u $ATAT_DOCKER_REGISTRY_USERNAME -p $ATAT_DOCKER_REGISTRY_PASSWORD $ATAT_DOCKER_REGISTRY_URL
|
||||
- docker build --tag "${TESTER_IMAGE_NAME}" . -f docker/tester/Dockerfile
|
||||
|
||||
script:
|
||||
- python -m pytest
|
||||
- docker run "${TESTER_IMAGE_NAME}"
|
||||
|
||||
before_deploy:
|
||||
- docker build --tag "${PROD_IMAGE_NAME}" . -f docker/prod/Dockerfile
|
||||
- git_sha="$(git rev-parse --short HEAD)"
|
||||
- remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${git_sha}"
|
||||
- docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}"
|
||||
- docker images
|
||||
- docker push "${remote_image_name}"
|
||||
|
||||
deploy:
|
||||
provider: script
|
||||
script: echo "** Image push only for now... stay tuned! **"
|
||||
on:
|
||||
branch: master
|
||||
|
1
Pipfile
1
Pipfile
@ -12,6 +12,7 @@ pendulum = "*"
|
||||
redis = "*"
|
||||
|
||||
[dev-packages]
|
||||
bandit = "*"
|
||||
pytest = "==3.6.0"
|
||||
pytest-tornado = "==0.5.0"
|
||||
ipython = "*"
|
||||
|
46
docker/prod/Dockerfile
Normal file
46
docker/prod/Dockerfile
Normal file
@ -0,0 +1,46 @@
|
||||
FROM python:3.6.5-alpine
|
||||
|
||||
### Very low chance of changing
|
||||
###############################
|
||||
# Overridable default config
|
||||
ARG APP_USER=atst
|
||||
ARG APP_GROUP=atat
|
||||
ARG APP_DIR=/opt/atat/atst
|
||||
ARG APP_PORT=8000
|
||||
ARG SITE_PACKAGES_DIR=/usr/local/lib/python3.6/site-packages
|
||||
|
||||
ENV APP_USER "${APP_USER}"
|
||||
ENV APP_GROUP "${APP_GROUP}"
|
||||
ENV APP_DIR "${APP_DIR}"
|
||||
ENV SKIP_PIPENV true
|
||||
|
||||
# Set port to open
|
||||
EXPOSE "${APP_PORT}"
|
||||
|
||||
# Use dumb-init for proper signal handling
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
|
||||
# Default command is to launch the server
|
||||
CMD ["bash", "-c", "${APP_DIR}/script/server"]
|
||||
|
||||
### Items that will change almost every build
|
||||
#############################################
|
||||
# Copy installed python packages from the tester image
|
||||
COPY --from=atst-tester:latest "${SITE_PACKAGES_DIR}" "${SITE_PACKAGES_DIR}"
|
||||
|
||||
# Copy the app directory contents from the tester image (includes node modules)
|
||||
COPY --from=atst-tester:latest "${APP_DIR}" "${APP_DIR}"
|
||||
|
||||
# Set working dir
|
||||
WORKDIR ${APP_DIR}
|
||||
|
||||
# Add required system packages and app user
|
||||
RUN set -x ; \
|
||||
script/alpine_setup "${APP_USER}" "${APP_GROUP}"
|
||||
|
||||
# Update file ownership
|
||||
RUN set -x ; \
|
||||
for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules'); do chown atst:atat -R ${subdir}; done
|
||||
|
||||
# Run as the unprivileged APP user
|
||||
USER "${APP_USER}"
|
40
docker/tester/Dockerfile
Normal file
40
docker/tester/Dockerfile
Normal file
@ -0,0 +1,40 @@
|
||||
FROM registry.atat.codes:443/atat-app-builder:latest
|
||||
|
||||
### Very low chance of changing
|
||||
###############################
|
||||
ARG APP_USER=atst
|
||||
ARG APP_GROUP=atat
|
||||
ARG APP_DIR=/opt/atat/atst
|
||||
ARG CIBUILD=true
|
||||
|
||||
ENV APP_DIR "${APP_DIR}"
|
||||
ENV SKIP_PIPENV true
|
||||
|
||||
# Use dumb-init for proper signal handling
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
|
||||
# Default command is to run all the tests
|
||||
CMD ["bash", "-c", "${APP_DIR}/script/cibuild"]
|
||||
|
||||
# Create application directory
|
||||
RUN set -x ; \
|
||||
mkdir -p ${APP_DIR}
|
||||
|
||||
# Set working dir
|
||||
WORKDIR ${APP_DIR}
|
||||
|
||||
# Copy over alpine setup script
|
||||
COPY script/alpine_setup ./script/
|
||||
|
||||
# Add required system packages and app user
|
||||
RUN set -x ; \
|
||||
script/alpine_setup "${APP_USER}" "${APP_GROUP}"
|
||||
|
||||
### Items that will change almost every build
|
||||
#############################################
|
||||
# Copy over the rest of the app source
|
||||
COPY . .
|
||||
|
||||
# Install app dependencies
|
||||
RUN set -x ; \
|
||||
script/setup
|
22
script/alpine_setup
Executable file
22
script/alpine_setup
Executable file
@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
|
||||
# script/alpine_setup: Adds all the system packages, directors, users, etc.
|
||||
# required to run the application on Alpine
|
||||
|
||||
# If a command fails, exit the script
|
||||
set -e
|
||||
|
||||
# Ensure we are in the app root directory (not the /script directory)
|
||||
cd "$(dirname "${0}")/.."
|
||||
|
||||
APP_USER=${1}
|
||||
APP_GROUP=${2}
|
||||
|
||||
apk update
|
||||
apk upgrade
|
||||
|
||||
apk add bash
|
||||
apk add dumb-init
|
||||
|
||||
addgroup -g 8000 -S "${APP_GROUP}"
|
||||
adduser -u 8010 -D -S -G "${APP_GROUP}" "${APP_USER}"
|
@ -28,5 +28,9 @@ pipenv install ${PIPENV_INSTALL_FLAGS}
|
||||
# Install uswds node module and dependencies
|
||||
npm install
|
||||
|
||||
# Relink uswds fonts into the /static directory
|
||||
rm -f ./static/fonts
|
||||
ln -s ../node_modules/uswds/src/fonts ./static/fonts
|
||||
|
||||
# Precompile assets for deployment
|
||||
${WEBASSETS_CMD} -m atst.assets build
|
||||
|
16
script/cibuild
Executable file
16
script/cibuild
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
# script/cibuild: Run CI related checks and tests
|
||||
|
||||
# If a command fails, exit the script
|
||||
set -e
|
||||
|
||||
# Ensure we are in the app root directory (not the /script directory)
|
||||
cd "$(dirname "${0}")/.."
|
||||
|
||||
# Run lint/style checks and unit tests
|
||||
script/test
|
||||
|
||||
# Run static code analysis security checks
|
||||
# (excluding the tests and node_modules subdirs)
|
||||
bandit -r . -x node_modules,tests
|
@ -23,7 +23,3 @@ fi
|
||||
|
||||
# Install application dependencies
|
||||
script/bootstrap
|
||||
|
||||
# Symlink uswds fonts into the /static directory
|
||||
rm -f ./static/fonts
|
||||
ln -s ../node_modules/uswds/src/fonts ./static/fonts
|
||||
|
Loading…
x
Reference in New Issue
Block a user