23c4ba32eb
The CircleCI Orbs were useful for getting started, but now that we only have to deploy to one provider our pipeline should be tailored to efficiently push to just that environment. This inlines all the relevant pieces from the Orbs we were relying on as bash/sh commands instead. This builds the Docker images upfront. Since we have a multi-stage Dockerfile, it builds the first stage as a separate image and then proceeds to build the complete image. This is done so that the first stage (called "builder") can be used for testing. It retains executables like pipenv that we need to install development dependencies needed for tests. Other notes: - CircleCI does not persist Docker images between jobs. As a work-around, we use the CircleCI caching mechanism to create a named cache with *.tar copies of the images. Subsequent jobs use the cache and load the images. - Both the test and integration-tests jobs need to make minor modifications to the container to run correctly. The test job needs to install the development Python dependencies, and the integration-tests job needs to rebuild the JS bundle so that it uses the mock uploader (the container is build to use the Azure uploader by default). - The test and integration-tests jobs run in parallel. - This adjusts the Dockerfile so that the TZ environment variable is set for both stages of the build.
103 lines
2.4 KiB
Docker
103 lines
2.4 KiB
Docker
FROM python:3.7.3-alpine3.9 AS builder
|
|
|
|
ARG CSP
|
|
ENV TZ UTC
|
|
|
|
RUN mkdir -p /install/.venv
|
|
WORKDIR /install
|
|
|
|
# Install basic Alpine packages
|
|
RUN apk update && \
|
|
apk --no-cache add \
|
|
build-base \
|
|
curl \
|
|
ca-certificates \
|
|
docker \
|
|
git \
|
|
gzip \
|
|
libffi \
|
|
libffi-dev \
|
|
libsass \
|
|
libsass-dev \
|
|
linux-headers \
|
|
nodejs \
|
|
openssh-client \
|
|
openssl \
|
|
openssl-dev \
|
|
pcre-dev \
|
|
postgresql-dev \
|
|
rsync \
|
|
sudo \
|
|
tar \
|
|
util-linux \
|
|
yarn
|
|
|
|
COPY . .
|
|
|
|
# Install app dependencies
|
|
RUN ./script/write_dotenv && \
|
|
pip install pipenv uwsgi && \
|
|
PIPENV_VENV_IN_PROJECT=1 pipenv sync && \
|
|
yarn install && \
|
|
cp -rf ./node_modules/uswds/src/fonts ./static/ && \
|
|
yarn build
|
|
|
|
## NEW IMAGE
|
|
FROM python:3.7.3-alpine3.9
|
|
|
|
### Very low chance of changing
|
|
###############################
|
|
# Overridable default config
|
|
ARG APP_DIR=/opt/atat/atst
|
|
|
|
# Environment variables
|
|
ENV APP_DIR "${APP_DIR}"
|
|
|
|
# Create application directory
|
|
RUN set -x ; \
|
|
mkdir -p ${APP_DIR}
|
|
|
|
# Set working dir
|
|
WORKDIR ${APP_DIR}
|
|
|
|
# Add group
|
|
RUN addgroup -g 8000 -S "atat" && \
|
|
adduser -u 8010 -D -S -G "atat" "atst"
|
|
|
|
# Install basic Alpine packages
|
|
RUN apk update && \
|
|
apk --no-cache add \
|
|
dumb-init \
|
|
postgresql-client \
|
|
postgresql-dev \
|
|
postgresql-libs \
|
|
uwsgi-logfile
|
|
|
|
COPY --from=builder /install/.venv/ ./.venv/
|
|
COPY --from=builder /install/alembic/ ./alembic/
|
|
COPY --from=builder /install/alembic.ini .
|
|
COPY --from=builder /install/app.py .
|
|
COPY --from=builder /install/atst/ ./atst/
|
|
COPY --from=builder /install/celery_worker.py ./celery_worker.py
|
|
COPY --from=builder /install/config/ ./config/
|
|
COPY --from=builder /install/templates/ ./templates/
|
|
COPY --from=builder /install/translations.yaml .
|
|
COPY --from=builder /install/script/seed_roles.py ./script/seed_roles.py
|
|
COPY --from=builder /install/script/sync-crls ./script/sync-crls
|
|
COPY --from=builder /install/static/ ./static/
|
|
COPY --from=builder /install/uwsgi.ini .
|
|
COPY --from=builder /usr/local/bin/uwsgi /usr/local/bin/uwsgi
|
|
|
|
# Use dumb-init for proper signal handling
|
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
|
|
|
# Default command is to launch the server
|
|
CMD ["uwsgi", "--ini", "uwsgi.ini"]
|
|
|
|
RUN mkdir /var/run/uwsgi && \
|
|
chown -R atst:atat /var/run/uwsgi && \
|
|
chown -R atst:atat "${APP_DIR}"
|
|
|
|
# Run as the unprivileged APP user
|
|
USER atst
|