253cc29c56
For local development, we symlink the USWDS fonts from the npm installed copy into our static directory. This causes problems for the Docker build because it is not expecting to find a pre-existing "static/fonts" directory. This forcibly removes any existing "static/fonts" directory to fix the issue.
104 lines
2.5 KiB
Docker
104 lines
2.5 KiB
Docker
FROM python:3.7.3-alpine3.9 AS builder
|
|
|
|
ARG CSP
|
|
ENV TZ UTC
|
|
|
|
RUN mkdir -p /install/.venv
|
|
WORKDIR /install
|
|
|
|
# Install basic Alpine packages
|
|
RUN apk update && \
|
|
apk --no-cache add \
|
|
build-base \
|
|
curl \
|
|
ca-certificates \
|
|
docker \
|
|
git \
|
|
gzip \
|
|
libffi \
|
|
libffi-dev \
|
|
libsass \
|
|
libsass-dev \
|
|
linux-headers \
|
|
nodejs \
|
|
openssh-client \
|
|
openssl \
|
|
openssl-dev \
|
|
pcre-dev \
|
|
postgresql-dev \
|
|
rsync \
|
|
sudo \
|
|
tar \
|
|
util-linux \
|
|
yarn
|
|
|
|
COPY . .
|
|
|
|
# Install app dependencies
|
|
RUN ./script/write_dotenv && \
|
|
pip install pipenv uwsgi && \
|
|
PIPENV_VENV_IN_PROJECT=1 pipenv sync && \
|
|
yarn install && \
|
|
rm -r ./static/fonts/ &> /dev/null || true && \
|
|
cp -rf ./node_modules/uswds/src/fonts ./static/ && \
|
|
yarn build
|
|
|
|
## NEW IMAGE
|
|
FROM python:3.7.3-alpine3.9
|
|
|
|
### Very low chance of changing
|
|
###############################
|
|
# Overridable default config
|
|
ARG APP_DIR=/opt/atat/atst
|
|
|
|
# Environment variables
|
|
ENV APP_DIR "${APP_DIR}"
|
|
|
|
# Create application directory
|
|
RUN set -x ; \
|
|
mkdir -p ${APP_DIR}
|
|
|
|
# Set working dir
|
|
WORKDIR ${APP_DIR}
|
|
|
|
# Add group
|
|
RUN addgroup -g 8000 -S "atat" && \
|
|
adduser -u 8010 -D -S -G "atat" "atst"
|
|
|
|
# Install basic Alpine packages
|
|
RUN apk update && \
|
|
apk --no-cache add \
|
|
dumb-init \
|
|
postgresql-client \
|
|
postgresql-dev \
|
|
postgresql-libs \
|
|
uwsgi-logfile
|
|
|
|
COPY --from=builder /install/.venv/ ./.venv/
|
|
COPY --from=builder /install/alembic/ ./alembic/
|
|
COPY --from=builder /install/alembic.ini .
|
|
COPY --from=builder /install/app.py .
|
|
COPY --from=builder /install/atst/ ./atst/
|
|
COPY --from=builder /install/celery_worker.py ./celery_worker.py
|
|
COPY --from=builder /install/config/ ./config/
|
|
COPY --from=builder /install/templates/ ./templates/
|
|
COPY --from=builder /install/translations.yaml .
|
|
COPY --from=builder /install/script/seed_roles.py ./script/seed_roles.py
|
|
COPY --from=builder /install/script/sync-crls ./script/sync-crls
|
|
COPY --from=builder /install/static/ ./static/
|
|
COPY --from=builder /install/uwsgi.ini .
|
|
COPY --from=builder /usr/local/bin/uwsgi /usr/local/bin/uwsgi
|
|
|
|
# Use dumb-init for proper signal handling
|
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
|
|
|
# Default command is to launch the server
|
|
CMD ["uwsgi", "--ini", "uwsgi.ini"]
|
|
|
|
RUN mkdir /var/run/uwsgi && \
|
|
chown -R atst:atat /var/run/uwsgi && \
|
|
chown -R atst:atat "${APP_DIR}"
|
|
|
|
# Run as the unprivileged APP user
|
|
USER atst
|