-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (84 loc) · 2.85 KB
/
Dockerfile
File metadata and controls
104 lines (84 loc) · 2.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Build stage
FROM python:3.14.2-slim@sha256:1a3c6dbfd2173971abba880c3cc2ec4643690901f6ad6742d0827bae6cefc925 as builder
LABEL maintainer="ODL DevOps <mitx-devops@mit.edu>"
# Set environment variables for build
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Install build dependencies
WORKDIR /tmp
COPY apt.txt /tmp/apt.txt
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
$(grep -vE "^\s*#" apt.txt | tr "\n" " ") \
&& rm -rf /var/lib/apt/lists/* \
&& rm -f /tmp/apt.txt
# Add, and run as, non-root user.
RUN mkdir /src \
&& adduser --disabled-password --gecos "" --uid 1001 mitodl \
&& mkdir /var/media && chown -R mitodl:mitodl /var/media
# Install Python packages
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
UV_PROJECT_ENVIRONMENT="/opt/venv"
ENV PATH="/opt/venv/bin:$PATH"
# Install uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
COPY pyproject.toml uv.lock /src/
RUN mkdir -p /opt/venv && chown -R mitodl:mitodl /src /opt/venv
USER mitodl
WORKDIR /src
RUN uv sync --frozen --no-install-project
FROM node:24-slim AS node_builder
COPY . /src
WORKDIR /src
ENV NODE_ENV=production
RUN yarn install --immutable && yarn build
# Runtime stage
FROM python:3.14.2-slim@sha256:1a3c6dbfd2173971abba880c3cc2ec4643690901f6ad6742d0827bae6cefc925 as runtime
# Set environment variables for production
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
VIRTUAL_ENV="/opt/venv"
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Install only runtime dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
libxml2 \
libxslt1.1 \
libpq5 \
libxmlsec1 \
libxmlsec1-openssl \
libjpeg62-turbo \
zlib1g \
libmagic1 \
net-tools \
postgresql-client \
&& rm -rf /var/lib/apt/lists/*
# Copy uv binary from builder
COPY --from=builder /usr/local/bin/uv /usr/local/bin/uv
COPY --from=builder /usr/local/bin/uvx /usr/local/bin/uvx
# Add non-root user
RUN adduser --disabled-password --gecos "" --uid 1001 mitodl \
&& mkdir -p /src /var/media \
&& chown -R mitodl:mitodl /src /var/media
# Copy virtual environment from builder
COPY --from=builder --chown=mitodl:mitodl /opt/venv /opt/venv
# Add project
COPY --chown=mitodl:mitodl . /src
WORKDIR /src
RUN find /src -type f -name "*.py" -exec chmod 644 {} \; \
&& find /src -type d -exec chmod 755 {} \;
USER mitodl
EXPOSE 8043
ENV PORT=8043
CMD ["uwsgi", "uwsgi.ini"]
FROM runtime AS production
COPY --from=node_builder --chown=mitodl:mitodl /src/static /src/static
COPY --from=node_builder --chown=mitodl:mitodl /src/webpack-stats.json /src/webpack-stats.json
ARG GIT_REF
RUN echo "$GIT_REF" >> /src/static/hash.txt