-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
108 lines (80 loc) · 2.42 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
FROM python:3.10.4-alpine3.14 AS compiler
WORKDIR /usr/src/app
RUN apk add --no-cache \
gcc \
g++ \
musl-dev \
python3-dev \
jpeg-dev \
openjpeg-dev \
zlib-dev \
libffi-dev \
openssl-dev \
pango-dev \
shared-mime-info
RUN addgroup -S pdf_service_group && \
adduser --uid 1001 -S pdf_service_user -G pdf_service_group && \
chown pdf_service_user .
USER pdf_service_user
RUN pip install --user --no-cache-dir gunicorn
COPY requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt
FROM python:3.10.4-alpine3.14 AS builder
WORKDIR /usr/src/app
RUN apk add --no-cache \
musl \
python3 \
jpeg \
openjpeg \
zlib \
libffi \
openssl \
pango \
# fonts
ttf-opensans \
ttf-dejavu \
font-noto-emoji \
ghostscript-fonts \
# Used as the entrypoint
tini \
# curl is needed for the status check
curl
RUN addgroup -S pdf_service_group && \
adduser --uid 1001 -S pdf_service_user -G pdf_service_group && \
chown pdf_service_user .
USER pdf_service_user
COPY --from=compiler /home/pdf_service_user/.local/ /home/pdf_service_user/.local/
ENV PATH="/home/pdf_service_user/.local/bin:${PATH}"
ENV PYTHONPATH="/home/pdf_service_user/.local/lib/python3.9/site-packages:${PYTHONPATH}"
# FROM alpine:3.14 AS production_sourcer
# Copy files needed for production image into this step and then copy into a single layer in prod
# image.
# ADD pdf_service .
# ADD
FROM builder AS testing
# Testing stage only for local testing, edit ci.yml test job accordingly.
USER root
RUN apk add --no-cache \
openssl-dev \
cargo \
poppler-utils \
poppler-dev \
# For codecov uploader
bash
USER pdf_service_user
ADD requirements-dev.txt .
RUN pip install --user --no-cache-dir -r requirements-dev.txt
RUN mkdir -p /usr/src/app/coverage
VOLUME /usr/src/app/coverage
COPY . .
ARG GITHUB_SHA
ENV SENTRY_RELEASE=$GITHUB_SHA
FROM builder AS production
# Named stage so it can be optimized in the future. (Stage name is referenced by CI build script.)
COPY pdf_service ./pdf_service
ARG GITHUB_SHA
ENV SENTRY_RELEASE=$GITHUB_SHA
ENV WORKER_COUNT=4
HEALTHCHECK --interval=2s --timeout=2s --retries=5 --start-period=2s CMD curl --fail http://localhost:8080/health || exit 1
CMD tini gunicorn -w $WORKER_COUNT -t 0 -b 0.0.0.0:8080 pdf_service:pdf_service
EXPOSE 8080