Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Chad Whitacre <chadwhitacre@sentry.io>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM python:3.8.12-slim-bullseye | |
| LABEL maintainer="oss@sentry.io" | |
| LABEL org.opencontainers.image.title="Sentry" | |
| LABEL org.opencontainers.image.description="Sentry runtime image" | |
| LABEL org.opencontainers.image.url="https://sentry.io/" | |
| LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/" | |
| LABEL org.opencontainers.image.vendor="Functional Software, Inc." | |
| LABEL org.opencontainers.image.authors="oss@sentry.io" | |
| # add our user and group first to make sure their IDs get assigned consistently | |
| RUN groupadd -r sentry && useradd -r -m -g sentry sentry | |
| ENV GOSU_VERSION=1.12 \ | |
| GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ | |
| TINI_VERSION=0.19.0 \ | |
| TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c | |
| RUN set -x \ | |
| && buildDeps=" \ | |
| wget \ | |
| " \ | |
| && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ | |
| && rm -rf /var/lib/apt/lists/* \ | |
| # grab gosu for easy step-down from root | |
| && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ | |
| && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ | |
| && chmod +x /usr/local/bin/gosu \ | |
| # grab tini for signal processing and zombie killing | |
| && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ | |
| && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ | |
| && chmod +x /usr/local/bin/tini \ | |
| && apt-get purge -y --auto-remove $buildDeps | |
| # Sane defaults for pip | |
| ENV \ | |
| PIP_NO_CACHE_DIR=1 \ | |
| PIP_DISABLE_PIP_VERSION_CHECK=1 \ | |
| # Sentry config params | |
| SENTRY_CONF=/etc/sentry \ | |
| # Disable some unused uWSGI features, saving dependencies | |
| # Thank to https://stackoverflow.com/a/25260588/90297 | |
| UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ | |
| # UWSGI dogstatsd plugin | |
| UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ | |
| # grpcio>1.30.0 requires this, see requirements.txt for more detail. | |
| GRPC_POLL_STRATEGY=epoll1 | |
| # Copy and install dependencies first to leverage Docker layer caching. | |
| COPY /dist/requirements.txt /tmp/dist/requirements.txt | |
| RUN set -x \ | |
| && buildDeps="" \ | |
| # uwsgi | |
| && buildDeps="$buildDeps \ | |
| gcc \ | |
| wget \ | |
| " \ | |
| # maxminddb | |
| && buildDeps="$buildDeps \ | |
| libmaxminddb-dev \ | |
| "\ | |
| # xmlsec | |
| && buildDeps="$buildDeps \ | |
| libxmlsec1-dev \ | |
| pkg-config \ | |
| " \ | |
| && apt-get update \ | |
| && apt-get install -y --no-install-recommends $buildDeps \ | |
| && pip install -r /tmp/dist/requirements.txt \ | |
| && mkdir /tmp/uwsgi-dogstatsd \ | |
| && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ | |
| tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ | |
| && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ | |
| && mkdir -p /var/lib/uwsgi \ | |
| && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ | |
| && rm -rf /tmp/dist /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ | |
| && apt-get purge -y --auto-remove $buildDeps \ | |
| # We install run-time dependencies strictly after | |
| # build dependencies to prevent accidental collusion. | |
| # These are also installed last as they are needed | |
| # during container run and can have the same deps w/ | |
| # build deps such as maxminddb. | |
| && apt-get install -y --no-install-recommends \ | |
| # pillow | |
| libjpeg-dev \ | |
| # rust bindings | |
| libffi-dev \ | |
| # maxminddb bindings | |
| libmaxminddb-dev \ | |
| # SAML needs these run-time | |
| libxmlsec1-dev \ | |
| libxslt-dev \ | |
| # pyyaml needs this run-time | |
| libyaml-dev \ | |
| # other | |
| pkg-config \ | |
| \ | |
| && apt-get clean \ | |
| && rm -rf /var/lib/apt/lists/* \ | |
| # Fully verify that the C extension is correctly installed, it unfortunately | |
| # requires a full check into maxminddb.extension.Reader | |
| && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ | |
| && mkdir -p $SENTRY_CONF | |
| COPY /dist/*.whl /tmp/dist/ | |
| RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist | |
| RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt | |
| COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ | |
| COPY ./docker/docker-entrypoint.sh / | |
| EXPOSE 9000 | |
| VOLUME /data | |
| ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" | |
| CMD ["run", "web"] | |
| ARG SOURCE_COMMIT | |
| ENV SENTRY_BUILD=${SOURCE_COMMIT:-unknown} | |
| LABEL org.opencontainers.image.revision=$SOURCE_COMMIT | |
| LABEL org.opencontainers.image.source="https://github.com/getsentry/sentry/tree/${SOURCE_COMMIT:-master}/" | |
| LABEL org.opencontainers.image.licenses="https://github.com/getsentry/sentry/blob/${SOURCE_COMMIT:-master}/LICENSE" |