Skip to content
Permalink
master
Switch branches/tags
Go to file
Co-authored-by: Chad Whitacre <chadwhitacre@sentry.io>
11 contributors

Users who have contributed to this file

@joshuarli @wedamija @scefali @mattrobenolt @aminvakil @glensc @evanpurkhiser @chadwhitacre @BYK @armenzg @filesnate
FROM python:3.8.12-slim-bullseye
LABEL maintainer="oss@sentry.io"
LABEL org.opencontainers.image.title="Sentry"
LABEL org.opencontainers.image.description="Sentry runtime image"
LABEL org.opencontainers.image.url="https://sentry.io/"
LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/"
LABEL org.opencontainers.image.vendor="Functional Software, Inc."
LABEL org.opencontainers.image.authors="oss@sentry.io"
# add our user and group first to make sure their IDs get assigned consistently
RUN groupadd -r sentry && useradd -r -m -g sentry sentry
ENV GOSU_VERSION=1.12 \
GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \
TINI_VERSION=0.19.0 \
TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c
RUN set -x \
&& buildDeps=" \
wget \
" \
&& apt-get update && apt-get install -y --no-install-recommends $buildDeps \
&& rm -rf /var/lib/apt/lists/* \
# grab gosu for easy step-down from root
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \
&& echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \
&& chmod +x /usr/local/bin/gosu \
# grab tini for signal processing and zombie killing
&& wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \
&& echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \
&& chmod +x /usr/local/bin/tini \
&& apt-get purge -y --auto-remove $buildDeps
# Sane defaults for pip
ENV \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
# Sentry config params
SENTRY_CONF=/etc/sentry \
# Disable some unused uWSGI features, saving dependencies
# Thank to https://stackoverflow.com/a/25260588/90297
UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \
# UWSGI dogstatsd plugin
UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \
# grpcio>1.30.0 requires this, see requirements.txt for more detail.
GRPC_POLL_STRATEGY=epoll1
# Copy and install dependencies first to leverage Docker layer caching.
COPY /dist/requirements.txt /tmp/dist/requirements.txt
RUN set -x \
&& buildDeps="" \
# uwsgi
&& buildDeps="$buildDeps \
gcc \
wget \
" \
# maxminddb
&& buildDeps="$buildDeps \
libmaxminddb-dev \
"\
# xmlsec
&& buildDeps="$buildDeps \
libxmlsec1-dev \
pkg-config \
" \
&& apt-get update \
&& apt-get install -y --no-install-recommends $buildDeps \
&& pip install -r /tmp/dist/requirements.txt \
&& mkdir /tmp/uwsgi-dogstatsd \
&& wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \
tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \
&& UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \
&& mkdir -p /var/lib/uwsgi \
&& mv dogstatsd_plugin.so /var/lib/uwsgi/ \
&& rm -rf /tmp/dist /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \
&& apt-get purge -y --auto-remove $buildDeps \
# We install run-time dependencies strictly after
# build dependencies to prevent accidental collusion.
# These are also installed last as they are needed
# during container run and can have the same deps w/
# build deps such as maxminddb.
&& apt-get install -y --no-install-recommends \
# pillow
libjpeg-dev \
# rust bindings
libffi-dev \
# maxminddb bindings
libmaxminddb-dev \
# SAML needs these run-time
libxmlsec1-dev \
libxslt-dev \
# pyyaml needs this run-time
libyaml-dev \
# other
pkg-config \
\
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
# Fully verify that the C extension is correctly installed, it unfortunately
# requires a full check into maxminddb.extension.Reader
&& python -c 'import maxminddb.extension; maxminddb.extension.Reader' \
&& mkdir -p $SENTRY_CONF
COPY /dist/*.whl /tmp/dist/
RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist
RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt
COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/
COPY ./docker/docker-entrypoint.sh /
EXPOSE 9000
VOLUME /data
ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@"
CMD ["run", "web"]
ARG SOURCE_COMMIT
ENV SENTRY_BUILD=${SOURCE_COMMIT:-unknown}
LABEL org.opencontainers.image.revision=$SOURCE_COMMIT
LABEL org.opencontainers.image.source="https://github.com/getsentry/sentry/tree/${SOURCE_COMMIT:-master}/"
LABEL org.opencontainers.image.licenses="https://github.com/getsentry/sentry/blob/${SOURCE_COMMIT:-master}/LICENSE"