/
Dockerfile
144 lines (129 loc) Β· 5.65 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
##### Important information for maintaining this Dockerfile ########################################
# Read the docs/topics/development/docker.md file for more information about this Dockerfile.
####################################################################################################
FROM python:3.10-slim-bookworm as base
# Should change it to use ARG instead of ENV for OLYMPIA_UID/OLYMPIA_GID
# once the jenkins server is upgraded to support docker >= v1.9.0
ENV OLYMPIA_UID=9500 \
OLYMPIA_GID=9500
RUN groupadd -g ${OLYMPIA_GID} olympia && useradd -u ${OLYMPIA_UID} -g ${OLYMPIA_GID} -s /sbin/nologin -d /data/olympia olympia
# Add support for https apt repos and gpg signed repos
RUN apt-get update && apt-get install -y \
apt-transport-https \
gnupg2 \
&& rm -rf /var/lib/apt/lists/*
# Add keys and repos for node and mysql
COPY docker/*.gpg.key /etc/pki/gpg/
RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn \
apt-key add /etc/pki/gpg/nodesource.gpg.key \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn \
apt-key add /etc/pki/gpg/mysql.gpg.key
COPY docker/*.list /etc/apt/sources.list.d/
# Allow scripts to detect we're running in our own container and install
# packages.
RUN touch /addons-server-docker-container \
&& apt-get update && apt-get install -y \
# General (dev-) dependencies
bash-completion \
build-essential \
curl \
libjpeg-dev \
libsasl2-dev \
libxml2-dev \
libxslt-dev \
locales \
zlib1g-dev \
libffi-dev \
libssl-dev \
nodejs \
# Git, because we're using git-checkout dependencies
git \
# Dependencies for mysql-python (from mysql apt repo, not debian)
pkg-config \
mysql-client \
libmysqlclient-dev \
swig \
gettext \
# Use rsvg-convert to render our static theme previews
librsvg2-bin \
# Use pngcrush to optimize the PNGs uploaded by developers
pngcrush \
&& rm -rf /var/lib/apt/lists/*
# Add our custom mime types (required for for ts/json/md files)
ADD docker/etc/mime.types /etc/mime.types
# Compile required locale
RUN localedef -i en_US -f UTF-8 en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOME /data/olympia
# version.json is overwritten by CircleCI (see circle.yml).
# The pipeline v2 standard requires the existence of /app/version.json
# inside the docker image, thus it's copied there.
COPY version.json /app/version.json
WORKDIR ${HOME}
# give olympia access to the HOME directory
RUN chown -R olympia:olympia ${HOME}
# Set up directories and links that we'll need later, before switching to the
# olympia user.
RUN mkdir /deps \
&& chown -R olympia:olympia /deps \
&& rm -rf ${HOME}/src/olympia.egg-info \
&& mkdir -p ${HOME}/src/olympia.egg-info \
&& chown olympia:olympia ${HOME}/src/olympia.egg-info \
# For backwards-compatibility purposes, set up links to uwsgi. Note that
# the target doesn't exist yet at this point, but it will later.
&& ln -s /deps/bin/uwsgi /usr/bin/uwsgi \
&& ln -s /usr/bin/uwsgi /usr/sbin/uwsgi
USER olympia:olympia
# Install all dependencies, and add symlink for old uwsgi binary paths
ENV PIP_USER=true
ENV PIP_BUILD=/deps/build/
ENV PIP_CACHE_DIR=/deps/cache/
ENV PIP_SRC=/deps/src/
ENV PYTHONUSERBASE=/deps
ENV PATH $PYTHONUSERBASE/bin:$PATH
ENV NPM_CONFIG_PREFIX=/deps/
ENV NPM_CACHE_DIR=/deps/cache/npm
ENV NPM_DEBUG=true
RUN \
# Files needed to run the make command
--mount=type=bind,source=Makefile,target=${HOME}/Makefile \
--mount=type=bind,source=Makefile-docker,target=${HOME}/Makefile-docker \
# Files required to install pip dependencies
--mount=type=bind,source=setup.py,target=${HOME}/setup.py \
--mount=type=bind,source=./requirements,target=${HOME}/requirements \
# Files required to install npm dependencies
--mount=type=bind,source=package.json,target=${HOME}/package.json \
--mount=type=bind,source=package-lock.json,target=${HOME}/package-lock.json \
# Mounts for caching dependencies
--mount=type=cache,target=${PIP_CACHE_DIR},uid=${OLYMPIA_UID},gid=${OLYMPIA_GID} \
--mount=type=cache,target=${NPM_CACHE_DIR},uid=${OLYMPIA_UID},gid=${OLYMPIA_GID} \
# Command to install dependencies
ln -s ${HOME}/package.json /deps/package.json \
&& ln -s ${HOME}/package-lock.json /deps/package-lock.json \
&& make update_deps_prod
FROM base as builder
ARG LOCALE_DIR=${HOME}/locale
# Compile locales
# Copy the locale files from the host so it is writable by the olympia user
COPY --chown=olympia:olympia locale ${LOCALE_DIR}
# Copy the executable individually to improve the cache validity
RUN --mount=type=bind,source=locale/compile-mo.sh,target=${HOME}/compile-mo.sh \
${HOME}/compile-mo.sh ${LOCALE_DIR}
FROM base as final
# Only copy our source files after we have installed all dependencies
# TODO: split this into a separate stage to make even blazingly faster
WORKDIR ${HOME}
# Copy compiled locales from builder
COPY --from=builder --chown=olympia:olympia ${HOME}/locale ${HOME}/locale
# Copy the rest of the source files from the host
COPY --chown=olympia:olympia . ${HOME}
# Finalize the build
# TODO: We should move update_assets to the `builder` stage once we can efficiently
# Run that command without having to copy the whole source code
# This will shave nearly 1 minute off the best case build time
RUN echo "from olympia.lib.settings_base import *" > settings_local.py \
&& DJANGO_SETTINGS_MODULE="settings_local" make update_assets \
&& make prune_deps \
&& ./scripts/generate_build.py > build.py \
&& rm -f settings_local.py settings_local.pyc