This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
174 lines (126 loc) · 4.42 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
ARG BUILD_ARG_PYTHON_VERSION=3.7
FROM python:${BUILD_ARG_PYTHON_VERSION}-slim AS base
ARG BUILD_ARG_ASPELL_LANGUAGE="en"
ARG BUILD_ARG_CONTAINER_GID=1000
ARG BUILD_ARG_CONTAINER_UID=1000
LABEL maintainer="niall@niallbyrne.ca"
LABEL project="mmmm_cookies"
LABEL environment="stage1"
ENV PIB_CONFIG_FILE_LOCATION "/app/assets/cli.yml"
ENV PIB_DOCUMENTATION_ROOT "/app/documentation"
ENV PIB_PROJECT_NAME "mmmm_cookies"
ENV PROJECT_NAME "${PIB_PROJECT_NAME}"
ENV PROJECT_AUTHOR "Niall Byrne"
ENV PYTHONUNBUFFERED "1"
ENV VERSION_ASPELL "aspell-${BUILD_ARG_ASPELL_LANGUAGE}=*"
ENV VERSION_TOMLL "v1.9.4"
ENV VERSION_TRUFFLEHOG "3.20.0"
ENV VERSION_POETRY "poetry>=1.2.0"
# Mark Container
RUN echo "1.0.0" > /etc/container_pib_version && \
echo "mmmm_cookies" > /etc/container_release
# Install Base Dependencies
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y \
--no-install-recommends \
bash=5.* \
build-essential=12.* && \
rm -rf /var/lib/apt/lists/*
# Create the runtime user, and enforce permissions
RUN groupadd user -g "${BUILD_ARG_CONTAINER_GID}"
RUN useradd user -d /home/user \
-s /bin/bash \
-u "${BUILD_ARG_CONTAINER_UID}" \
-g "${BUILD_ARG_CONTAINER_GID}" \
-m
# Setup directories
RUN mkdir -p /app
RUN chown -R user:user /app
WORKDIR /app
# Include the local binary folder in PATH
ENV PATH "/home/user/.local/bin/:${PATH}"
# ======================================================
# Poetry Intermediary
FROM base AS poetry
LABEL environment="stage2"
# Install Poetry
# hadolint ignore=DL3013
RUN pip install --no-cache-dir "${VERSION_POETRY}" setuptools
# ======================================================
# Development Environment
FROM poetry AS development
LABEL environment="DEVELOPMENT"
ENV ENVIRONMENT DEVELOPMENT
# Install Dev Dependencies
# hadolint ignore=DL3008
RUN apt-get update && \
apt-get install -y \
--no-install-recommends \
"${VERSION_ASPELL}" \
curl=7.88.* \
fish=3.6.* \
jq=1.6* \
openssh-client=1:9.* \
shellcheck=0.9.* \
sudo=1.9.* \
tig=2.5.* \
vim=2:9.*
# Install tomll
COPY scripts/utilities/install_tomll_linux.sh .
RUN bash install_tomll_linux.sh && \
rm install_tomll_linux.sh
# Install Trufflehog
COPY scripts/utilities/install_trufflehog_linux.sh .
RUN bash install_trufflehog_linux.sh && \
rm install_trufflehog_linux.sh
# Add user to sudoers, and make the default user
RUN echo "user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Set the runtime user
USER user
# Copy the poetry configuration
COPY pyproject.toml *.lock /app/
# Cache Dependencies
RUN poetry install --no-root -E dev
# Copy the Codebase
COPY . /app
# Install the Application
RUN poetry install -E dev
# Create A Symlink For the Bash Customizations
RUN ln -sf /app/assets/.bash_customize /home/user/.bash_customize
# Enforce git repository permissions
USER root
RUN chown -R user:user /app
USER user
# Setup The Dev CLI, bootstrapping the current version of pib_cli
RUN poetry run dev @pib container setup
CMD ["bash", "-cl", "./mmmm_cookies/container_init.sh"]
# ======================================================
# Pre Production Environment
FROM poetry as pre_production
LABEL environment="PRE_PRODUCTION"
ENV ENVIRONMENT "PRE_PRODUCTION"
# Set the runtime user
USER user
# Copy the poetry configuration
COPY pyproject.toml *.lock /app/
# Export the lock file
RUN poetry export --without-hashes -f requirements.txt -o /app/requirements.txt
# ======================================================
# Production Environment
FROM base as production
LABEL environment="PRODUCTION"
ENV ENVIRONMENT "PRODUCTION"
# Set the runtime user
USER user
# Copy the requirements.txt file from pre_production
COPY --from=pre_production /app/requirements.txt /app/requirements.txt
# Install Production Packages Only
RUN pip --no-cache-dir install -r requirements.txt
# Copy the codebase
COPY . /app
# Enforce codebase permissions
USER root
RUN chown -R user:user /app
USER user
CMD ["./mmmm_cookies/container_init.sh"]