-
Notifications
You must be signed in to change notification settings - Fork 84
/
Dockerfile
61 lines (48 loc) · 2.08 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# This Dockerfile installs Sydent from source, which is assumed to be in the current
# working directory. The resulting image contains a single "sydent" user, and populates
# their home area with "src" and "venv" directories. The entrypoint runs Sydent,
# listening on port 8090.
#
# Users must provide a persistent volume available to the container as `/data`. This
# will contain Sydent's configuration and database. A blank configuration and database
# file is created the first time Sydent runs.
# Step 1: install dependencies
FROM docker.io/python:3.8-slim-bookworm as builder
# Add user sydent
RUN addgroup --system --gid 993 sydent \
&& useradd -m --system --uid 993 -g sydent sydent
USER sydent:sydent
# Install poetry
RUN pip install --user poetry==1.2.2
# Copy source code and resources
WORKDIR /home/sydent/src
COPY --chown=sydent:sydent ["res", "res"]
COPY --chown=sydent:sydent ["scripts", "scripts"]
COPY --chown=sydent:sydent ["sydent", "sydent"]
COPY --chown=sydent:sydent ["README.rst", "pyproject.toml", "poetry.lock", "./"]
# Install dependencies
RUN python -m poetry install --no-dev --no-interaction --extras "prometheus sentry"
# Record dependencies for posterity
RUN python -m poetry export -o requirements.txt
# Make the virtualenv accessible for the final image
RUN ln -s $(python -m poetry env info -p) /home/sydent/venv
# Nuke bytecode files to keep the final image slim.
RUN find /home/sydent/venv -type f -name '*.pyc' -delete
# Step 2: Create runtime image
FROM docker.io/python:3.8-slim-bookworm
# Add user sydent and create /data directory
RUN addgroup --system --gid 993 sydent \
&& useradd -m --system --uid 993 -g sydent sydent \
&& mkdir /data \
&& chown sydent:sydent /data
# Copy sydent and the virtualenv
COPY --from=builder ["/home/sydent/src", "/home/sydent/src"]
COPY --from=builder ["/home/sydent/venv", "/home/sydent/venv"]
ENV SYDENT_CONF=/data/sydent.conf
ENV SYDENT_PID_FILE=/data/sydent.pid
ENV SYDENT_DB_PATH=/data/sydent.db
WORKDIR /home/sydent
USER sydent:sydent
VOLUME ["/data"]
EXPOSE 8090/tcp
CMD [ "venv/bin/python", "-m", "sydent.sydent" ]