-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathDockerfile
More file actions
86 lines (71 loc) · 3.08 KB
/
Dockerfile
File metadata and controls
86 lines (71 loc) · 3.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
FROM registry.access.redhat.com/ubi9/ubi
ENV TZ=Europe/Madrid
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
# Runtime user (override with build args if needed)
ARG APP_UID=1212
ARG APP_GID=1212
ARG APP_SHELL=/sbin/nologin
ARG APP_INSTALL_PATH=/opt/relecov-platform
ENV APP_INSTALL_PATH=${APP_INSTALL_PATH}
# Updates
RUN dnf -y update
# Essential software
RUN dnf -y install \
git wget \
python3.11 python3.11-pip python3.11-devel python3.11-wheel \
gcc gcc-c++ make \
openssl-devel libffi-devel \
mariadb mariadb-connector-c-devel postgresql-devel \
httpd-devel \
rsync tzdata \
pkgconf-pkg-config \
&& dnf clean all
# Install supercronic (rootless-friendly cron runner)
RUN set -eux; \
SUPERCRONIC_VERSION="v0.2.38"; \
arch="$(uname -m)"; \
case "$arch" in \
x86_64) supercronic_arch="amd64" ;; \
aarch64) supercronic_arch="arm64" ;; \
*) echo "Unsupported architecture for supercronic: $arch" >&2; exit 1 ;; \
esac; \
supercronic_url="https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-linux-${supercronic_arch}"; \
if wget --tries=3 --waitretry=2 --retry-connrefused -q -O /usr/local/bin/supercronic "${supercronic_url}"; then \
chmod +x /usr/local/bin/supercronic; \
else \
rm -f /usr/local/bin/supercronic; \
echo "Unable to download supercronic from ${supercronic_url}. Continuing without cron support during this build."; \
fi
# Ensure python3 points to the desired version
RUN ln -sf /usr/bin/python3.11 /usr/bin/python3
# Set git repository
RUN mkdir /srv/relecov-platform
WORKDIR /srv/relecov-platform
# Copy the local git repository to docker image directory
COPY . /srv/relecov-platform/
ENV PATH="/usr/sbin/cron:$PATH"
RUN chmod +x /srv/relecov-platform/scripts/container_start.sh
# Set default install type
ARG INSTALL_TYPE=dep
ARG GIT_REVISION=main
ARG INSTALL_CONF=conf/docker_test_settings.txt
# Prepare dependencies and stage the application tree in the image so the
# container can restart without rerunning install-time file generation.
ENV SKIP_SYSTEM_PACKAGES=1
RUN /bin/bash install.sh --install dep --git_revision $GIT_REVISION --conf $INSTALL_CONF --skip_apache_restart
RUN /bin/bash install.sh --stage install --git_revision $GIT_REVISION --conf $INSTALL_CONF --skip_apache_restart
# Use the virtualenv created by install.sh
ENV PATH="${APP_INSTALL_PATH}/virtualenv/bin:${PATH}"
WORKDIR ${APP_INSTALL_PATH}
# Create non-root user and set ownership
RUN groupadd -g ${APP_GID} relecov-platform && \
useradd -m -u ${APP_UID} -g ${APP_GID} -s ${APP_SHELL} relecov-platform && \
mkdir -p ${APP_INSTALL_PATH}/cron ${APP_INSTALL_PATH}/tmp && \
chown -R ${APP_UID}:${APP_GID} ${APP_INSTALL_PATH} /srv/relecov-platform && \
chmod 700 ${APP_INSTALL_PATH}/cron ${APP_INSTALL_PATH}/tmp && \
git config --system --add safe.directory /srv/relecov-platform
# Expose
EXPOSE 8000
# Start the application once install.sh has populated /opt/relecov-platform.
USER relecov-platform
CMD ["/srv/relecov-platform/scripts/container_start.sh"]