forked from sassanix/Warracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
151 lines (122 loc) · 5.5 KB
/
Dockerfile
File metadata and controls
151 lines (122 loc) · 5.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# syntax=docker/dockerfile:1.19.0@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6
# renovate: datasource=deb depName=build-essential
ARG BUILD_ESSENTIAL_VERSION=12.12
# renovate: datasource=deb depName=libpq-dev
ARG LIBPQ_DEV_VERSION=17.6-0+deb13u1
# renovate: datasource=deb depName=libcurl4-openssl-dev
ARG LIBCURL4_OPENSSL_DEV_VERSION=8.14.1-2
# renovate: datasource=deb depName=libssl-dev
ARG LIBSSL_DEV_VERSION=3.5.1-1+deb13u1
# renovate: datasource=deb depName=pkg-config
ARG PKG_CONFIG_VERSION=1.8.1-4
# renovate: datasource=deb depName=nginx
ARG NGINX_VERSION=1.26.3-3+deb13u1
# renovate: datasource=deb depName=supervisor
ARG SUPERVISOR_VERSION=4.2.5-3
# renovate: datasource=deb depName=postgresql-client
ARG POSTGRESQL_CLIENT_VERSION=17+278
# renovate: datasource=deb depName=gettext-base
ARG GETTEXT_BASE_VERSION=0.23.1-2
# renovate: datasource=deb depName=curl
ARG CURL_VERSION=8.14.1-2
# renovate: datasource=deb depName=ca-certificates
ARG CA_CERTIFICATES_VERSION=20250419
# renovate: datasource=deb depName=libpq5
ARG LIBPQ5_VERSION=17.6-0+deb13u1
# renovate: datasource=deb depName=libssl3t64
ARG LIBSSL3T64_VERSION=3.5.1-1+deb13u1
FROM python:3.13-slim-trixie@sha256:079601253d5d25ae095110937ea8cfd7403917b53b077870bccd8b026dc7c42f AS builder
ARG BUILD_ESSENTIAL_VERSION
ARG LIBPQ_DEV_VERSION
ARG LIBCURL4_OPENSSL_DEV_VERSION
ARG LIBSSL_DEV_VERSION
ARG PKG_CONFIG_VERSION
# Install build tools (only in builder stage)
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential=${BUILD_ESSENTIAL_VERSION} \
libpq-dev=${LIBPQ_DEV_VERSION} \
libcurl4-openssl-dev=${LIBCURL4_OPENSSL_DEV_VERSION} \
libssl-dev=${LIBSSL_DEV_VERSION} \
pkg-config=${PKG_CONFIG_VERSION} && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Upgrade pip
RUN pip install --no-cache-dir --upgrade pip
# Install Python dependencies (system-wide installation)
COPY backend/requirements.txt /tmp/requirements.txt
RUN pip install --no-cache-dir -r /tmp/requirements.txt
FROM python:3.13-slim-trixie@sha256:079601253d5d25ae095110937ea8cfd7403917b53b077870bccd8b026dc7c42f AS runtime
ARG NGINX_VERSION
ARG SUPERVISOR_VERSION
ARG POSTGRESQL_CLIENT_VERSION
ARG GETTEXT_BASE_VERSION
ARG CURL_VERSION
ARG CA_CERTIFICATES_VERSION
ARG LIBPQ5_VERSION
ARG LIBCURL4_OPENSSL_DEV_VERSION
ARG LIBSSL3T64_VERSION
# Metadata for final image
LABEL org.opencontainers.image.source="https://github.com/sassanix/Warracker"
LABEL org.opencontainers.image.description="Warracker - Warranty Tracker"
# Install runtime dependencies only
RUN apt-get update && \
apt-get install -y --no-install-recommends \
nginx=${NGINX_VERSION} \
supervisor=${SUPERVISOR_VERSION} \
postgresql-client=${POSTGRESQL_CLIENT_VERSION} \
gettext-base=${GETTEXT_BASE_VERSION} \
curl=${CURL_VERSION} \
ca-certificates=${CA_CERTIFICATES_VERSION} \
libpq5=${LIBPQ5_VERSION} \
libcurl4=${LIBCURL4_OPENSSL_DEV_VERSION} \
libssl3t64=${LIBSSL3T64_VERSION} && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Create non-root user with home directory
RUN groupadd -r -g 999 warracker && \
useradd -r -g warracker -u 999 -d /home/warracker -m -s /bin/bash warracker
# Copy Python dependencies from builder (copy entire /usr/local for version-agnostic)
COPY --from=builder /usr/local /usr/local
# Configure directories with proper permissions
RUN mkdir -p /app /var/www/html /var/log/supervisor /run/nginx && \
chown -R warracker:warracker /app /var/www/html /var/log/supervisor /run/nginx /home/warracker && \
chown -R warracker:warracker /var/log/nginx
# Set working directory
WORKDIR /app
# 1. Configuration and static files first (rarely change)
COPY --chown=warracker:warracker nginx.conf /etc/nginx/conf.d/default.conf.template
COPY --chown=warracker:warracker babel.cfg ./
# 2. Migration scripts and utilities
COPY --chown=warracker:warracker backend/fix_permissions.py backend/fix_permissions.sql ./
COPY --chown=warracker:warracker backend/migrations/ ./migrations/
# 3. Localization files
COPY --chown=warracker:warracker locales/ ./locales/
COPY --chown=warracker:warracker locales/ /var/www/html/locales/
# 4. Frontend (bundled in one instruction)
COPY --chown=warracker:warracker frontend/ /var/www/html/
# 5. Backend (bundled in one instruction)
COPY --chown=warracker:warracker backend/ ./backend/
COPY --chown=warracker:warracker backend/app.py backend/gunicorn_config.py ./
# Copy configuration files and scripts from Docker directory
COPY --chown=root:root Docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY --chown=warracker:warracker Docker/entrypoint.sh /app/entrypoint.sh
COPY --chown=root:root Docker/nginx-wrapper.sh /app/nginx-wrapper.sh
# Make scripts executable
RUN chmod +x /app/entrypoint.sh /app/nginx-wrapper.sh
# Additional environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
NGINX_MAX_BODY_SIZE_VALUE=32M
# Clean default nginx site
RUN rm -f /etc/nginx/sites-enabled/default
# Optimized health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost/api/health 2>/dev/null || curl -f http://localhost/ || exit 1
# Exposed port
EXPOSE 80
# Entry point and command
# ENTRYPOINT runs setup tasks then executes supervisor
# Supervisor needs to run as root to manage services with different users
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]