-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
109 lines (91 loc) · 2.52 KB
/
Dockerfile
File metadata and controls
109 lines (91 loc) · 2.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#syntax=docker/dockerfile:1.4
FROM ubuntu:noble as builder
RUN <<EOT
set -ex
apt-get update -qy
apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
build-essential \
ca-certificates \
python3-setuptools \
python3.12-dev
EOT
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
ENV UV_LINK_MODE=copy \
UV_COMPILE_BYTECODE=1 \
UV_PYTHON_DOWNLOADS=never \
UV_PYTHON=python3.12 \
UV_PROJECT_ENVIRONMENT=/app
COPY pyproject.toml /_lock/
COPY uv.lock /_lock/
RUN --mount=type=cache,target=/root/.cache <<EOT
set -ex
cd /_lock
uv sync \
--locked \
--no-dev \
--no-install-project
EOT
COPY . /src
RUN --mount=type=cache,target=/root/.cache <<EOT
set -ex
uv pip install \
--python=$UV_PROJECT_ENVIRONMENT \
--no-deps \
/src
EOT
# ============================================================================ ##
FROM ubuntu:noble as runtime
# Include virtual environment in PATH
ENV PATH=/app/bin:$PATH
# Create the runtime user and group
RUN <<EOT
set -ex
groupadd -r tesseract
useradd --system --home /app --gid tesseract --no-user-group tesseract
EOT
ENTRYPOINT ["tini", "-v", "--", "/docker-entrypoint.sh"]
# See <https://hynek.me/articles/docker-signals/>.
STOPSIGNAL SIGINT
# Update OS packages, then clear APT cache and lists
RUN <<EOT
set -ex
apt-get update -qy
apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
ca-certificates \
tini \
python3.12 \
libpython3.12 \
libpcre3 \
libxml2 \
curl
apt-get clean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EOT
# Copy runtime files
COPY --chmod=755 docker-entrypoint.sh /
COPY --from=builder --chown=tesseract:tesseract /app /app
COPY --chown=tesseract:tesseract etc /app/etc
COPY --chown=tesseract:tesseract ./app.py /app/app.py
# Replace runtime user and cwd
USER tesseract
WORKDIR /app
# Tests to ensure correct configuration and permissions
RUN <<EOT
set -ex
# Print python version
python -V
# Print sys.path, https://docs.python.org/3/library/site.html#command-line-interface
python -Im site
# Ensure folders have correct permissions
python -Ic 'import os; assert os.access("/docker-entrypoint.sh", os.X_OK)'
python -Ic 'import os; assert os.access("/app", os.W_OK)'
python -Ic 'import os; assert os.access("/app/lib", os.R_OK)'
python -Ic 'import os; assert os.access("/app/etc", os.R_OK)'
python -Ic 'import datausa'
# Print dependency folder size
echo "The dependency folder is $(du -sh /app/lib | awk '{print $1}')"
EOT