build: align Dockerfile with packer build and add docker-compose dev mounts
- Rebase Dockerfile onto almalinux9-base, install via uv tool install - Remove dev artifacts (remotes.yaml, ca-bundle.pem) from image - Mount gitignored dev files via docker-compose volumes instead - Add .dockerignore to keep secrets out of build context - Track docker-compose.yml in git (no secrets; dev files mounted as volumes)
This commit is contained in:
@@ -0,0 +1,15 @@
|
|||||||
|
.git/
|
||||||
|
.venv/
|
||||||
|
dist/
|
||||||
|
tests/
|
||||||
|
remotes.yaml
|
||||||
|
ca-bundle.pem
|
||||||
|
.env
|
||||||
|
*.log
|
||||||
|
docker-compose.yml
|
||||||
|
.woodpecker/
|
||||||
|
.tox/
|
||||||
|
.ruff_cache/
|
||||||
|
.pytest_cache/
|
||||||
|
.pre-commit-cache/
|
||||||
|
minio_data/
|
||||||
@@ -59,5 +59,4 @@ uv.lock
|
|||||||
minio_data/
|
minio_data/
|
||||||
|
|
||||||
# Local configuration overrides
|
# Local configuration overrides
|
||||||
docker-compose.yml
|
|
||||||
ca-bundle.pem
|
ca-bundle.pem
|
||||||
|
|||||||
@@ -0,0 +1,9 @@
|
|||||||
|
when:
|
||||||
|
- event: pull_request
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: docker-build
|
||||||
|
image: woodpeckerci/plugin-docker-buildx
|
||||||
|
settings:
|
||||||
|
repo: git.unkin.net/unkin/artifactapi
|
||||||
|
dry_run: true
|
||||||
@@ -6,3 +6,4 @@ steps:
|
|||||||
image: git.unkin.net/unkin/almalinux9-base:20260308
|
image: git.unkin.net/unkin/almalinux9-base:20260308
|
||||||
commands:
|
commands:
|
||||||
- uvx pre-commit run --all-files
|
- uvx pre-commit run --all-files
|
||||||
|
|
||||||
|
|||||||
+15
-45
@@ -1,53 +1,23 @@
|
|||||||
# Use Alpine Linux as base image
|
FROM git.unkin.net/unkin/almalinux9-base:latest
|
||||||
FROM python:3.11-alpine
|
|
||||||
|
|
||||||
# Set working directory
|
ARG VERSION=0.0.0.dev0
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
# Install system dependencies
|
COPY . /build
|
||||||
RUN apk add --no-cache \
|
|
||||||
gcc \
|
|
||||||
musl-dev \
|
|
||||||
libffi-dev \
|
|
||||||
postgresql-dev \
|
|
||||||
curl \
|
|
||||||
wget \
|
|
||||||
tar
|
|
||||||
|
|
||||||
# Install uv
|
RUN HATCH_VCS_PRETEND_VERSION=${VERSION} \
|
||||||
ARG PACKAGE_VERSION=0.9.21
|
SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION} \
|
||||||
RUN wget -O /app/uv-x86_64-unknown-linux-musl.tar.gz https://github.com/astral-sh/uv/releases/download/${PACKAGE_VERSION}/uv-x86_64-unknown-linux-musl.tar.gz && \
|
uv build --wheel --directory /build && \
|
||||||
tar xf /app/uv-x86_64-unknown-linux-musl.tar.gz -C /app && \
|
useradd -m -r -s /bin/sh appuser
|
||||||
mv /app/uv-x86_64-unknown-linux-musl/uv /usr/local/bin/uv && \
|
|
||||||
rm -rf /app/uv-x86_64-unknown-linux-musl* && \
|
|
||||||
chmod +x /usr/local/bin/uv && \
|
|
||||||
uv --version
|
|
||||||
|
|
||||||
# Create non-root user first
|
|
||||||
RUN adduser -D -s /bin/sh appuser && \
|
|
||||||
chown -R appuser:appuser /app
|
|
||||||
|
|
||||||
# Copy dependency files and change ownership
|
|
||||||
COPY --chown=appuser:appuser pyproject.toml uv.lock README.md ./
|
|
||||||
|
|
||||||
# Switch to appuser and install Python dependencies
|
|
||||||
USER appuser
|
USER appuser
|
||||||
ARG VERSION=dev
|
RUN uv tool install --from /build/dist/*.whl artifactapi
|
||||||
ENV HATCH_VCS_PRETEND_VERSION=${VERSION} \
|
|
||||||
SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION}
|
|
||||||
RUN uv sync --frozen
|
|
||||||
|
|
||||||
# Copy application source
|
USER root
|
||||||
COPY --chown=appuser:appuser src/ ./src/
|
RUN rm -rf /build
|
||||||
COPY --chown=appuser:appuser remotes.yaml ./
|
|
||||||
COPY --chown=appuser:appuser ca-bundle.pem ./
|
|
||||||
|
|
||||||
# Expose port
|
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:8000/health || exit 1
|
||||||
# Health check
|
USER appuser
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
ENV PATH="/home/appuser/.local/bin:$PATH"
|
||||||
CMD curl -f http://localhost:8000/health || exit 1
|
WORKDIR /app
|
||||||
|
CMD ["artifactapi"]
|
||||||
# Run the application
|
|
||||||
CMD ["uv", "run", "python", "-m", "src.artifactapi.main"]
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
.PHONY: build install dev clean test lint format pre-commit tox docker-build docker-up docker-down docker-logs docker-rebuild docker-clean docker-restart
|
.PHONY: build install dev clean test lint format pre-commit tox docker-build docker-up docker-down docker-logs docker-rebuild docker-clean docker-restart
|
||||||
|
|
||||||
build:
|
build:
|
||||||
docker build --no-cache -t artifactapi:latest .
|
docker build -t artifactapi:dev .
|
||||||
|
|
||||||
install: build
|
install: build
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,91 @@
|
|||||||
|
version: '3.8'
|
||||||
|
|
||||||
|
services:
|
||||||
|
artifactapi:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
args:
|
||||||
|
- VERSION=dev
|
||||||
|
ports:
|
||||||
|
- "8000:8000"
|
||||||
|
volumes:
|
||||||
|
- ./remotes.yaml:/app/remotes.yaml:ro
|
||||||
|
- ./ca-bundle.pem:/app/ca-bundle.pem:ro
|
||||||
|
environment:
|
||||||
|
- CONFIG_PATH=/app/remotes.yaml
|
||||||
|
- DBHOST=postgres
|
||||||
|
- DBPORT=5432
|
||||||
|
- DBUSER=artifacts
|
||||||
|
- DBPASS=artifacts123
|
||||||
|
- DBNAME=artifacts
|
||||||
|
- REDIS_URL=redis://redis:6379
|
||||||
|
- MINIO_ENDPOINT=minio:9000
|
||||||
|
- MINIO_ACCESS_KEY=minioadmin
|
||||||
|
- MINIO_SECRET_KEY=minioadmin
|
||||||
|
- MINIO_BUCKET=artifacts
|
||||||
|
- MINIO_SECURE=false
|
||||||
|
- REQUESTS_CA_BUNDLE=/app/ca-bundle.pem
|
||||||
|
depends_on:
|
||||||
|
postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
minio:
|
||||||
|
condition: service_healthy
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
minio:
|
||||||
|
image: minio/minio:latest
|
||||||
|
ports:
|
||||||
|
- "9000:9000"
|
||||||
|
- "9001:9001"
|
||||||
|
environment:
|
||||||
|
MINIO_ROOT_USER: minioadmin
|
||||||
|
MINIO_ROOT_PASSWORD: minioadmin
|
||||||
|
command: server /data --console-address ":9001"
|
||||||
|
volumes:
|
||||||
|
- minio_data:/data
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 20s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:7-alpine
|
||||||
|
ports:
|
||||||
|
- "6379:6379"
|
||||||
|
volumes:
|
||||||
|
- redis_data:/data
|
||||||
|
command: redis-server --save 20 1
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "redis-cli", "ping"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:15-alpine
|
||||||
|
ports:
|
||||||
|
- "5432:5432"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: artifacts
|
||||||
|
POSTGRES_USER: artifacts
|
||||||
|
POSTGRES_PASSWORD: artifacts123
|
||||||
|
volumes:
|
||||||
|
- postgres_data:/var/lib/postgresql/data
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U artifacts -d artifacts"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
minio_data:
|
||||||
|
redis_data:
|
||||||
|
postgres_data:
|
||||||
Reference in New Issue
Block a user