From 53069bd6d174c9714a556990ba604d62dad84e75 Mon Sep 17 00:00:00 2001 From: Tobias Macey Date: Fri, 4 Apr 2025 12:50:22 -0400 Subject: [PATCH] build: Improve Docker image and add version in hash.txt In https://github.com/mitodl/release-script/pull/400 Doof gains the ability to parse versions. This adds the necessary information in the hash.txt to allow Doof to properly detect production deployments of this app. --- .pre-commit-config.yaml | 5 +++ Dockerfile | 70 +++++++++++++++++------------------------ 2 files changed, 34 insertions(+), 41 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 02158309..6ab400c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,6 +7,7 @@ ci: # Because these are local hooks it seems like they won't easily run in pre-commit CI - eslint - style-lint + - hadolint-docker repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 @@ -89,3 +90,7 @@ repos: hooks: - id: shellcheck args: ["--severity=warning"] + - repo: https://github.com/hadolint/hadolint + rev: v2.12.0 + hooks: + - id: hadolint-docker diff --git a/Dockerfile b/Dockerfile index f65cb099..6fad0f6a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,34 @@ +# hadolint global ignore=DL3008,SC2046 FROM python:3.13.2 -LABEL maintainer "ODL DevOps " +LABEL org.opencontainers.image.authors="ODL DevOps " + +# Set shell to bash with pipefail +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Add package files, install updated node and pip WORKDIR /tmp # Install packages COPY apt.txt /tmp/apt.txt -RUN apt-get update -RUN apt-get install -y $(grep -vE "^\s*#" apt.txt | tr "\n" " ") -RUN apt-get update && apt-get install libpq-dev postgresql-client -y - -# pip -RUN curl --silent --location https://bootstrap.pypa.io/get-pip.py | python3 - +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libpq-dev \ + postgresql-client \ + $(grep -vE '^\s*#' apt.txt | tr '\n' ' ') \ + && apt-get clean \ + && apt-get purge \ + && rm -rf /var/lib/apt/lists/* # Add, and run as, non-root user. -RUN mkdir /src -RUN adduser --disabled-password --gecos "" mitodl -RUN mkdir /var/media && chown -R mitodl:mitodl /var/media +RUN mkdir /src \ + && adduser --disabled-password --gecos "" mitodl \ + && mkdir /var/media && chown -R mitodl:mitodl /var/media ## Set some poetry config ENV \ - POETRY_VERSION=1.7.1 \ + PYTHON_UNBUFFERED=1 \ + POETRY_VERSION=1.8.5 \ POETRY_VIRTUALENVS_CREATE=true \ POETRY_CACHE_DIR='/tmp/cache/poetry' \ POETRY_HOME='/home/mitodl/.local' \ @@ -28,23 +36,19 @@ ENV \ ENV PATH="$VIRTUAL_ENV/bin:$POETRY_HOME/bin:$PATH" # Install poetry -RUN pip install "poetry==$POETRY_VERSION" +RUN pip install --no-cache-dir "poetry==$POETRY_VERSION" COPY pyproject.toml /src COPY poetry.lock /src -RUN chown -R mitodl:mitodl /src -RUN mkdir ${VIRTUAL_ENV} && chown -R mitodl:mitodl ${VIRTUAL_ENV} +RUN chown -R mitodl:mitodl /src && \ + mkdir ${VIRTUAL_ENV} && \ + chown -R mitodl:mitodl ${VIRTUAL_ENV} ## Install poetry itself, and pre-create a venv with predictable name USER mitodl -RUN curl -sSL https://install.python-poetry.org \ - | \ - POETRY_VERSION=${POETRY_VERSION} \ - POETRY_HOME=${POETRY_HOME} \ - python3 -q WORKDIR /src -RUN python3 -m venv $VIRTUAL_ENV -RUN poetry install +RUN python3 -m venv $VIRTUAL_ENV && \ + poetry install # Add project USER root @@ -53,28 +57,12 @@ WORKDIR /src # Generate commit hash file ARG GIT_REF -RUN mkdir -p /src/static -RUN echo $GIT_REF >> /src/static/hash.txt - -# Run collectstatic -ENV DATABASE_URL="postgres://postgres:postgres@localhost:5433/postgres" -ENV MITOL_SECURE_SSL_REDIRECT="False" -ENV MITOL_DB_DISABLE_SSL="True" -ENV MITOL_FEATURES_DEFAULT="True" -ENV CELERY_TASK_ALWAYS_EAGER="True" -ENV CELERY_BROKER_URL="redis://localhost:6379/4" -ENV CELERY_RESULT_BACKEND="redis://localhost:6379/4" -ENV MITOL_APP_BASE_URL="http://localhost:8002/" -ENV MAILGUN_KEY="fake_mailgun_key" -ENV MAILGUN_SENDER_DOMAIN="other.fake.site" -ENV MITOL_COOKIE_DOMAIN="localhost" -ENV MITOL_COOKIE_NAME="cookie_monster" -RUN python3 manage.py collectstatic --noinput --clear - -RUN apt-get clean && apt-get purge +ARG RELEASE_VERSION +RUN mkdir -p /src/static \ + && echo "{\"version\": \"$RELEASE_VERSION\", \"hash\": \"$GIT_REF\"}" >> /src/static/hash.txt USER mitodl EXPOSE 8888 EXPOSE 8001 -ENV PORT 8001 +ENV PORT=8001