multi-staged docker build

2023-08-19 21:59:43 +00:00 · 2023-08-19 21:59:43 +00:00 · 6de5335528
commit 6de5335528
parent 8638479240
8 changed files with 97 additions and 39 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -8,3 +8,5 @@ __pycache__
 /doc
 /media
 /static
 /docker-compose.yml
 /Dockerfile
--- a/.github/workflows/docker-dev.yml
+++ b/.github/workflows/docker-dev.yml
@ -0,0 +1,42 @@
 name: publish
 on: [push, pull_request]
 jobs:
  push_to_docker_hub:
    name: Push image to Docker Hub
    if: github.repository_owner == 'alphatownsman'
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
        with:
          submodules: 'true'
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: neodb/neodb
      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          platforms: "linux/amd64,linux/arm64"
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/70
+++ b/70
@ -1,40 +1,54 @@
 # syntax=docker/dockerfile:1
-FROM python:3.11-slim
+FROM python:3.11-slim as build
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
-RUN useradd -U app
+
-COPY . /neodb
+RUN --mount=type=cache,sharing=locked,target=/var/cache/apt apt-get update \
-RUN mkdir -p /www
+    && apt-get install -y --no-install-recommends build-essential libpq-dev python3-venv opencc git
 COPY requirements.txt /neodb/
 WORKDIR /neodb
-RUN mv neodb-takahe /takahe
+RUN python -m venv .venv
-RUN cp misc/neodb-manage misc/takahe-manage /bin
+RUN --mount=type=cache,sharing=locked,target=/root/.cache .venv/bin/python3 -m pip install --upgrade -r requirements.txt
-RUN --mount=type=cache,target=/var/cache/apt apt-get update \
+
-    && apt-get install -y --no-install-recommends \
+COPY neodb-takahe/requirements.txt /takahe/
-        build-essential \
+WORKDIR /takahe
-        libpq-dev \
+RUN python -m venv /takahe/.venv
 RUN --mount=type=cache,sharing=locked,target=/root/.cache .venv/bin/python3 -m pip install --upgrade -r requirements.txt
 RUN apt-get purge -y --auto-remove build-essential && rm -rf /var/lib/apt/lists/*
 # runtime stage
 FROM python:3.11-slim as runtime
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 RUN --mount=type=cache,sharing=locked,target=/var/cache/apt-run apt-get update \
    && apt-get install -y --no-install-recommends libpq-dev \
        busybox \
        postgresql-client \
        nginx \
-        opencc \
+        opencc
        git
 RUN busybox --install
 COPY . /neodb
 WORKDIR /neodb
 COPY --from=build /neodb/.venv .venv
 RUN .venv/bin/python3 manage.py compilescss
 RUN .venv/bin/python3 manage.py collectstatic --noinput
 RUN mv /neodb/neodb-takahe /takahe
 WORKDIR /takahe
 COPY --from=build /takahe/.venv .venv
 RUN pwd && ls
 RUN TAKAHE_DATABASE_SERVER="postgres://x@y/z" TAKAHE_SECRET_KEY="t" TAKAHE_MAIN_DOMAIN="x.y" .venv/bin/python3 manage.py collectstatic --noinput
 COPY misc/nginx.conf.d/* /etc/nginx/conf.d/
 COPY misc/bin/* /bin/
 RUN mkdir -p /www
 RUN useradd -U app
-RUN --mount=type=cache,target=/root/.cache python3 -m pip install --upgrade -r requirements.txt
+WORKDIR /neodb
 RUN --mount=type=cache,target=/root/.cache cd /takahe && python3 -m pip install --upgrade -r requirements.txt
 RUN apt-get purge -y --auto-remove \
        build-essential \
        libpq-dev \
    && rm -rf /var/lib/apt/lists/*
 RUN python3 manage.py compilescss \
    && python3 manage.py collectstatic --noinput
 RUN cd /takahe && TAKAHE_DATABASE_SERVER="postgres://x@y/z" TAKAHE_SECRET_KEY="t" TAKAHE_MAIN_DOMAIN="x.y" python3 manage.py collectstatic --noinput
 USER app:app
 # invoke check by default
-CMD [ "sh", "-c", 'python3 /neodb/manage.py check && TAKAHE_DATABASE_SERVER="postgres://x@y/z" TAKAHE_SECRET_KEY="t" TAKAHE_MAIN_DOMAIN="x.y" python3 manage.py collectstatic --noinput python3 /takahe/manage.py check' ]
+CMD [ "sh", "-c", 'neodb-manage check && TAKAHE_DATABASE_SERVER="postgres://x@y/z" TAKAHE_SECRET_KEY="t" TAKAHE_MAIN_DOMAIN="x.y" takahe-manage check' ]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,7 +13,7 @@ version: "3.8"
 x-shared:
  neodb-service: &neodb-service
    build: .
-    image: nerodb/neodb:latest
+    image: neodb/neodb:${TAG:-latest}
    environment:
      - NEODB_DB_NAME=neodb
      - NEODB_DB_USER=neodb
@ -110,7 +110,7 @@ services:
  migration:
    <<: *neodb-service
    restart: "no"
-    command: "sh -c 'python /takahe/manage.py migrate && python /neodb/manage.py migrate'"
+    command: "sh -c '/takahe/.venv/bin/python /takahe/manage.py migrate && /neodb/.venv/bin/python /neodb/manage.py migrate'"
    depends_on:
      neodb-db:
        condition: service_healthy
@ -125,7 +125,7 @@ services:
    <<: *neodb-service
    # ports:
    #   - "18000:8000"
-    command: gunicorn boofilsic.wsgi -w ${NEODB_WEB_WORKER_NUM:-8} --preload -b 0.0.0.0:8000
+    command: /neodb/.venv/bin/gunicorn boofilsic.wsgi -w ${NEODB_WEB_WORKER_NUM:-8} --preload -b 0.0.0.0:8000
    healthcheck:
      test: ['CMD', 'wget', '-qO/tmp/test', 'http://127.0.0.1:8000/discover/']
    depends_on:
@ -134,14 +134,14 @@ services:
  neodb-worker:
    <<: *neodb-service
-    command: python /neodb/manage.py rqworker --with-scheduler import export mastodon fetch crawl
+    command: /neodb/.venv/bin/python /neodb/manage.py rqworker --with-scheduler import export mastodon fetch crawl
    depends_on:
      migration:
        condition: service_completed_successfully
  neodb-worker-extra:
    <<: *neodb-service
-    command: python /neodb/manage.py rqworker --with-scheduler fetch crawl
+    command: /neodb/.venv/bin/python /neodb/manage.py rqworker --with-scheduler fetch crawl
    depends_on:
      migration:
        condition: service_completed_successfully
@ -150,7 +150,7 @@ services:
    <<: *neodb-service
    # ports:
    #   - "19000:8000"
-    command: gunicorn --chdir /takahe takahe.wsgi -w ${TAKAHE_WEB_WORKER_NUM:-8} --preload -b 0.0.0.0:8000
+    command: /takahe/.venv/bin/gunicorn --chdir /takahe takahe.wsgi -w ${TAKAHE_WEB_WORKER_NUM:-8} --preload -b 0.0.0.0:8000
    healthcheck:
      test: ['CMD', 'wget', '-qO/tmp/test', 'http://127.0.0.1:8000/nodeinfo/2.0/']
    depends_on:
@ -159,7 +159,7 @@ services:
  takahe-stator:
    <<: *neodb-service
-    command: python /takahe/manage.py runstator
+    command: /takahe/.venv/bin/python /takahe/manage.py runstator
    depends_on:
      migration:
        condition: service_completed_successfully
--- a/misc/bin/neodb-manage
+++ b/misc/bin/neodb-manage
@ -0,0 +1,2 @@
 #!/bin/sh
 /neodb/.venv/bin/python /neodb/manage.py $@
--- a/misc/bin/takahe-manage
+++ b/misc/bin/takahe-manage
@ -0,0 +1,2 @@
 #!/bin/sh
 /takahe/.venv/bin/python /takahe/manage.py $@
--- a/misc/neodb-manage
+++ b/misc/neodb-manage
@ -1,2 +0,0 @@
 #!/bin/sh
 python /neodb/manage.py $@
--- a/misc/takahe-manage
+++ b/misc/takahe-manage
@ -1,2 +0,0 @@
 #!/bin/sh
 python /takahe/manage.py $@
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`/neodb/.venv/bin/python /neodb/manage.py $@`
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`/takahe/.venv/bin/python /takahe/manage.py $@`