-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
104 lines (79 loc) · 3.55 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#############################################################
# Dockerfile (based on Alpine)
# https://github.com/orenlab/dockerfiles
#
# To run the application in a specific mode:
# docker --target production build -t name/image:tag .
# docker --target development build -t name/image:tag .
#############################################################
# Set Alpine tag version for all stage
ARG IMAGE_VERSION_FIRST=alpine3.20
ARG IMAGE_VERSION_SECOND=3.20
# Zero stage - setup base image
FROM alpine:$IMAGE_VERSION_SECOND AS base
# Update base os components
RUN apk --no-cache update && \
apk --no-cache upgrade && \
# Add Timezone support in Alpine image
apk --no-cache add tzdata
# App workdir
WORKDIR /path/to/app
# Setup env var
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONPATH=/path/to/app
ENV PATH=/venv/bin:$PATH
# Copy app
COPY ./app ./app/
# Copy lisence
COPY LICENSE /path/to/app
# First stage - build Python deps
FROM python:$IMAGE_VERSION_FIRST AS builder
# Python version
ARG PYTHON_VERSION=3.12
COPY requirements.txt .
# Installing dependencies to build Python packages. An example for psutil:
RUN apk --no-cache add gcc python3-dev musl-dev linux-headers
# Install dependencies to the venv path
RUN python$PYTHON_VERSION -m venv --without-pip venv
RUN pip install --no-cache-dir --target="/venv/lib/python${PYTHON_VERSION}/site-packages" \
-r requirements.txt
# As a general rule, it is best to remove anything that is not essential for the operation of an application.
# This reduces the surface area of a potential attack.
RUN python -m pip uninstall pip setuptools python3-wheel python3-dev musl-dev -y
# Second stage - based on the base stage.
FROM base AS production
# Python version
ARG PYTHON_VERSION=3.12
# Сopy only the necessary python files and directories from first stage
COPY --from=builder /usr/local/bin/python3 /usr/local/bin/python3
COPY --from=builder /usr/local/bin/python$PYTHON_VERSION /usr/local/bin/python$PYTHON_VERSION
COPY --from=builder /usr/local/lib/python$PYTHON_VERSION /usr/local/lib/python$PYTHON_VERSION
COPY --from=builder /usr/local/lib/libpython$PYTHON_VERSION.so.1.0 /usr/local/lib/libpython$PYTHON_VERSION.so.1.0
COPY --from=builder /usr/local/lib/libpython3.so /usr/local/lib/libpython3.so
# Copy only the dependencies installation from the first stage image
COPY --from=builder /venv /venv
# activate venv
RUN source /venv/bin/activate && \
# forward logs to Docker's log collector
ln -sf /dev/stdout /path/to/app/logs && \
ln -sf /dev/stderr /path/to/app/logs
CMD [ "/venv/bin/python3", "app/main.py", "-args ...", "--kargs ..." ]
# Third stage - based on the base stage.
FROM base AS development
# Python version
ARG PYTHON_VERSION=3.12
# Сopy only the necessary python files and directories from first stage
COPY --from=builder /usr/local/bin/python3 /usr/local/bin/python3
COPY --from=builder /usr/local/bin/python$PYTHON_VERSION /usr/local/bin/python$PYTHON_VERSION
COPY --from=builder /usr/local/lib/python$PYTHON_VERSION /usr/local/lib/python$PYTHON_VERSION
COPY --from=builder /usr/local/lib/libpython$PYTHON_VERSION.so.1.0 /usr/local/lib/libpython$PYTHON_VERSION.so.1.0
COPY --from=builder /usr/local/lib/libpython3.so /usr/local/lib/libpython3.so
# Copy only the dependencies installation from the first stage image
COPY --from=builder /venv /venv
# activate venv
RUN source /venv/bin/activate && \
# forward logs to Docker's log collector
ln -sf /dev/stdout /path/to/app/logs && \
ln -sf /dev/stderr /path/to/app/logs
CMD [ "/venv/bin/python3", "app/main.py", "-args ...", "--kargs ..." ]