-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
134 lines (115 loc) · 4.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
ARG EXTERNAL_REG
ARG INTERNAL_REG
ARG PYTHON_IMG_TAG
FROM ${EXTERNAL_REG}/debian:bookworm AS certs
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& update-ca-certificates
FROM ${EXTERNAL_REG}/python:${PYTHON_IMG_TAG}-slim-bookworm as base
ARG PYTHON_IMG_TAG
ARG CKAN_VERSION
ARG MAINTAINER
LABEL envidat.ch.python-img-tag="${PYTHON_IMG_TAG}" \
envidat.ch.ckan-version="${CKAN_VERSION}" \
envidat.ch.maintainer="${MAINTAINER}" \
envidat.ch.api-port="5000"
# CA-Certs
COPY --from=certs \
/etc/ssl/certs/ca-certificates.crt \
/etc/ssl/certs/ca-certificates.crt
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends locales \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
&& rm -rf /var/lib/apt/lists/*
# Set locale
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
FROM base as build
ARG CKAN_VERSION
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
git \
build-essential \
gcc \
python3-dev \
libpq-dev \
libssl-dev \
libffi-dev \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt/python
COPY requirements-extra.txt .
# Install CKAN, plus extra deps
RUN pip install --user --no-warn-script-location \
--no-cache-dir "ckan[requirements]==$CKAN_VERSION" \
&& pip install --user --no-warn-script-location \
--no-cache-dir -r ./requirements-extra.txt \
&& rm requirements-extra.txt
# Install ckanext-scheming (not updated on PyPi)
RUN pip install --user --no-warn-script-location \
--no-cache-dir git+https://github.com/ckan/ckanext-scheming.git
# Install ckanext-blind_review (not on PyPi)
#RUN pip install --user --no-warn-script-location \
# --no-cache-dir git+https://gitlabext.wsl.ch/EnviDat/ckanext-blind_review.git
FROM base as runtime
ARG PYTHON_IMG_TAG
WORKDIR /opt/ckan
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PATH="/usr/lib/ckan/.local/bin:$PATH" \
CKAN_HOME="/usr/lib/ckan" \
CKAN_CONFIG_DIR="/opt/ckan" \
CKAN_STORAGE_PATH="/opt/ckan/data" \
CKAN_LIB="/usr/lib/ckan/.local/lib/python$PYTHON_IMG_TAG/site-packages"
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
curl \
postgresql-client \
libpq-dev \
libmagic1 \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build \
/root/.local \
$CKAN_HOME/.local
COPY ckan-entrypoint.sh /ckan-entrypoint.sh
COPY wsgi.py config/*.yaml config/*.json $CKAN_CONFIG_DIR/
# Upgrade pip & add ckan user, permissions
RUN useradd -r -u 900 -m -c "non-priv user" -d $CKAN_HOME -s /bin/false ckanuser \
&& chmod +x /ckan-entrypoint.sh \
&& mkdir -p $CKAN_HOME $CKAN_STORAGE_PATH/storage/uploads/group \
&& chown -R ckanuser:ckanuser $CKAN_HOME $CKAN_CONFIG_DIR
ENTRYPOINT ["/ckan-entrypoint.sh"]
FROM runtime as debug
ARG CKAN_VERSION
USER ckanuser
RUN pip install --user --no-cache-dir --no-cache \
debugpy==1.6.4 \
"ckan[dev]==$CKAN_VERSION"
CMD ["python", "-m", "debugpy", "--listen", "0.0.0.0:5678", \
"/usr/lib/ckan/.local/bin/ckan", "run", "--host", "0.0.0.0", \
"--passthrough-errors"]
# "--disable-debugger"]
FROM runtime as prod
# CMD ["opentelemetry-instrument", "gunicorn", "wsgi:application", \
# "--bind", "0.0.0.0:5000", \
# "--workers=2", "--threads=4", "--worker-class=gthread", \
# "--worker-tmp-dir=/dev/shm", \
# "--log-file=-", "--log-level=debug"]
# Pre-compile packages to .pyc (init speed gains)
RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
USER ckanuser
CMD ["gunicorn", "wsgi:application", \
"--bind", "0.0.0.0:5000", \
"--workers=2", "--threads=4", "--worker-class=gthread", \
"--worker-tmp-dir=/dev/shm", \
"--log-file=-", "--log-level=debug"]