This repository has been archived by the owner on Aug 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
163 lines (134 loc) · 4.6 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
ARG BASE_PYTHON_IMAGE_REGISTRY=docker.io/library
ARG BASE_PYTHON_IMAGE_VERSION=3.9.11-slim-bullseye
FROM node:14.18.0 as reactapps
WORKDIR /app
RUN apt-get update -y && apt-get install --no-install-recommends -y make
COPY claimant/package.json ./claimant/
COPY claimant/yarn.lock ./claimant/
COPY claimant/tsconfig.json ./claimant/
# each RUN gets cached based on the COPY ahead of it, so cache the node_modules/
# unless yarn.lock has changed.
WORKDIR /app/claimant
# we want only those js libs listed in "dependencies" in package.json
ENV NODE_ENV=production
# use yarn install instead of "make deps" so we can wait to COPY the Makefile
# after this RUN, saving ourselves a re-build of the node_modules layer when our Makefile changes.
RUN yarn install
WORKDIR /app
COPY claimant/Makefile ./claimant/
COPY claimant/public/ ./claimant/public/
COPY claimant/src/ ./claimant/src/
COPY claimant/.eslintrc.yml ./claimant/
WORKDIR /app/claimant
ARG ENV_NAME=""
# delete all those files needed only for local development and testing.
# we do not run tests or storybook in the container, and we do not install
# their devDependencies (see above)
RUN find src -name '*test.ts*' -delete && \
find src -name '*stories.ts*' -delete && \
rm src/setupTests.ts && \
rm src/setupProxy.tsx && \
rm src/*.js && \
make docker-build
##########################################
# Django
FROM ${BASE_PYTHON_IMAGE_REGISTRY}/python:${BASE_PYTHON_IMAGE_VERSION} as djangobase
# Temporarily set the user to root during the docker build phase and set it
# back to a non-root user in the final stages below.
# hadolint ignore=DL3002
USER root
WORKDIR /app
# Create a non-root user and group for running the app
RUN groupadd doluiapp && \
useradd -g doluiapp doluiapp
EXPOSE 8000
COPY requirements*.txt ./
RUN apt-get update -y && apt-get install -y \
--no-install-recommends \
libexpat1 \
base-files=11.1+deb11u3 \
gpgv=2.2.27-2+deb11u1 \
gzip=1.10-4+deb11u1 \
libc-bin=2.31-13+deb11u3 \
libc6=2.31-13+deb11u3 \
liblzma5=5.2.5-2.1~deb11u1 \
libssl1.1=1.1.1n-0+deb11u1 \
libsystemd0=247.3-7 \
libudev1=247.3-7 \
openssl=1.1.1n-0+deb11u1 \
sysvinit-utils=2.96-7+deb11u1 \
tzdata=2021a-1+deb11u3 \
zlib1g=1:1.2.11.dfsg-2+deb11u1 \
gcc \
libmariadb-dev \
wait-for-it \
git \
make \
gettext \
redis-tools \
iputils-ping \
mariadb-client \
&& rm -rf /var/lib/apt/lists/* \
&& pip install --no-cache-dir -r requirements.txt
COPY Makefile .
COPY scripts/*sh ./scripts/
COPY manage.py .
COPY start-server.sh .
COPY home ./home
COPY core ./core
COPY login-dot-gov ./login-dot-gov
COPY launchdarkly ./launchdarkly
COPY api ./api
COPY swa ./swa
COPY reference ./reference
COPY certs ./certs
COPY schemas ./schemas
# settings.py will ignore this copy for FIXTURE_DIR
# but we need it for "ci" and "deployed" images.
COPY claimant/src/fixtures/ ./api/fixtures/
# copy over just the precompiled react app(s)
COPY --from=reactapps /app/claimant/build /app/claimant/build
# copy USWDS static assets for Django to consume
COPY --from=reactapps /app/claimant/node_modules/uswds/dist /app/home/static
ARG APPLICATION_VERSION=""
ARG APPLICATION_TIMESTAMP=""
ENV UI_API_SHA=${APPLICATION_VERSION}
ENV BUILD_TIME=${APPLICATION_TIMESTAMP}
ARG ENV_NAME=""
ENV ENV_NAME=${ENV_NAME}
CMD ["./start-server.sh"]
##########################################
# for local development
FROM djangobase as djangobase-devlocal
COPY setup-cypress-tests.sh .
RUN if [ -f core/.env ] ; then echo "core/.env exists" ; else cp core/.env-example core/.env ; fi && \
pip install --no-cache-dir -r requirements-ci.txt
# leave the .env file intact
RUN make build-static build-translations && \
rm -f core/.env-* && \
make build-cleanup
USER doluiapp
##########################################
# for ci environment
FROM djangobase as djangobase-ci
COPY run-ci-tests.sh .
COPY setup-cypress-tests.sh .
RUN pip install --no-cache-dir -r requirements-ci.txt && \
cp core/.env-ci core/.env && \
echo SECRET_KEY=`make secret SECRET_LENGTH=64` >> core/.env && \
echo REDIS_SECRET_KEY=`make secret SECRET_LENGTH=32` >> core/.env && \
echo CLAIM_SECRET_KEY=[\"`make secret SECRET_LENGTH=32`\",\"`make secret SECRET_LENGTH=32`\"] >> core/.env && \
echo "BUILD_TIME=`date '+%Y%m%d-%H%M%S'`" >> core/.env
# leave the .env file intact
RUN make build-static build-translations && \
rm -f core/.env-* && \
make build-cleanup
USER doluiapp
##########################################
# for deployed environment
FROM djangobase as djangobase-wcms
ARG ENV_PATH=/app/core/.env-example
RUN make build-static build-translations && \
rm -f core/.env* && \
make build-cleanup
USER doluiapp