From f147e1c4e5b5bbae2eabed5f61babaee250e1c6e Mon Sep 17 00:00:00 2001 From: Alex Povel Date: Tue, 6 Sep 2022 19:28:00 +0200 Subject: [PATCH] build: Use proper multi-stage build (1/3 of image size) See also 4d9fa5357c733a720a10a7f3c1575bdb237b296e. Inspired by https://github.com/python-poetry/poetry/issues/1178#issuecomment-998549092 --- Dockerfile | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7f2aee..7e0e233 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,36 @@ -FROM python:3.10-slim +# Global ARG, available to all stages (if renewed) +ARG WORKDIR="/app" -ENV POETRY_HOME="/opt/poetry" -ENV PATH="$POETRY_HOME/bin:$PATH" +FROM python:3.10 AS builder + +# Renew (https://stackoverflow.com/a/53682110): +ARG WORKDIR # Don't buffer `stdout`: ENV PYTHONUNBUFFERED=1 # Don't create `.pyc` files: ENV PYTHONDONTWRITEBYTECODE=1 -WORKDIR /app +RUN pip install poetry && poetry config virtualenvs.in-project true + +WORKDIR ${WORKDIR} +COPY . . + +RUN poetry install --only main + +FROM python:3.10-alpine -RUN apt-get update && apt-get install --yes --no-install-recommends \ - curl \ - gcc \ - g++ +ARG WORKDIR -RUN curl -sSL https://install.python-poetry.org | python - +WORKDIR ${WORKDIR} -# README.md is junk but poetry requests it and fails otherwise. -COPY pyproject.toml poetry.lock README.md ./ -COPY ancv/ ./ancv/ +COPY --from=builder ${WORKDIR} . -# Since this is an isolated image *just* for this project, we can install everything -# globally, killing one virtual environment a time... See also: -# https://python-poetry.org/docs/configuration/#virtualenvscreate . -RUN poetry config virtualenvs.create false && poetry install --only main +# For options, see https://boxmatrix.info/wiki/Property:adduser +RUN adduser app -DHh ${WORKDIR} -u 1000 +USER 1000 +# App-specific settings: EXPOSE 8080 -ENTRYPOINT [ "ancv" ] +ENTRYPOINT [ "./.venv/bin/python", "-m", "ancv" ] CMD [ "serve", "api", "--port", "8080" ]