-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
55 lines (40 loc) · 1.56 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Stage 1: Build stage
FROM rockylinux:9.3-minimal AS build
# Install necessary build tools
RUN microdnf install -y curl tar
# Download the hatch tar.gz file from GitHub
RUN curl -L https://github.com/pypa/hatch/releases/latest/download/hatch-x86_64-unknown-linux-gnu.tar.gz -o /tmp/hatch-x86_64-unknown-linux-gnu.tar.gz
# Extract the hatch binary
RUN tar -xzf /tmp/hatch-x86_64-unknown-linux-gnu.tar.gz -C /tmp/
# Stage 2: Final stage
FROM rockylinux:9.3-minimal
# Install runtime dependencies
RUN microdnf install -y --nodocs nodejs curl tar vim ncurses findutils && \
microdnf clean all
# Set up a default user and home directory
ENV HOME=/home/calrissian
# Create a user with UID 1001, group root, and a home directory
RUN useradd -u 1001 -r -g 0 -m -d ${HOME} -s /sbin/nologin \
-c "Default Calrissian User" calrissian && \
mkdir -p /app && \
mkdir -p /opt && \
chown -R 1001:0 /app && \
chmod g+rwx ${HOME} /app
# Copy the hatch binary from the build stage
COPY --from=build /tmp/hatch /usr/bin/hatch
# Ensure the hatch binary is executable
RUN chmod +x /usr/bin/hatch
# Switch to the non-root user
USER calrissian
# Copy the application files into the /app directory
COPY --chown=1001:0 calrissian /app
WORKDIR /app
# Set up virtual environment paths
ENV VIRTUAL_ENV=/opt/envs/calrissian
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Prune any existing environments and create a new production environment
RUN cd /app && hatch env prune && \
hatch env create default
WORKDIR /app
# Set the default command to run when the container starts
CMD ["calrissian"]