-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
104 lines (86 loc) · 3.11 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# ===================
# Build working image
# ===================
FROM python:3.11.9-slim AS builder
## Set up work directory
WORKDIR /app
## Configure Python settings
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
## Install build prerequisites
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y \
dumb-init \
g++ \
gcc \
libpq-dev \
patchelf \
pipx \
python3-dev \
&& \
for EXECUTABLE in \
"auditwheel" \
"hatch"; \
do pipx install "$EXECUTABLE"; \
done
## Use hatch to generate requirements file
## Note that we need to specify psycopg[c] in order to ensure that dependencies are included in the wheel
COPY README.md pyproject.toml ./
COPY guacamole_user_sync/*.py guacamole_user_sync/
RUN /root/.local/bin/hatch run pip freeze | grep -v "^-e" > requirements.txt && \
sed -i "s/psycopg=/psycopg[c]=/g" requirements.txt
## Build a separate pip wheel which can be used to install itself
## N.B. we rename the wheel so that we can refer to it by name later
RUN python -m pip wheel --no-cache-dir --wheel-dir /app/wheels pip && \
mv /app/wheels/pip*whl /app/wheels/pip-0-py3-none-any.whl
## Build wheels for dependencies using auditwheel to include shared libraries
RUN python -m pip wheel --no-cache-dir --no-binary :all: --wheel-dir /app/repairable -r requirements.txt && \
for WHEEL in /app/repairable/*.whl; do \
echo "\nRepairing ${WHEEL}" && \
/root/.local/bin/auditwheel repair --wheel-dir /app/wheels --plat "manylinux_2_34_$(uname -m)" "${WHEEL}" || mv "${WHEEL}" /app/wheels/; \
done && \
rm -rf /app/repairable
## Build a wheel for guacamole_user_sync
COPY guacamole_user_sync guacamole_user_sync
RUN /root/.local/bin/hatch build -t wheel && \
mv dist/guacamole_user_sync*.whl /app/wheels/ && \
echo "guacamole-user-sync>=0.0" >> requirements.txt
## List all wheels
RUN ls -alh /app/wheels/
# =================
# Build final image
# =================
FROM gcr.io/distroless/python3-debian12:debug
## This shell is only available in the debug image
SHELL ["/busybox/sh", "-c"]
## Set up work directory
WORKDIR /app
## Configure Python settings
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
## Copy required files
COPY --from=builder /app/wheels /tmp/wheels
COPY --from=builder /app/requirements.txt .
COPY --from=builder /usr/bin/dumb-init /usr/bin/dumb-init
COPY synchronise.py .
## Install pip from wheel
RUN python /tmp/wheels/pip-0-py3-none-any.whl/pip install \
--break-system-packages \
--root-user-action ignore \
--no-index \
/tmp/wheels/pip-0-py3-none-any.whl && \
rm /tmp/wheels/pip-0-py3-none-any.whl
## Install Python packages from wheels
RUN python -m pip install \
--break-system-packages \
--root-user-action ignore \
--find-links /tmp/wheels/ \
-r /app/requirements.txt && \
rm -rf /tmp/wheels && \
python -m pip freeze
## Set file permissions
RUN chmod 0700 /app/synchronise.py
## Run jobs with dumb-init
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["python", "/app/synchronise.py"]