-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f018ff8
commit 98fc0f4
Showing
1 changed file
with
21 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,37 @@ | ||
| FROM quay.io/cdis/amazonlinux:python3.9-master AS build-deps | ||
| ARG AZLINUX_BASE_VERSION=master | ||
|
|
||
| USER root | ||
| # Base stage with python-build-base | ||
| FROM quay.io/cdis/python-nginx-al:${AZLINUX_BASE_VERSION} AS base | ||
|
|
||
| ENV appname=gen3workflow | ||
|
|
||
| RUN pip3 install --no-cache-dir --upgrade poetry | ||
| WORKDIR /${appname} | ||
|
|
||
| RUN yum update -y && yum install -y --setopt install_weak_deps=0 \ | ||
| kernel-devel libffi-devel libxml2-devel libxslt-devel postgresql-devel python3-devel \ | ||
| git && yum clean all | ||
| RUN chown -R gen3:gen3 /${appname} | ||
|
|
||
| WORKDIR /$appname | ||
| # Builder stage | ||
| FROM base AS builder | ||
|
|
||
| # copy ONLY poetry artifact, install the dependencies but not gen3workflow | ||
| # this will make sure that the dependencies are cached | ||
| COPY poetry.lock pyproject.toml /$appname/ | ||
| RUN poetry config virtualenvs.in-project true \ | ||
| && poetry install -vv --no-root --only main --no-interaction \ | ||
| && poetry show -v | ||
|
|
||
| # copy source code ONLY after installing dependencies | ||
| COPY . /$appname | ||
|
|
||
| # install gen3workflow | ||
| RUN poetry config virtualenvs.in-project true \ | ||
| && poetry install -vv --only main --no-interaction \ | ||
| && poetry show -v | ||
|
|
||
| # Creating the runtime image | ||
| FROM quay.io/cdis/amazonlinux:python3.9-master | ||
| USER gen3 | ||
|
|
||
| ENV appname=gen3workflow | ||
|
|
||
| USER root | ||
| # copy ONLY poetry artifact, install the dependencies but not the app; | ||
| # this will make sure that the dependencies are cached | ||
| COPY poetry.lock pyproject.toml /${appname}/ | ||
| RUN poetry install -vv --no-root --only main --no-interaction | ||
|
|
||
| RUN pip3 install --no-cache-dir --upgrade poetry | ||
| COPY --chown=gen3:gen3 . /${appname} | ||
|
|
||
| RUN yum update -y && yum install -y --setopt install_weak_deps=0 \ | ||
| postgresql-devel shadow-utils\ | ||
| bash && yum clean all | ||
| # install the app | ||
| RUN poetry install --without dev --no-interaction | ||
|
|
||
| RUN useradd -ms /bin/bash appuser | ||
| # Final stage | ||
| FROM base | ||
|
|
||
| COPY --from=build-deps --chown=appuser:appuser /$appname /$appname | ||
| COPY --from=builder /${appname} /${appname} | ||
|
|
||
| WORKDIR /$appname | ||
| # Switch to non-root user 'gen3' for the serving process | ||
| USER gen3 | ||
|
|
||
| USER appuser | ||
| WORKDIR /${appname} | ||
|
|
||
| CMD ["poetry", "run", "gunicorn", "gen3workflow.app:app", "-k", "uvicorn.workers.UvicornWorker", "-c", "gunicorn.conf.py", "--user", "appuser", "--group", "appuser"] |