From 98fc0f41dc629188f2c8d892da72940d01ea809d Mon Sep 17 00:00:00 2001
From: Pauline Ribeyre <4224001+paulineribeyre@users.noreply.github.com>
Date: Thu, 2 Jan 2025 15:32:40 -0600
Subject: [PATCH] Amazon linux base image

---
 Dockerfile | 56 ++++++++++++++++++++----------------------------------
 1 file changed, 21 insertions(+), 35 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ef34f08..76f4e57 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,51 +1,37 @@
-FROM quay.io/cdis/amazonlinux:python3.9-master AS build-deps
+ARG AZLINUX_BASE_VERSION=master
 
-USER root
+# Base stage with python-build-base
+FROM quay.io/cdis/python-nginx-al:${AZLINUX_BASE_VERSION} AS base
 
 ENV appname=gen3workflow
 
-RUN pip3 install --no-cache-dir --upgrade poetry
+WORKDIR /${appname}
 
-RUN yum update -y && yum install -y --setopt install_weak_deps=0 \
-    kernel-devel libffi-devel libxml2-devel libxslt-devel postgresql-devel python3-devel \
-    git && yum clean all
+RUN chown -R gen3:gen3 /${appname}
 
-WORKDIR /$appname
+# Builder stage
+FROM base AS builder
 
-# copy ONLY poetry artifact, install the dependencies but not gen3workflow
-# this will make sure that the dependencies are cached
-COPY poetry.lock pyproject.toml /$appname/
-RUN poetry config virtualenvs.in-project true \
-    && poetry install -vv --no-root --only main --no-interaction \
-    && poetry show -v
-
-# copy source code ONLY after installing dependencies
-COPY . /$appname
-
-# install gen3workflow
-RUN poetry config virtualenvs.in-project true \
-    && poetry install -vv --only main --no-interaction \
-    && poetry show -v
-
-# Creating the runtime image
-FROM quay.io/cdis/amazonlinux:python3.9-master
+USER gen3
 
-ENV appname=gen3workflow
-
-USER root
+# copy ONLY poetry artifact, install the dependencies but not the app;
+# this will make sure that the dependencies are cached
+COPY poetry.lock pyproject.toml /${appname}/
+RUN poetry install -vv --no-root --only main --no-interaction
 
-RUN pip3 install --no-cache-dir --upgrade poetry
+COPY --chown=gen3:gen3 . /${appname}
 
-RUN yum update -y && yum install -y --setopt install_weak_deps=0 \
-    postgresql-devel shadow-utils\
-    bash && yum clean all
+# install the app
+RUN poetry install --without dev --no-interaction
 
-RUN useradd -ms /bin/bash appuser
+# Final stage
+FROM base
 
-COPY --from=build-deps --chown=appuser:appuser /$appname /$appname
+COPY --from=builder /${appname} /${appname}
 
-WORKDIR /$appname
+# Switch to non-root user 'gen3' for the serving process
+USER gen3
 
-USER appuser
+WORKDIR /${appname}
 
 CMD ["poetry", "run", "gunicorn", "gen3workflow.app:app", "-k", "uvicorn.workers.UvicornWorker", "-c", "gunicorn.conf.py", "--user", "appuser", "--group", "appuser"]