Add Docker image creation for crossreference #412
Conversation
vladbogo
force-pushed
the
crossref_docker
branch
3 times, most recently
from
5b72332
to
1cef242
Compare
cross-reference/Dockerfile
Outdated
| WORKDIR /app | ||
|
|
||
| # Install system dependencies | ||
| RUN apt-get update && apt-get install --no-install-recommends -y build-essential mariadb-client libmariadbclient-dev |
There was a problem hiding this comment.
build-essential and mariadb-client looks odd - does it directly use mariadb executable? Could append ; rm -rf /var/lib/apt/lists/* for size reduction.
There was a problem hiding this comment.
Also:
- please one package by line;
- this lack of cleaning should have been catched by hadolint, can you make sure that it is run against this Dockerfile.
There was a problem hiding this comment.
probably the mariadb-client and build-essential are not needed. some leftovers from other dockerfiles. I'll remove them and we'll see after testing
There was a problem hiding this comment.
hadolint runs
Nope, it does not, it runs on the wrong PATH...
~/buildbot/cross-reference remotes/vlad/crossref_docker ≡
.venv ❯ podman run -it -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
Trying to pull ghcr.io/hadolint/hadolint:latest...
Getting image source signatures
Copying blob db4123164570 done |
Copying config da13a5ec2e done |
Writing manifest to image destination
/mnt/Dockerfile:12 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
/mnt/Dockerfile:12 DL3009 info: Delete the apt-get lists after installing something
/mnt/Dockerfile:18 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`There was a problem hiding this comment.
DL3008 are disabled but DL3009 is not.
There was a problem hiding this comment.
The paths are too cryptic. I am not sure what it wants from pip
There was a problem hiding this comment.
DL3009 is also disabled. Anyway not sure what it wants now
cross-reference/Dockerfile
Outdated
| WORKDIR /app | ||
|
|
||
| # Install system dependencies | ||
| RUN apt-get update && apt-get install --no-install-recommends -y build-essential mariadb-client libmariadbclient-dev |
There was a problem hiding this comment.
Also:
- please one package by line;
- this lack of cleaning should have been catched by hadolint, can you make sure that it is run against this Dockerfile.
cross-reference/Dockerfile
Outdated
| @@ -0,0 +1,27 @@ | |||
| # Use an official Python runtime as a parent image | |||
| FROM python:3.11-slim-buster | |||
There was a problem hiding this comment.
Maybe a good moment to try to upgrade to bullseye (or better alpine :-) )
|
0.0.0.0 as far as I am aware
…On Fri, 12 Apr 2024, 15:01 faust, ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In cross-reference/Dockerfile
<#412 (comment)>:
> @@ -0,0 +1,27 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim-buster
Maybe a good moment to try to upgrade to bullseye (or better alpine :-) )
------------------------------
In cross-reference/Dockerfile
<#412 (comment)>:
> @@ -0,0 +1,27 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim-buster
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+# Set work directory
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y build-essential mariadb-client libmariadbclient-dev
Also:
- please one package by line;
- this lack of cleaning should have been catched by hadolint, can you
make sure that it is run against this Dockerfile.
------------------------------
In cross-reference/Dockerfile
<#412 (comment)>:
> +RUN apt-get update && apt-get install --no-install-recommends -y build-essential mariadb-client libmariadbclient-dev
+
+# Install python dependencies
+COPY requirements.txt /app
+RUN pip install --no-cache-dir --upgrade pip && \
+ pip install --no-cache-dir -r requirements.txt
+
+# Copy project
+COPY ./crossreference /app/
+
+# Add and run as non-root user
+RUN adduser --disabled-password --gecos '' cr
+USER cr
+
+# Run gunicorn
+CMD ["bash", "-c", "python manage.py collectstatic --noinput && gunicorn crossreference.wsgi:application --bind 1.0.0.0:25432"]
yep, that's probably 0.0.0.0/0 (not sure if there is a best practice
here, it maybe localhost too since the port is going to be exposed on
localhost host by docker-compose).
—
Reply to this email directly, view it on GitHub
<#412 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AARWRPKS7NLQLBXG33CIGWDY47EJRAVCNFSM6AAAAABGCLOOFSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTSOJWGYZDQNRZGM>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
vladbogo
force-pushed
the
crossref_docker
branch
from
1cef242
to
7844576
Compare
vladbogo
force-pushed
the
crossref_docker
branch
5 times, most recently
from
91555d5
to
6392884
Compare
| - uses: actions/checkout@v4 | ||
| - name: Check Dockerfile with hadolint | ||
| run: | | ||
| docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile |
There was a problem hiding this comment.
Here is how to check the correct Dockerfile:
- docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
+ docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/cross-reference/Dockerfilenote that $(pwd) the current repo root is mounted in /mnt in the container, also since the working directory is /mnt (that's what the -w does), this should also work:
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint cross-reference/DockerfileThere was a problem hiding this comment.
This doesn't work because of line 16. All the next steps need to run in the cross-reference dir. So we either make this run in the parent, or copy the file
There was a problem hiding this comment.
Oh, I see, sorry missed that one. I am happy with any one of the mentioned solution.
vladbogo
force-pushed
the
crossref_docker
branch
6 times, most recently
from
b4c4e0f
to
990998e
Compare
vladbogo
force-pushed
the
crossref_docker
branch
from
990998e
to
c177b12
Compare
| podman build . --tag ${{ env.REPO }}:crossreference | ||
| - name: Push images to local registry | ||
| run: | | ||
| for img in crossreference; do |
| pip install --no-cache-dir -r requirements.txt | ||
|
|
||
| # Copy project | ||
| COPY ./crossreference /app/ |
There was a problem hiding this comment.
It's probably cleaner to use this as a volume mount with the generated image. It would avoid regenerating the image anytime we change app code source...
There was a problem hiding this comment.
I think it's easier to have all contained in the image, for local Development purposes.
If this sounds sane, then also making use of DEV_ *container tags will help separate the two environments.
|
What is the status of this PR? Let's handle it appropriately so won't hang in the PR queue forever. |
| USER cr | ||
|
|
||
| # Run gunicorn | ||
| CMD ["bash", "-c", "python manage.py collectstatic --noinput && exec gunicorn crossreference.wsgi:application --bind 0.0.0.0:25432"] |
There was a problem hiding this comment.
I would really like to see a gunicorn configuration file, stored in the repository and exposed to the container as a mount.
https://docs.gunicorn.org/en/stable/settings.html
For example, we need to add the 60s timeout.
There was a problem hiding this comment.
definitively the way to proceed, yes!
|
Another thing that is worth mentioning. Based on the current Git branching strategy, |
No description provided.