Merge pull request #45 from unicef/docker-standard

docker structure

compose.prd.yml

@@ -35,9 +35,9 @@ services:
   backend:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: prd
-    command: sh -c "entrypoint.sh ./wait-for-it.sh db:5432 && entrypoint.sh ./wait-for-it.sh hopedb:5432 && entrypoint.sh prd"
+    command: sh -c "entrypoint.sh ./docker/wait-for-it.sh db:5432 && entrypoint.sh ./docker/wait-for-it.sh hopedb:5432 && entrypoint.sh prd"
     environment: *django-env
     ports:
       - 8000:8000
@@ -102,7 +102,7 @@ services:
   celery_worker:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: prd
     command: celery_worker
     environment: *django-env
@@ -119,7 +119,7 @@ services:
   celery_beat:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: prd
     command: celery_beat
     environment: *django-env

compose.test.yml

@@ -4,7 +4,7 @@ services:
   backend:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: dev
     command: tests
     environment:

compose.yml

@@ -30,7 +30,7 @@ services:
   backend:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: dev
     command: dev
     environment: *django-env
@@ -97,7 +97,7 @@ services:
   celery_worker:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: dev
     command: celery_worker
     environment: *django-env
@@ -113,7 +113,7 @@ services:
   celery_beat:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: docker/Dockerfile
       target: dev
     command: celery_beat
     environment: *django-env

docker/Dockerfile

@@ -1,85 +1,53 @@
-# syntax=docker/dockerfile:1.3
-ARG PYTHON_VER=3.11
-ARG PKG_DIR=/code/__pypackages__/$PYTHON_VER/lib
-ARG BUILD_DATE
-ARG CHECKSUM
-
-FROM python:${PYTHON_VER}-slim-bookworm AS python
-
-FROM python AS base
-ARG PKG_DIR
-ENV ADMINS="" \
-    UWSGI_PROCESSES=4 \
-    VERSION=${VERSION}
-
-ENV PYTHONPATH=$PKG_DIR:/code/src/ \
-    PATH=${PATH}:$PKG_DIR/../bin/
-
-RUN groupadd --gid 1024 hcr \
-    && adduser --system  --disabled-login --disabled-password --no-create-home --group hcr -q --gecos www
-
-
-FROM python AS cache
-ARG PKG_DIR
-ENV BUILD_DATE=$BUILD_DATE \
-    VERSION=$VERSION \
-    PYTHONDONTWRITEBYTECODE=1
-ENV buildDeps="build-essential gcc libjpeg-dev zlib1g-dev libffi-dev libssl-dev libpq-dev "
-ENV runtimeDeps="postgresql-client gettext wkhtmltopdf"
-RUN rm -f /etc/apt/apt.conf.d/docker-clean \
-    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
-
-RUN apt-get update
-
-RUN apt-get install -y --no-install-recommends $buildDeps
-
-RUN apt-get install -y --no-install-recommends $runtimeDeps
-
-RUN rm -rf /var/lib/apt/lists/*
-RUN pip install -U pip setuptools && pip install pdm
-
-FROM cache AS builder
-ARG PKG_DIR
-ARG CHECKSUM
-WORKDIR /code/
-COPY pyproject.toml pdm.lock README.md /code/
-RUN mkdir __pypackages__ \
-    && pdm sync --prod --no-editable --no-self
-
-RUN echo $CHECKSUM > /CHECKSUM
-
-
-FROM builder AS builder-test
-ARG PKG_DIR
-WORKDIR /code/
-ENV PYTHONPATH=$PKG_DIR:/code/src/ \
-    PATH=${PATH}:$PKG_DIR/../bin/
+FROM python:3.11-slim-bookworm as base
+
+RUN apt update \
+    && apt install --no-install-recommends -y \
+        gcc curl libgdal-dev wkhtmltopdf chromium-driver chromium \
+    && apt clean && rm -rf /var/lib/apt/lists/* \
+    && addgroup --system --gid 82 hcr \
+    && adduser \
+        --system --uid 82 \
+        --disabled-password --home /home/hcr \
+        --shell /sbin.nologin --group hcr --gecos hcr \
+    && mkdir -p /code /tmp /data /static \
+    && chown -R hcr:hcr /code /tmp /data /static
+
+ENV PACKAGES_DIR=/packages
+ENV PYPACKAGES=$PACKAGES_DIR/__pypackages__/3.11
+ENV LIB_DIR=$PYPACKAGES/lib
+ENV PYTHONPATH=$PYTHONPATH:$LIB_DIR:/code/src
+ENV PATH=$PATH:$PYPACKAGES/bin
+
+WORKDIR /code
+
+FROM base as builder
+
+WORKDIR $PACKAGES_DIR
+RUN pip install pdm
+COPY ../pyproject.toml ./
+COPY ../pdm.lock ./
+RUN pdm config python.use_venv false
+RUN pdm config venv.in_project true
+RUN pdm sync --prod --no-editable --no-self
+
+FROM builder AS dev
 
 RUN pdm sync --no-editable --no-self
 
+WORKDIR /code
+COPY .. ./
+
+COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["entrypoint.sh"]
 
-FROM base AS dist
-ARG PKG_DIR
-COPY docker/bin/* /usr/local/bin/
-COPY docker/conf/* /conf/
-WORKDIR /code/
-COPY --from=cache /usr/bin/envsubst /usr/bin/
-COPY --from=builder /code/__pypackages__ /code/__pypackages__
-COPY --from=builder /CHECKSUM /CHECKSUM
-COPY ./src /code/src
 
-ENTRYPOINT ["docker-entrypoint.sh"]
-CMD ["run"]
+FROM base AS prd
 
+ENV PATH=$PATH:/code/.venv/bin/
 
-FROM base AS test
-ARG PKG_DIR
-COPY docker/bin/* /usr/local/bin/
-COPY docker/conf/* /conf/
-WORKDIR /code/
-COPY --from=builder-test /code/__pypackages__ /code/__pypackages__
-COPY --from=builder /CHECKSUM /CHECKSUM
-COPY . /code/
+COPY --chown=hcr:hcr .. ./
+COPY --chown=hcr:hcr --from=builder $PACKAGES_DIR $PACKAGES_DIR
+USER hcr
 
-ENTRYPOINT ["docker-entrypoint.sh"]
-CMD ["run"]
+COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["entrypoint.sh"]

entrypoint.sh → docker/entrypoint.sh

@@ -17,12 +17,12 @@ fi
 
 case "$1" in
     dev)
-        ./wait-for-it.sh db:5432
+        ./docker/wait-for-it.sh db:5432
         python3 manage.py migrate
         python3 manage.py runserver 0.0.0.0:8000
     ;;
     tests)
-        ./wait-for-it.sh db:5432
+        ./docker/wait-for-it.sh db:5432
         pytest tests/ --create-db --cov-report term --maxfail 5 --with-selenium
     ;;
     prd)

ops/ci.yaml

@@ -58,6 +58,7 @@ stages:
         -t $(Docker.url)/$(Docker.backend.repository):dev-$(tag) \
         --target dev \
         --push \
+        -f docker/Dockerfile \
         ./
       displayName: Docker build dev
 
@@ -80,7 +81,7 @@ stages:
       inputs:
         containerregistrytype: 'Azure Container Registry'
         azureContainerRegistry: $(Docker.registryConnection)
-        dockerComposeFile: 'ops/compose.test.yml'
+        dockerComposeFile: 'ops/compose.ci-test.yml'
         action: 'Run a Docker Compose command'
         dockerComposeCommand: 'run --no-deps backend black --check .'
         dockerComposeFileArgs: |
@@ -105,7 +106,7 @@ stages:
       inputs:
         containerregistrytype: 'Azure Container Registry'
         azureContainerRegistry: $(Docker.registryConnection)
-        dockerComposeFile: 'ops/compose.test.yml'
+        dockerComposeFile: 'ops/compose.ci-test.yml'
         action: 'Run a Docker Compose command'
         dockerComposeCommand: 'run --no-deps backend flake8 .'
         dockerComposeFileArgs: |
@@ -130,7 +131,7 @@ stages:
       inputs:
         containerregistrytype: 'Azure Container Registry'
         azureContainerRegistry: $(Docker.registryConnection)
-        dockerComposeFile: 'ops/compose.test.yml'
+        dockerComposeFile: 'ops/compose.ci-test.yml'
         action: 'Run a Docker Compose command'
         dockerComposeCommand: 'up --exit-code-from backend'
         dockerComposeFileArgs: |
@@ -161,6 +162,7 @@ stages:
         -t $(Docker.url)/$(Docker.backend.repository):prd-$(tag) \
         --target prd \
         --push \
+        -f docker/Dockerfile \
         ./
       displayName: Docker build prd
 

src/hope_country_report/config/__init__.py

@@ -1,11 +1,8 @@
-from typing import Any, Dict, reveal_type, Tuple
-
-from collections.abc import Mapping
 from enum import Enum
 
 from environ import Env
 
-DJANGO_HELP_BASE = "https://docs.djangoproject.com/en/4.2/ref/settings"
+DJANGO_HELP_BASE = "https://docs.djangoproject.com/en/5.0/ref/settings"
 
 
 def setting(anchor):