feat(gunicorn): Updated image to use gunicorn and new base image

uc-cdis · Nov 27, 2023 · 0df7098 · 0df7098
1 parent 61cb197
commit 0df7098
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 52 deletions.
diff --git a/.github/workflows/image_build_push.yaml b/.github/workflows/image_build_push.yaml
@@ -5,7 +5,7 @@ on: push
 jobs:
   ci:
     name: Build Image and Push to Quay
-    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@feat/docker-cache-repo
     secrets:
       ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
       ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}

diff --git a/Dockerfile b/Dockerfile
@@ -1,63 +1,61 @@
-# To run:
-# - Create and fill out `creds.json`:
-# {
-#   "fence_host": "",
-#   "fence_username": "",
-#   "fence_password": "",
-#   "fence_database": "",
-#   "db_host": "",
-#   "db_username": "",
-#   "db_password": "",
-#   "db_database": "",
-#   "gdcapi_secret_key": "",
-#   "hostname": ""
-# }
-# - Build the image: `docker build . -t peregrine -f Dockerfile`
-# - Run: `docker run -v /full/path/to/creds.json:/var/www/peregrine/creds.json -p 81:80 peregrines`
-# To check running container: `docker exec -it peregrine /bin/bash`
-
-FROM quay.io/cdis/python:python3.9-buster-2.0.0
+ARG AZLINUX_BASE_VERSION=master
+
+# Base stage with python-build-base
+FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} as base
+
+# Comment this in, and comment out the line above, if quay is down
+# FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base
 
 ENV appname=peregrine
+ENV POETRY_NO_INTERACTION=1 \
+    POETRY_VIRTUALENVS_IN_PROJECT=1 \
+    POETRY_VIRTUALENVS_CREATE=1
+
+WORKDIR /${appname}
+
+# create gen3 user
+# Create a group 'gen3' with GID 1000 and a user 'gen3' with UID 1000
+RUN groupadd -g 1000 gen3 && \
+    useradd -m -s /bin/bash -u 1000 -g gen3 gen3  && \
+    chown -R gen3:gen3 /$appname && \
+    chown -R gen3:gen3 /venv
+
+
+# Builder stage
+FROM base as builder
+
+USER gen3
+
+
+RUN python -m venv /venv
+
+COPY poetry.lock pyproject.toml /${appname}/
+
+RUN pip install poetry && \
+    poetry install -vv --only main --no-interaction
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential libffi-dev musl-dev gcc libxml2-dev libxslt-dev \
-    curl bash git vim
-RUN pip install --upgrade pip poetry
+COPY --chown=gen3:gen3 . /$appname
+COPY --chown=gen3:gen3 ./deployment/wsgi/wsgi.py /$appname/wsgi.py
 
-RUN mkdir -p /var/www/$appname \
-    && mkdir -p /var/www/.cache/Python-Eggs/ \
-    && mkdir /run/nginx/ \
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-    && chown nginx -R /var/www/.cache/Python-Eggs/ \
-    && chown nginx /var/www/$appname
+# Run poetry again so this app itself gets installed too
+RUN poetry install --without dev --no-interaction
 
-EXPOSE 80
+RUN git config --global --add safe.directory /${appname} && COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" > /$appname/version_data.py \
+    && VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >> /$appname/version_data.py
 
-WORKDIR /$appname
+# Final stage
+FROM base
 
-# copy ONLY poetry artifact, install the dependencies but not indexd
-# this will make sure than the dependencies is cached
-COPY poetry.lock pyproject.toml /$appname/
-RUN poetry config virtualenvs.create false \
-    && poetry install -vv --no-root --no-dev --no-interaction \
-    && poetry show -v
+COPY --from=builder /venv /venv
+COPY --from=builder /$appname /$appname
 
-# copy source code ONLY after installing dependencies
-COPY . /$appname
-COPY ./deployment/uwsgi/uwsgi.ini /etc/uwsgi/uwsgi.ini
-COPY ./bin/settings.py /var/www/$appname/settings.py
-COPY ./bin/confighelper.py /var/www/$appname/confighelper.py
 
-# install peregrine
-RUN poetry config virtualenvs.create false \
-    && poetry install -vv --no-dev --no-interaction \
-    && poetry show -v
+# Switch to non-root user 'gen3' for the serving process
+USER gen3
 
-RUN COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" >$appname/version_data.py \
-    && VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >>$appname/version_data.py
+RUN source /venv/bin/activate
 
-WORKDIR /var/www/$appname
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8
 
-CMD /dockerrun.sh
+CMD ["gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"]
diff --git a/deployment/uwsgi/gunicorn.conf.py b/deployment/uwsgi/gunicorn.conf.py
@@ -0,0 +1,6 @@
+wsgi_app = "deployment.wsgi.wsgi:application"
+bind = "0.0.0.0:8000"
+workers = 1
+user = "gen3"
+group = "gen3"
+timeout = 300
diff --git a/deployment/uwsgi/wsgi.py b/deployment/uwsgi/wsgi.py
@@ -0,0 +1,4 @@
+from peregrine import app_init, app
+
+app_init(app)
+application = app