-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(gunicorn): Updated image to use gunicorn and new base image
- Loading branch information
Edward Malinowski
authored and
Edward Malinowski
committed
Nov 27, 2023
1 parent
61cb197
commit 0df7098
Showing
4 changed files
with
60 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,63 +1,61 @@ | ||
# To run: | ||
# - Create and fill out `creds.json`: | ||
# { | ||
# "fence_host": "", | ||
# "fence_username": "", | ||
# "fence_password": "", | ||
# "fence_database": "", | ||
# "db_host": "", | ||
# "db_username": "", | ||
# "db_password": "", | ||
# "db_database": "", | ||
# "gdcapi_secret_key": "", | ||
# "hostname": "" | ||
# } | ||
# - Build the image: `docker build . -t peregrine -f Dockerfile` | ||
# - Run: `docker run -v /full/path/to/creds.json:/var/www/peregrine/creds.json -p 81:80 peregrines` | ||
# To check running container: `docker exec -it peregrine /bin/bash` | ||
|
||
FROM quay.io/cdis/python:python3.9-buster-2.0.0 | ||
ARG AZLINUX_BASE_VERSION=master | ||
|
||
# Base stage with python-build-base | ||
FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} as base | ||
|
||
# Comment this in, and comment out the line above, if quay is down | ||
# FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base | ||
|
||
ENV appname=peregrine | ||
ENV POETRY_NO_INTERACTION=1 \ | ||
POETRY_VIRTUALENVS_IN_PROJECT=1 \ | ||
POETRY_VIRTUALENVS_CREATE=1 | ||
|
||
WORKDIR /${appname} | ||
|
||
# create gen3 user | ||
# Create a group 'gen3' with GID 1000 and a user 'gen3' with UID 1000 | ||
RUN groupadd -g 1000 gen3 && \ | ||
useradd -m -s /bin/bash -u 1000 -g gen3 gen3 && \ | ||
chown -R gen3:gen3 /$appname && \ | ||
chown -R gen3:gen3 /venv | ||
|
||
|
||
# Builder stage | ||
FROM base as builder | ||
|
||
USER gen3 | ||
|
||
|
||
RUN python -m venv /venv | ||
|
||
COPY poetry.lock pyproject.toml /${appname}/ | ||
|
||
RUN pip install poetry && \ | ||
poetry install -vv --only main --no-interaction | ||
|
||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
build-essential libffi-dev musl-dev gcc libxml2-dev libxslt-dev \ | ||
curl bash git vim | ||
RUN pip install --upgrade pip poetry | ||
COPY --chown=gen3:gen3 . /$appname | ||
COPY --chown=gen3:gen3 ./deployment/wsgi/wsgi.py /$appname/wsgi.py | ||
|
||
RUN mkdir -p /var/www/$appname \ | ||
&& mkdir -p /var/www/.cache/Python-Eggs/ \ | ||
&& mkdir /run/nginx/ \ | ||
&& ln -sf /dev/stdout /var/log/nginx/access.log \ | ||
&& ln -sf /dev/stderr /var/log/nginx/error.log \ | ||
&& chown nginx -R /var/www/.cache/Python-Eggs/ \ | ||
&& chown nginx /var/www/$appname | ||
# Run poetry again so this app itself gets installed too | ||
RUN poetry install --without dev --no-interaction | ||
|
||
EXPOSE 80 | ||
RUN git config --global --add safe.directory /${appname} && COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" > /$appname/version_data.py \ | ||
&& VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >> /$appname/version_data.py | ||
|
||
WORKDIR /$appname | ||
# Final stage | ||
FROM base | ||
|
||
# copy ONLY poetry artifact, install the dependencies but not indexd | ||
# this will make sure than the dependencies is cached | ||
COPY poetry.lock pyproject.toml /$appname/ | ||
RUN poetry config virtualenvs.create false \ | ||
&& poetry install -vv --no-root --no-dev --no-interaction \ | ||
&& poetry show -v | ||
COPY --from=builder /venv /venv | ||
COPY --from=builder /$appname /$appname | ||
|
||
# copy source code ONLY after installing dependencies | ||
COPY . /$appname | ||
COPY ./deployment/uwsgi/uwsgi.ini /etc/uwsgi/uwsgi.ini | ||
COPY ./bin/settings.py /var/www/$appname/settings.py | ||
COPY ./bin/confighelper.py /var/www/$appname/confighelper.py | ||
|
||
# install peregrine | ||
RUN poetry config virtualenvs.create false \ | ||
&& poetry install -vv --no-dev --no-interaction \ | ||
&& poetry show -v | ||
# Switch to non-root user 'gen3' for the serving process | ||
USER gen3 | ||
|
||
RUN COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" >$appname/version_data.py \ | ||
&& VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >>$appname/version_data.py | ||
RUN source /venv/bin/activate | ||
|
||
WORKDIR /var/www/$appname | ||
ENV PYTHONUNBUFFERED=1 \ | ||
PYTHONIOENCODING=UTF-8 | ||
|
||
CMD /dockerrun.sh | ||
CMD ["gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
wsgi_app = "deployment.wsgi.wsgi:application" | ||
bind = "0.0.0.0:8000" | ||
workers = 1 | ||
user = "gen3" | ||
group = "gen3" | ||
timeout = 300 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
from peregrine import app_init, app | ||
|
||
app_init(app) | ||
application = app |