-
Notifications
You must be signed in to change notification settings - Fork 6
/
Dockerfile
84 lines (74 loc) · 2.44 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
FROM python:3.9-alpine3.14
ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
WORKDIR /code
# Install OS dependencies needed to run whereintheworld
#
# Note: please add in this section runtime dependences only.
# If you temporary need a package to build a Python or npm
# dependency take a look at the sections below.
RUN apk --update --no-cache add \
"geos~=3" \
"gdal~=3" \
"binutils" \
"nodejs" \
"npm" \
&& ln -s /usr/lib/libgdal.so.28 /usr/lib/libgdal.so \
&& ln -s /usr/lib/libgeos_c.so.1 /usr/lib/libgeos_c.so \
&& npm install -g yarn@1
# Compile and install Python dependencies.
#
# Notes:
#
# - we explicitly COPY the files so that we don't need to rebuild
# the container every time a dependency changes
#
# - we need few additional OS packages for this. Let's install
# and then uninstall them when the compilation is completed.
COPY requirements.txt ./
RUN apk --update --no-cache --virtual .build-deps add \
"git~=2" \
"postgresql-dev~=13" \
"g++~=10.3" \
"gcc~=10.3" \
"libffi-dev~=3.3" \
&& \
pip install -r requirements.txt --compile --no-cache-dir \
&& \
apk del .build-deps
# Compile and install Yarn dependencies.
#
# Notes:
#
# - we explicitly COPY the files so that we don't need to rebuild
# the container every time a dependency changes
#
# - we need few additional OS packages for this. Let's install
# and then uninstall them when the compilation is completed.
COPY package.json yarn.lock ./
RUN yarn config set network-timeout 300000 && \
yarn install --frozen-lockfile && \
yarn cache clean
# Copy everything else
COPY . .
# Build the frontend
#
# Note: we run the build as a separate actions to increase
# the cache hit ratio of the layers above.
RUN yarn build && \
yarn cache clean && \
rm -rf ./node_modules
# Generate Django's static files
RUN SECRET_KEY='unsafe secret key for collectstatic only' python manage.py collectstatic --noinput
# Add a dedicated 'whereintheworld' user and group, move files into its home dir and set the
# proper file permissions. This alleviates compliance issue for not running a
# container as 'root'
RUN addgroup -S whereintheworld && \
adduser -S whereintheworld -G whereintheworld && \
mv /code /home/whereintheworld && \
chown -R whereintheworld:1000 /home/whereintheworld/code
WORKDIR /home/whereintheworld/code
USER whereintheworld
# Expose container port and run entry point script
EXPOSE 8000
CMD ["./bin/docker"]