This repository has been archived by the owner on Oct 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 21
/
Dockerfile
59 lines (50 loc) · 2.19 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# This is an example Dockerfile to run your service in PaaSTA!
# It satisfies the PaaSTA contract.
FROM docker-dev.yelpcorp.com/jammy_yelp:latest
# python and uwsgi deps
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
awscli \
git \
libatlas-base-dev \
libpython3.8 \
libxml2 \
libyaml-0-2 \
lsb-release \
make \
openssh-client \
python3.8 \
python3-distutils \
python3-pip \
python3-setuptools \
stdin2scribe \
tox \
virtualenv \
zk-flock \
&& apt-get clean
RUN /usr/bin/pip3 install supervisor
COPY tox.ini requirements.txt requirements-bootstrap.txt extra-requirements-yelp.txt /code/
RUN cd code && tox -e virtualenv_run
RUN cd code && virtualenv_run/bin/pip3 install -rextra-requirements-yelp.txt
RUN mkdir /home/nobody \
&& chown nobody /home/nobody
ENV HOME /home/nobody
# Code is COPY'ed here after the pip install above, so that code changes do not
# break the preceding cache layer.
COPY . /code
RUN chown nobody /code
# This is needed so that we can pass PaaSTA itests on Jenkins; for some reason (probably aufs-related?)
# root can't modify the contents of /code on Jenkins, even though it works locally. Root needs to
# modify these contents so that it can configure the Dockerized Mesos cluster that we run our itests on.
# This shouldn't be a security risk because we drop privileges below and on overlay2, root can already
# modify the contents of this directory.
RUN chmod -R 775 /code/acceptance
RUN ln -s /code/clusterman/supervisord/fetch_clusterman_signal /usr/bin/fetch_clusterman_signal
RUN ln -s /code/clusterman/supervisord/run_clusterman_signal /usr/bin/run_clusterman_signal
RUN install -d --owner=nobody /code/logs
# Create /nail/run to store the batch PID file
RUN mkdir -p /nail/run && chown -R nobody /nail/run
# For sake of security, don't run your service as a privileged user
USER nobody
WORKDIR /code
ENV BASEPATH=/code PATH=/code/virtualenv_run/bin:$PATH