From a1be49476cab648d83a1aa8b9e236d97b08c3d7f Mon Sep 17 00:00:00 2001 From: Janaka Abeywardhana Date: Sat, 28 Oct 2023 15:24:09 +0100 Subject: [PATCH] infra(container): pull envs from Infisical - Secrets and none secret values - At app startup time inside the container Infisical CLI injects values into the app. --- Dockerfile | 17 +++++++++++++---- pyproject.toml | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index f888dff5..792973ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ ARG BUILDPLATFORM=linux/amd64 ARG BUILDTAG=3.11-slim-buster +ARG PIPNOCACHE=--no-cache FROM --platform=$BUILDPLATFORM python:$BUILDTAG as test @@ -7,7 +8,7 @@ WORKDIR /home/user/app ENV PATH=$PATH:/home/user/.local/bin -RUN pip install --no-cache poetry poethepoet +RUN pip install ${PIPNOCACHE} poetry poethepoet RUN poetry config --no-cache COPY pyproject.toml . COPY poetry.lock . @@ -35,6 +36,10 @@ CMD ["test"] FROM --platform=$BUILDPLATFORM python:$BUILDTAG as prod +RUN apt-get update && apt-get install -y bash curl && curl -1sLf \ + 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \ + && apt-get update && apt-get install -y infisical + RUN addgroup --system user && adduser --system user --ingroup user USER user @@ -44,9 +49,13 @@ COPY --chown=user:user --from=test /home/user/app/requirements.txt requirements. COPY --chown=user:user --from=test /home/user/app/dist dist COPY --chown=user:user web web -RUN pip install --no-cache -r requirements.txt dist/*.whl --user +RUN pip install -r $PIPNOCACHE requirements.txt dist/*.whl --user + +ENV INFISICAL_DISABLE_UPDATE_CHECK=true + -ENTRYPOINT ["python", "-m", "streamlit", "run"] -CMD ["web/index.py", "--browser.gatherUsageStats", "false"] +#ENTRYPOINT ["python", "-m", "streamlit", "run"] +#CMD ["web/index.py", "--browser.gatherUsageStats", "false"] +ENTRYPOINT infisical run --env=${INFISICAL_ENV_NAME} -- python -m streamlit run web/index.py --browser.gatherUsageStats false diff --git a/pyproject.toml b/pyproject.toml index b99c3962..4cb2667e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "docq" -version = "0.4.2" +version = "0.4.3" description = "Docq.AI - private and secure knowledge insight on your data." authors = ["Docq.AI Team "] maintainers = ["Docq.AI Team "] @@ -157,6 +157,23 @@ args = [ { name = "target", default = "prod" }, ] +[tool.poe.tasks.docker-build-pipcached] +cmd = """ +docker build +--build-arg TESTBUILD=$test \ +--build-arg BUILDTAG=$build_tag \ +--build-arg BUILDPLATFORM=$build_platform \ +--build-arg PIPNOCACHE= \ +--target $target \ +-t docq:$target-$build_tag .""" +help = "Build a docker image to test the project in an isolated environment" +args = [ + { name = "test", default = false, type = "boolean" }, + { name = "build-tag", default = "3.11-slim-buster" }, + { name = "build-platform", default = "linux/amd64" }, + { name = "target", default = "prod" }, +] + [tool.poe.tasks.docker-run] cmd = """ docker run \ @@ -172,3 +189,20 @@ args = [ { name = "target", default = "prod" }, { name = "port", default = 8501, type = "integer" }, ] + +[tool.poe.tasks.docker-run-infisical] +cmd = """ +docker run \ +-it +--rm \ +--name docq \ +--env INFISICAL_TOKEN=$INFISICAL_TOKEN \ +--env INFISICAL_ENV_NAME=stage +-p $port:$port \ +docq:$target-$build_tag """ +help = "Run the docker image" +args = [ + { name = "build-tag", default = "3.11-slim-buster" }, + { name = "target", default = "prod" }, + { name = "port", default = 8501, type = "integer" }, +]