studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
133688324b348ce2e188b63f5000daba38c5fbf0
people/Dockerfile

198 lines
4.8 KiB
Docker
Raw Normal View History

✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Django People
# ---- base image to inherit from ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM python:3.12.6-alpine3.20 AS base
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Upgrade pip to its latest release to speed up dependencies installation
🚑️(backend) fixe CVEs in backend image Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
RUN python -m pip install --upgrade pip setuptools
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Upgrade system packages to install security updates
🚑️(backend) fixe CVEs in backend image Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
RUN apk update && \
apk upgrade
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
### ---- Front-end dependencies image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM node:20 AS frontend-deps
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
WORKDIR /deps
COPY ./src/frontend/package.json ./package.json
COPY ./src/frontend/yarn.lock ./yarn.lock
COPY ./src/frontend/apps/desk/package.json ./apps/desk/package.json
COPY ./src/frontend/packages/i18n/package.json ./packages/i18n/package.json
COPY ./src/frontend/packages/eslint-config-people/package.json ./packages/eslint-config-people/package.json
RUN yarn --frozen-lockfile
🔨(CI) add Tilt Tilt is a tool for local Kubernetes development. It makes it easy to see your changes as you make them, and it rebuilds and redeploys your app as you change it.
2024-06-03 10:05:45 +02:00
### ---- Front-end builder dev image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM node:20 AS frontend-builder-dev
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
WORKDIR /builder
COPY --from=frontend-deps /deps/node_modules ./node_modules
COPY ./src/frontend .
WORKDIR ./apps/desk
🔨(CI) add Tilt Tilt is a tool for local Kubernetes development. It makes it easy to see your changes as you make them, and it rebuilds and redeploys your app as you change it.
2024-06-03 10:05:45 +02:00
### ---- Front-end builder image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM frontend-builder-dev AS frontend-builder
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
🔨(CI) add Tilt Tilt is a tool for local Kubernetes development. It makes it easy to see your changes as you make them, and it rebuilds and redeploys your app as you change it.
2024-06-03 10:05:45 +02:00
RUN yarn build
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
# ---- Front-end image ----
⬆️(nginx) bump nginx-unprivileged to 1.27 Bump nginx-unprivileged to the latest version
2025-03-12 12:20:55 +01:00
FROM nginxinc/nginx-unprivileged:1.27-alpine AS frontend-production
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
🔒️(docker) patch libssl3 and libcrypto3 to address CVE-2024-12797 Added temporary root privileges to update OpenSSL libraries. Upgrades libssl3 and libcrypto3 to 3.3.3-r0 to fix HIGH severity vulnerability. Properly switches back to nginx user after updates. Maintains unprivileged execution while addressing security concern affecting RFC7250 Raw Public Keys authentication. Security: CVE-2024-12797
2025-02-13 08:23:14 +01:00
USER root
RUN apk update && apk upgrade libssl3 libcrypto3
USER nginx
✨(frontend) introduce frontend Docker Image To facilitate deployment on Kubernetes, we've introduced a Docker image for the frontend. The Next.js project is built, and its static output is served using an Nginx reverse proxy. Since DevOps lacks a certified cold storage solution (e.g., S3) for serving static files, we've decided to containerize the frontend as a quick workaround for deploying staging environments. Please note this Docker Image is WIP. One of the main issue still not resolved concerns environment variables, which are only available when building the Docker Image. Thus, having different environment variables values between environment (dev, pre-prod, prod) will require us to build several frontend images, and tag them with the appropriate target environment. The `.env.production` values are not the final ones. For now, they were set to dev values. It allows us to test the frontend image with the development setup. Important: The frontend image is built-on top of an unprivileged Nginx image, which exposes by default port 8080 instead of 80 for classic Nginx image. You can find more info https://github.com/nginxinc/docker-nginx-unprivileged. The Docker Compose Nginx service is used to proxy OIDC requests to keycloak, in order to share the same host when initiating an OIDC flow, from outside and inside docker virtual network. All Nginx configurations related to serve frontend static build were moved to a newly created conf file under src/frontend/apps/desk. When starting the frontend image, we desire to start the minimum Nignx config required to serve frontend statics.
2024-01-25 19:38:40 +01:00
# Un-privileged user running the application
ARG DOCKER_USER
USER ${DOCKER_USER}
COPY --from=frontend-builder \
/builder/apps/desk/out \
/usr/share/nginx/html
COPY ./src/frontend/apps/desk/conf/default.conf /etc/nginx/conf.d
# Copy entrypoint
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
CMD ["nginx", "-g", "daemon off;"]
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# ---- Back-end builder image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM base AS back-builder
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
WORKDIR /builder
# Copy required python dependencies
COPY ./src/backend /builder
RUN mkdir /install && \
pip install --prefix=/install .
# ---- mails ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM node:20 AS mail-builder
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
COPY ./src/mail /mail/app
WORKDIR /mail/app
RUN yarn install --frozen-lockfile && \
yarn build
# ---- static link collector ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM base AS link-collector
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
ARG PEOPLE_STATIC_ROOT=/data/static
# Install libpangocairo & rdfind
🚑️(backend) fixe CVEs in backend image Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
RUN apk add \
pango \
rdfind
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Copy installed python dependencies
COPY --from=back-builder /install /usr/local
# Copy people application (see .dockerignore)
COPY ./src/backend /app/
WORKDIR /app
# collectstatic
RUN DJANGO_CONFIGURATION=Build DJANGO_JWT_PRIVATE_SIGNING_KEY=Dummy \
python manage.py collectstatic --noinput
# Replace duplicated file by a symlink to decrease the overall size of the
# final image
RUN rdfind -makesymlinks true -followsymlinks true -makeresultsfile false ${PEOPLE_STATIC_ROOT}
# ---- Core application image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM base AS core
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
ENV PYTHONUNBUFFERED=1
# Install required system libs
🚑️(backend) fixe CVEs in backend image Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
RUN apk add \
gettext \
cairo \
libffi-dev \
gdk-pixbuf \
pango \
shared-mime-info
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Copy entrypoint
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
# Give the "root" group the same permissions as the "root" user on /etc/passwd
# to allow a user belonging to the root group to add new users; typically the
# docker user (see entrypoint).
RUN chmod g=u /etc/passwd
# Copy installed python dependencies
COPY --from=back-builder /install /usr/local
# Copy people application (see .dockerignore)
COPY ./src/backend /app/
WORKDIR /app
# We wrap commands run in this container by the following entrypoint that
# creates a user on-the-fly with the container user ID (see USER) and root group
# ID.
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
# ---- Development image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM core AS backend-development
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Switch back to the root user to install development dependencies
USER root:root
# Install psql
🚑️(backend) fixe CVEs in backend image Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
RUN apk add postgresql-client
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# Uninstall people and re-install it in editable mode along with development
# dependencies
RUN pip uninstall -y people
RUN pip install -e .[dev]
# Restore the un-privileged user running the application
ARG DOCKER_USER
USER ${DOCKER_USER}
# Target database host (e.g. database engine following docker compose services
# name) & port
ENV DB_HOST=postgresql \
DB_PORT=5432
# Run django development server
🐛(docker) switch CMD form from Shell to Exec `backend-development` and `backend-production` CMD syntaxes were using a Shell Form. Shell form prevented Unix signals from reaching our container correctly, such as SIGTERM. Also, the shell process ends up being the PID 1, instead of our Python scripts. Docker recommends to use the exec form whenever possible.
2024-03-19 18:16:36 +01:00
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# ---- Production image ----
🎨(dockerfile) fix `FromAsCasing` warnings Warning where raised because of the casing change between `FROM` and `as`.
2024-11-15 16:36:14 +01:00
FROM core AS backend-production
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
ARG PEOPLE_STATIC_ROOT=/data/static
# Gunicorn
RUN mkdir -p /usr/local/etc/gunicorn
COPY docker/files/usr/local/etc/gunicorn/people.py /usr/local/etc/gunicorn/people.py
# Un-privileged user running the application
ARG DOCKER_USER
USER ${DOCKER_USER}
# Copy statics
COPY --from=link-collector ${PEOPLE_STATIC_ROOT} ${PEOPLE_STATIC_ROOT}
# Copy people mails
👷(ci) fix CI running in github actions The CI configuration file was translated from CircleCI to github actions a bit too fast and had not been tested yet.
2024-01-05 09:11:57 +01:00
COPY --from=mail-builder /mail/backend/core/templates/mail /app/core/templates/mail
✨(project) first proof of concept based of Joanie Used https://github.com/openfun/joanie as boilerplate, ran a few transformations with ChapGPT and adapted models and endpoints to fit to my current vision of the project.
2024-01-03 10:09:31 +01:00
# The default command runs gunicorn WSGI server in people's main module
🐛(docker) switch CMD form from Shell to Exec `backend-development` and `backend-production` CMD syntaxes were using a Shell Form. Shell form prevented Unix signals from reaching our container correctly, such as SIGTERM. Also, the shell process ends up being the PID 1, instead of our Python scripts. Docker recommends to use the exec form whenever possible.
2024-03-19 18:16:36 +01:00
CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/people.py", "people.wsgi:application"]
Reference in New Issue Copy Permalink