-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
97 lines (80 loc) · 3.34 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# SPDX-FileCopyrightText: 2023 Gert van Dijk <[email protected]>
#
# SPDX-License-Identifier: Apache-2.0
# syntax=docker/dockerfile:1.3
ARG FROM_IMAGE
### Base stage ###
# https://github.com/hadolint/hadolint/issues/339
# hadolint ignore=DL3006
FROM $FROM_IMAGE as base
# https://github.com/hadolint/hadolint/issues/562
# hadolint ignore=DL3005
RUN apt-get update --quiet \
&& apt-get dist-upgrade --quiet --yes \
&& apt-get autoremove --quiet --yes \
&& rm -rf /var/lib/apt/lists
# Keep in sync with stage below.
RUN adduser \
--system \
--group \
--uid 500 \
--disabled-login \
--disabled-password \
--gecos "purepythonmilter,,," \
--home /purepythonmilter \
purepythonmilter
USER purepythonmilter:purepythonmilter
WORKDIR /purepythonmilter
# Silence warning from pip that local bin directory is not on PATH.
# Keep in sync with stage below.
RUN mkdir -p "${HOME}/.local/bin"
ENV PATH="/purepythonmilter/.local/bin:${PATH}"
### Build stage 1/2: dependencies ###
FROM base as builder-deps
USER root:root
# Install a specified version of pip & setuptools globally.
# Not in the user's site-packages, because we don't need it in there as dependency.
# Also, mount a Buildkit-cachable ~/.cache directory to speed up pip-installs.
# And therefore purposefully ignore DL3042.
# hadolint ignore=DL3042
RUN --mount=type=cache,target=/root/.cache \
python -m pip install pip==23.1.2 setuptools==67.8.0 setuptools-scm[toml]==7.1.0
USER purepythonmilter:purepythonmilter
# Install dependencies (for 'examples' optional set) with pinned version manually.
# Mount a Buildkit-cachable ~/.cache directory to speed up pip-installs.
# And therefore purposefully ignore DL3042.
# hadolint ignore=DL3042
RUN --mount=type=cache,target=/purepythonmilter/.cache \
python -m pip install --user \
attrs==23.1.0 \
click==8.1.3
### Build stage 2/2: the package itself ###
FROM builder-deps as builder
# Copy to a temp location, because pip with setuptools backends
# needs a writable source directory.
# https://pip.pypa.io/en/stable/cli/pip_install/#local-project-installs
RUN --mount=type=bind,source=/,target=/purepythonmilter/reporoot \
cp -r /purepythonmilter/reporoot /tmp/reporootcopy
# By passing SETUPTOOLS_SCM_PRETEND_VERSION we eliminate the need for git here.
ARG SETUPTOOLS_SCM_PRETEND_VERSION
RUN python -m pip --no-cache-dir install --user '/tmp/reporootcopy[examples]'
# Verify that all packages are up-to-date (`pip list --outdated` should give no output),
# and do not cache (always run, except within the same minute).
ARG CACHEBUST_MINUTE
# Unfortunately, pip returns exit status 0 regardless of status.
# hadolint ignore=SC2028
RUN outdated=$(python -m pip list --no-cache-dir --outdated 2>&1) \
&& [ -z "$outdated" ] \
|| (echo "'pip list --outdated' @ ${CACHEBUST_MINUTE}:\n${outdated}"; exit 1)
### Final stage ###
FROM base
# Dependencies only (separate as stable layer).
COPY --from=builder-deps /purepythonmilter/.local .local
# purepythonmilter itself.
COPY --from=builder /purepythonmilter/.local .local
ENV PATH="/purepythonmilter/.local/bin:${PATH}"
ENV PUREPYTHONMILTER_BIND_HOST=0.0.0.0
# If you want to run a specific example by default, specify like this:
# CMD ["python", "-m", "purepythonmilter.examples.debug_log_all", "--log-level=DEBUG"]
#
# Or else, specify the command at run time.