From 085523d7b4f2325242ce490e9edcaec3c929776c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9mence=20Lesn=C3=A9?= Date: Tue, 29 Oct 2024 19:45:42 +0100 Subject: [PATCH 1/2] perf: Use Alpine as default OS for the container --- Dockerfile | 50 ++++++++++++++++++++++++++++++++------------------ Makefile | 9 +++++++++ 2 files changed, 41 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e69d614..0d7dda74 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,39 @@ # Base container -FROM docker.io/library/python:3.12-slim-bookworm@sha256:541d45d3d675fb8197f534525a671e2f8d66c882b89491f9dda271f4f94dcd06 AS base +FROM docker.io/library/python:3.12-alpine3.20@sha256:38e179a0f0436c97ecc76bcd378d7293ab3ee79e4b8c440fdc7113670cb6e204 AS base + +RUN --mount=target=/var/cache/apk,type=cache,sharing=locked --mount=target=/root/.cache/pip,type=cache,sharing=locked \ + apk update \ + && apk add \ + gcc # Build container FROM base AS build -RUN rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked --mount=target=/root/.cache/pip,type=cache,sharing=locked \ - apt-get update -q \ - && apt-get install -y -q --no-install-recommends \ - gcc \ - python3-dev \ - && python3 -m pip install --upgrade \ - pip \ - setuptools \ - wheel - -RUN python -m venv /venv +RUN --mount=target=/var/cache/apk,type=cache,sharing=locked --mount=target=/root/.cache/pip,type=cache,sharing=locked \ + apk update \ + && apk add \ + cargo \ + libffi-dev \ + linux-headers \ + musl-dev \ + python3-dev \ + rust \ + && python3 -m ensurepip \ + && python3 -m pip install \ + --root-user-action ignore \ + --upgrade \ + pip \ + setuptools \ + wheel + +RUN python3 -m venv /venv ENV PATH=/venv/bin:$PATH COPY requirements.txt . RUN --mount=target=/root/.cache/pip,type=cache,sharing=locked \ - python3 -m pip install --requirement requirements.txt + python3 -m pip install \ + --requirement requirements.txt \ + --root-user-action ignore # Output container FROM base @@ -29,8 +41,10 @@ FROM base ARG VERSION ENV VERSION=${VERSION} -RUN useradd -m appuser \ - && mkdir /app \ +RUN adduser \ + --disabled-password \ + --home /app \ + appuser \ && chown -R appuser:appuser /app USER appuser @@ -40,4 +54,4 @@ ENV PATH=/venv/bin:$PATH COPY --chown=appuser:appuser /app /app -CMD ["bash", "-c", "gunicorn app.main:api --bind 0.0.0.0:8080 --proxy-protocol --workers 4 --worker-class uvicorn.workers.UvicornWorker"] +CMD ["sh", "-c", "gunicorn app.main:api --bind 0.0.0.0:8080 --proxy-protocol --workers 4 --worker-class uvicorn.workers.UvicornWorker"] diff --git a/Makefile b/Makefile index c7335bc3..2726c613 100644 --- a/Makefile +++ b/Makefile @@ -127,6 +127,15 @@ build: --tag $(container_name):latest \ . +run: + $(docker) run \ + --env PUBLIC_DOMAIN=$(tunnel_url) \ + --env VERSION=$(version_full) \ + --env-file .env \ + --mount type=bind,source=$(shell pwd)/config.yaml,target=/app/config.yaml \ + --publish 8080:8080 \ + $(container_name):latest + deploy: $(MAKE) deploy-bicep From 517ce0cf361136da6aca7107a718b0c099a6a3a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:57:54 +0000 Subject: [PATCH 2/2] chore(deps): bump library/python from 3.12-alpine3.20 to 3.13-alpine3.20 Bumps library/python from 3.12-alpine3.20 to 3.13-alpine3.20. --- updated-dependencies: - dependency-name: library/python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0d7dda74..7ac7f70c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Base container -FROM docker.io/library/python:3.12-alpine3.20@sha256:38e179a0f0436c97ecc76bcd378d7293ab3ee79e4b8c440fdc7113670cb6e204 AS base +FROM docker.io/library/python:3.13-alpine3.20@sha256:c38ead8bcf521573dad837d7ecfdebbc87792202e89953ba8b2b83a9c5a520b6 AS base RUN --mount=target=/var/cache/apk,type=cache,sharing=locked --mount=target=/root/.cache/pip,type=cache,sharing=locked \ apk update \