forked from GoogleCloudPlatform/database-assessment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
56 lines (48 loc) · 1.86 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Dockerfile
ARG PYTHON_IMAGE=python:3.10-slim
## Build venv
FROM ${PYTHON_IMAGE} as python-base
ENV PIP_DEFAULT_TIMEOUT=100 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
PIP_NO_CACHE_DIR=1 \
PIP_ROOT_USER_ACTION=ignore \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PYTHONHASHSEED=random
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /root/.cache \
&& rm -rf /var/apt/lists/* \
&& rm -rf /var/cache/apt/*
RUN pip install --no-cache-dir --upgrade pip \
pip install --no-cache-dir wheel setuptools
FROM python-base AS build-stage
RUN apt-get install -y --no-install-recommends curl git build-essential \
&& apt-get autoremove -y
WORKDIR /app
COPY requirements.txt api-requirements.txt setup.py README.md LICENSE /app/
COPY db_assessment /app/db_assessment
RUN python -m venv --copies /app/venv
RUN . /app/venv/bin/activate \
&& pip install --no-cache-dir -r requirements.txt -r api-requirements.txt \
&& pip install /app/
## Beginning of runtime image
FROM ${PYTHON_IMAGE} as run-image
ENV PATH=/app/venv/bin:$PATH \
PYTHONPATH=/app/
WORKDIR /app
# switch to a non-root user for security
RUN addgroup --system --gid 1001 "app-user" \
&& adduser --no-create-home --system --uid 1001 "app-user" \
&& chown -R "app-user":"app-user" /app
COPY --chown="app-user":"app-user" --from=build-stage /app/venv /app/venv/
COPY --chown="app-user":"app-user" requirements.txt api-requirements.txt setup.py tasks.py README.md LICENSE /app/
COPY --chown="app-user":"app-user" sample /app/sample
# These are the two folders that change the most.
COPY --chown="app-user":"app-user" db_assessment /app/db_assessment
USER "app-user"
ENTRYPOINT [ "gunicorn","--bind", "0.0.0.0:8080","--timeout", "0", "--workers","1", "db_assessment.api:app"]
EXPOSE 8080