forked from openedx/credentials
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
112 lines (87 loc) · 4.46 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
FROM ubuntu:focal as base
MAINTAINER [email protected]
# Warning: This file is experimental.
#
# Short-term goals:
# * Be a suitable replacement for the `edxops/credentials` image in devstack (in progress).
# * Take advantage of Docker caching layers: aim to put commands in order of
# increasing cache-busting frequency.
# * Related to ^, use no Ansible or Paver.
# Long-term goal:
# * Be a suitable base for production Credentials images. This may not yet be the case.
# Packages installed:
# git; Used to pull in particular requirements from github rather than pypi,
# and to check the sha of the code checkout.
# language-pack-en locales; ubuntu locale support so that system utilities have a consistent
# language and time zone.
# python; ubuntu doesnt ship with python, so this is the python we will use to run the application
# python3-pip; install pip to install application requirements.txt files
# libssl-dev; # mysqlclient wont install without this.
# libmysqlclient-dev; to install header files needed to use native C implementation for
# MySQL-python for performance gains.
# wget to download a watchman binary archive
# unzip to unzip a watchman binary archive
# If you add a package here please include a comment above describing what it is used for
RUN apt-get update && \
apt-get install -y software-properties-common && \
apt-add-repository -y ppa:deadsnakes/ppa && apt-get update && \
apt-get upgrade -qy && apt-get install language-pack-en locales git \
python3.8-dev python3.8-venv libmysqlclient-dev libssl-dev build-essential wget unzip -qy && \
rm -rf /var/lib/apt/lists/*
# Create Python env
ENV VIRTUAL_ENV=/edx/app/credentials/venvs/credentials
RUN python3.8 -m venv $VIRTUAL_ENV
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Create Node env
RUN pip install nodeenv
ENV NODE_ENV=/edx/app/credentials/nodeenvs/credentials
RUN nodeenv $NODE_ENV --node=16.14.0 --prebuilt
ENV PATH="$NODE_ENV/bin:$PATH"
RUN npm install -g [email protected]
RUN locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ENV DJANGO_SETTINGS_MODULE credentials.settings.production
EXPOSE 18150
RUN useradd -m --shell /bin/false app
# Install watchman
RUN wget https://github.com/facebook/watchman/releases/download/v2020.08.17.00/watchman-v2020.08.17.00-linux.zip
RUN unzip watchman-v2020.08.17.00-linux.zip
RUN mkdir -p /usr/local/{bin,lib} /usr/local/var/run/watchman
RUN cp watchman-v2020.08.17.00-linux/bin/* /usr/local/bin
RUN cp watchman-v2020.08.17.00-linux/lib/* /usr/local/lib
RUN chmod 755 /usr/local/bin/watchman
RUN chmod 2777 /usr/local/var/run/watchman
# Now install credentials
WORKDIR /edx/app/credentials/credentials
# Copy the requirements explicitly even though we copy everything below
# this prevents the image cache from busting unless the dependencies have changed.
COPY requirements/production.txt /edx/app/credentials/credentials/requirements/production.txt
COPY requirements/pip_tools.txt /edx/app/credentials/credentials/requirements/pip_tools.txt
# Dependencies are installed as root so they cannot be modified by the application user.
RUN pip install -r requirements/pip_tools.txt
RUN pip install -r requirements/production.txt
RUN mkdir -p /edx/var/log
# Code is owned by root so it cannot be modified by the application user.
# So we copy it before changing users.
USER app
# Gunicorn 19 does not log to stdout or stderr by default. Once we are past gunicorn 19, the logging to STDOUT need not be specified.
CMD gunicorn --workers=2 --name credentials -c /edx/app/credentials/credentials/credentials/docker_gunicorn_configuration.py --log-file - --max-requests=1000 credentials.wsgi:application
# This line is after the requirements so that changes to the code will not
# bust the image cache
COPY . /edx/app/credentials/credentials
# We don't switch back to the app user for devstack because we need devstack users to be
# able to update requirements and generally run things as root.
FROM base as dev
USER root
ENV DJANGO_SETTINGS_MODULE credentials.settings.devstack
RUN pip install -r /edx/app/credentials/credentials/requirements/dev.txt
# Temporary compatibility hack while devstack is supporting
# both the old `edxops/credentials` image and this image:
# Add in a dummy ../credentials_env file.
# The credentials_env file was originally needed for sourcing to get
# environment variables like DJANGO_SETTINGS_MODULE, but now we just set
# those variables right in the Dockerfile.
RUN touch ../credentials_env
CMD while true; do python ./manage.py runserver 0.0.0.0:18150; sleep 2; done