diff --git a/Dockerfile b/Dockerfile index 6e5650d..66bf9f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,52 +1,72 @@ -FROM python:3.8-slim-buster +FROM python:3.12.6-bullseye AS base -ARG SCOPE +ARG APP_USER \ + APP_GROUP \ + UID \ + GID \ + NEXUS_USERNAME \ + NEXUS_PASSWORD -# Setup env -ENV SCOPE=${SCOPE} \ - # python - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONFAULTHANDLER=1 \ - PYTHONUNBUFFERED=1 \ - PYTHONHASHSEED=random \ - LC_ALL=C.UTF-8 \ - LANG=C.UTF-8 \ - # pip - PIP_NO_CACHE_DIR=off \ - PIP_DISABLE_PIP_VERSION_CHECK=on \ - PIP_DEFAULT_TIMEOUT=100 \ - # poetry: - POETRY_VERSION=1.1.13 \ - POETRY_NO_INTERACTION=1 \ - POETRY_VIRTUALENVS_CREATE=false \ - POETRY_CACHE_DIR='/var/cache/pypoetry' \ - POETRY_HOME='/usr/local' +ENV APP_USER=${APP_USER:-mines} \ + APP_GROUP=${APP_GROUP:-mines} \ + UID=${UID:-1000} \ + GID=${GID:-1000} \ + PYTHONFAULTHANDLER=1 \ + PYTHONUNBUFFERED=1 \ + PYTHONHASHSEED=random \ + PYTHONDONTWRITEBYTECODE=1 \ + LC_ALL=C.UTF-8 \ + LANG=C.UTF-8 \ + PIP_NO_CACHE_DIR=off \ + PIP_DISABLE_PIP_VERSION_CHECK=on \ + PIP_DEFAULT_TIMEOUT=100 \ + UV_LINK_MODE=copy \ + UV_PROJECT_ENVIRONMENT=/.venv \ + VIRTUAL_ENV=/.venv \ + PATH="/.venv/bin:$PATH" -SHELL ["/bin/bash", "-eo", "pipefail", "-c"] +COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv -RUN apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y \ +WORKDIR /app + +COPY uv.lock pyproject.toml ./ + +# Dependências +RUN echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ + curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ + apt-get update && \ + apt-get install -y \ bash \ - curl \ + clang \ build-essential \ + curl \ default-libmysqlclient-dev \ + gnupg \ + jq \ + libc6 \ + libffi-dev \ + libjpeg-dev \ + libmariadb-dev \ libpq-dev \ - # Installing `poetry` package manager: - # https://github.com/python-poetry/poetry - && curl -sSL 'https://install.python-poetry.org' | python - \ - && poetry --version \ - # Cleaning cache: - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* + libpthread-stubs0-dev \ + libxml2-dev \ + libxslt-dev \ + mariadb-client \ + zlib1g-dev && \ + apt-get install -y --no-install-recommends gcc && \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \ + apt-get clean -y && rm -rf /var/lib/apt/lists/* && \ + uv sync --dev && \ + uv cache clean && \ + . $VIRTUAL_ENV/bin/activate -# Copy only requirements to cache them in docker layer -WORKDIR /code -COPY poetry.lock pyproject.toml /code/ -RUN poetry config virtualenvs.create false \ - && poetry install $(test "$SCOPE" == production && echo "--no-dev") --no-interaction --no-ansi +# Copia o restante do código da aplicação +COPY . /app -# Creating folders, and files for a project: -COPY . /code +RUN groupadd -r $APP_GROUP -g $GID && \ + useradd -r -g $APP_GROUP -u $UID $APP_USER --shell /bin/bash --home /app -CMD ["/code/commands/run-prod.sh"] +USER $APP_USER + +CMD ["/app/commands/run-prod.sh"]