Alterando Dockerfile

.gitea/workflows/on_release.yml

@@ -3,71 +3,63 @@ name: Creates a docker image for production
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
 
 jobs:
-  build:
+  build_docker:
     name: Build the docker image
     runs-on: ubuntu-latest
     steps:
-      - name: Build started
-        uses: voxmedia/github-action-slack-notify-build@v1
-        if: success()
-        with:
-          channel: ci-notifications
-          status: STARTED
-          color: good
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1
-      - name: Log in to Docker Hub
+      - name: Log in to Nexus Docker Hub
-        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          registry: docker.nexus.makecodes.dev
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v5
         with:
-          images: redbeard/mines-backend
+          images: docker.nexus.makecodes.dev/mines/backend
-      - name: Build and push Docker image
+      - name: Build and push
-        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        uses: docker/build-push-action@v5
-        env:
-          SCOPE: production
         with:
           context: .
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Build finished
+      - name: Deploy to production server
-        if: success()
+        run: |
-        uses: voxmedia/github-action-slack-notify-build@v1
+          TOKEN=$(curl --silent --location 'https://auth.makecodes.dev/auth' \
-        with:
+            --header 'Content-Type: application/json' \
-          channel: ci-notifications
+            --data '{
-          status: SUCCESS
+                "email": "'$USERNAME'",
-          color: good
+                "password": "'$PASSWORD'"
+            }' | jq -r '.token')
+          # curl --location --silent 'https://deployer.makecodes.dev/deploy' \
+          #   --header 'Content-Type: application/json' \
+          #   --header "Authorization: Bearer $TOKEN" \
+          #   --data '{
+          #       "image": "docker.nexus.makecodes.dev/makecodes/nfe-vision",
+          #       "service": "nfe-vision_app",
+          #       "version": "${{ github.ref_name }}",
+          #       "pipeline": "${{ github.run_number }}",
+          #       "repository": "makecodes/nfe-vision"
+          #   }'
+          #   curl --location --silent 'https://deployer.makecodes.dev/deploy' \
+          #   --header 'Content-Type: application/json' \
+          #   --header "Authorization: Bearer $TOKEN" \
+          #   --data '{
+          #       "image": "docker.nexus.makecodes.dev/makecodes/nfe-vision",
+          #       "service": "nfe-vision_worker",
+          #       "version": "${{ github.ref_name }}",
+          #       "pipeline": "${{ github.run_number }}",
+          #       "repository": "makecodes/nfe-vision"
+          #   }'
         env:
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          USERNAME: ${{ secrets.SERVER_AUTH_USERNAME }}
-  deploy:
+          PASSWORD: ${{ secrets.SERVER_AUTH_PASSWORD }}
-    name: Deploy
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    steps:
-      - name: Deploy to production
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USERNAME }}
-          password: ${{ secrets.SSH_PASSWORD }}
-          port: ${{ secrets.SSH_PORT }}
-          script: |
-            cd /media/data/apps/mines-backend
-            docker pull  redbeard/mines-backend:latest
-            docker-compose up -d app0
-            docker-compose up -d app1
-            docker exec -t mines-be0 python manage.py migrate
-            docker image prune -f

Dockerfile

@@ -1,52 +1,72 @@
-FROM python:3.8-slim-buster
+FROM python:3.12.6-bullseye AS base
 
-ARG SCOPE
+ARG APP_USER \
+    APP_GROUP \
+    UID \
+    GID \
+    NEXUS_USERNAME \
+    NEXUS_PASSWORD
 
-# Setup env
+ENV APP_USER=${APP_USER:-mines} \
-ENV SCOPE=${SCOPE} \
+    APP_GROUP=${APP_GROUP:-mines} \
-  # python
+    UID=${UID:-1000} \
-  PYTHONDONTWRITEBYTECODE=1 \
+    GID=${GID:-1000} \
-  PYTHONFAULTHANDLER=1 \
+    PYTHONFAULTHANDLER=1 \
-  PYTHONUNBUFFERED=1 \
+    PYTHONUNBUFFERED=1 \
-  PYTHONHASHSEED=random \
+    PYTHONHASHSEED=random \
-  LC_ALL=C.UTF-8 \
+    PYTHONDONTWRITEBYTECODE=1 \
-  LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
-  # pip
+    LANG=C.UTF-8 \
-  PIP_NO_CACHE_DIR=off \
+    PIP_NO_CACHE_DIR=off \
-  PIP_DISABLE_PIP_VERSION_CHECK=on \
+    PIP_DISABLE_PIP_VERSION_CHECK=on \
-  PIP_DEFAULT_TIMEOUT=100 \
+    PIP_DEFAULT_TIMEOUT=100 \
-  # poetry:
+    UV_LINK_MODE=copy \
-  POETRY_VERSION=1.1.13 \
+    UV_PROJECT_ENVIRONMENT=/.venv \
-  POETRY_NO_INTERACTION=1 \
+    VIRTUAL_ENV=/.venv \
-  POETRY_VIRTUALENVS_CREATE=false \
+    PATH="/.venv/bin:$PATH"
-  POETRY_CACHE_DIR='/var/cache/pypoetry' \
-  POETRY_HOME='/usr/local'
 
-SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
 
-RUN apt-get update && apt-get upgrade -y \
+WORKDIR /app
-  && apt-get install --no-install-recommends -y \
+
+COPY uv.lock pyproject.toml ./
+
+# Dependências
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
+    curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
+    apt-get update && \
+    apt-get install -y \
     bash \
-    curl \
+    clang \
     build-essential \
+    curl \
     default-libmysqlclient-dev \
+    gnupg \
+    jq \
+    libc6 \
+    libffi-dev \
+    libjpeg-dev \
+    libmariadb-dev \
     libpq-dev \
-  # Installing `poetry` package manager:
+    libpthread-stubs0-dev \
-  # https://github.com/python-poetry/poetry
+    libxml2-dev \
-  && curl -sSL 'https://install.python-poetry.org' | python - \
+    libxslt-dev \
-  && poetry --version \
+    mariadb-client \
-  # Cleaning cache:
+    zlib1g-dev && \
-  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+    apt-get install -y --no-install-recommends gcc && \
-  && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \
+    apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
+    uv sync --dev && \
+    uv cache clean && \
+    . $VIRTUAL_ENV/bin/activate
 
-# Copy only requirements to cache them in docker layer
-WORKDIR /code
-COPY poetry.lock pyproject.toml /code/
 
-RUN poetry config virtualenvs.create false \
+# Copia o restante do código da aplicação
-  && poetry install $(test "$SCOPE" == production && echo "--no-dev") --no-interaction --no-ansi
+COPY . /app
 
-# Creating folders, and files for a project:
+RUN groupadd -r $APP_GROUP -g $GID && \
-COPY . /code
+    useradd -r -g $APP_GROUP -u $UID $APP_USER --shell /bin/bash --home /app
 
-CMD ["/code/commands/run-prod.sh"]
+USER $APP_USER
+
+CMD ["/app/commands/run-prod.sh"]