From cc41d55897a521926f6f639ec6f6f4d48ef9d055 Mon Sep 17 00:00:00 2001 From: linglp Date: Tue, 19 Mar 2024 20:51:12 +0000 Subject: [PATCH] addressed errors from hadolint --- apps/schematic/api/Dockerfile | 57 ++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index fc12109913..a357e2f229 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -1,6 +1,6 @@ FROM tiangolo/uwsgi-nginx-flask:python3.10 -# add label +# add label LABEL org.opencontainers.image.authors='Milen Nikolov , Andrew Lamb , Mialy DeFelice , Gianna Jordan , Lingling Peng ' # the environment variables defined here are the default @@ -13,56 +13,63 @@ ENV PYTHONFAULTHANDLER=1 \ PIP_DISABLE_PIP_VERSION_CHECK=on \ PIP_DEFAULT_TIMEOUT=200 \ POETRY_VERSION=1.3.0 \ - APP_PARENT_DIR=/app \ + APP_PARENT_DIR=/app \ + NGINX_CONFIG=/etc/nginx/conf.d \ APP_DIR=/app/app \ ROOT=/ \ - UWSGI_INI=/app/uwsgi.ini \ + UWSGI_INI=/app/uwsgi.ini \ NGINX_WORKER_PROCESSES=1 \ VERSION=$TAG # run open ssl and generate certificate -RUN apt update \ +RUN apt-get update -qq -y && export DEBIAN_FRONTEND=noninteractive \ + && apt-get install --no-install-recommends -qq -y \ + openssl jq \ && apt-get -y autoclean \ && apt-get -y autoremove \ - && rm -rf /var/lib/apt/lists/* \ - && apt-get update \ - && apt-get install --no-install-recommends -y openssl jq + && rm -rf /var/lib/apt/lists/* # add dhparam.pem +# dhparam.pem was used in ssl-params.conf COPY dhparam.pem /etc/ssl/dhparam.pem # copy all nginx config files -COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf /etc/nginx/conf.d/ +WORKDIR ${NGINX_CONFIG} +COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./ # copy to use custom uwsgi.ini -COPY uwsgi.ini /app/uwsgi.ini +COPY uwsgi.ini /app/uwsgi.ini -# copy files relevant for schematic apis, including uwsgi.ini -# also install dependencies -WORKDIR /app/app +# copy files relevant for schematic apis COPY pyproject.toml poetry.lock /app/app/ COPY ./schematic_api /app/app/schematic_api -RUN pip install --no-cache-dir poetry \ +# install dependencies +WORKDIR /app/app +# Use the version of Poetry installed in the dev container. +# See /workspaces/sage-monorepo/tools/devcontainers/sage/.devcontainer/Dockerfile +RUN pip install --no-cache-dir poetry==1.6.1 \ && poetry config --local virtualenvs.create false \ && poetry run pip install "cython<3.0.0" \ && poetry run pip install --no-build-isolation pyyaml==5.4.1 \ - && poetry install --with prod --no-root --no-interaction --no-ansi - -# temporary here until schematic allows .synapseCache to a different path -RUN mkdir -p /root/.synapseCache /app/app/manifests \ - && echo "This is a test file." > /root/.synapseCache/test.txt \ - && chmod -R 777 /root /app + && poetry install --with prod --no-root --no-interaction --no-ansi \ + # Update file permission + && mkdir /root/.synapseCache /app/app/manifests \ + # temporary here to ensure .synapseCache is not empty + && echo "This is a test file." > /root/.synapseCache/test.txt \ + # temporary here until we move .synapseCache to a different path + && chmod -R 777 /root /app # Modify entrypoint script to allow SSL private key and certificate to be saved WORKDIR ${ROOT} -COPY uwsgi-nginx-entrypoint.sh entrypoint2.sh -COPY uwsgi-nginx-entrypoint.sh uwsgi-nginx-entrypoint2.sh -COPY save_key_certificate.py ./ - -RUN chmod +x uwsgi-nginx-entrypoint2.sh entrypoint2.sh \ - && chown -R nginx /uwsgi-nginx-entrypoint2.sh /entrypoint2.sh +COPY uwsgi-nginx-entrypoint.sh ./entrypoint2.sh +COPY uwsgi-nginx-entrypoint.sh ./uwsgi-nginx-entrypoint2.sh +COPY save_key_certificate.py ./save_key_certificate.py +RUN chmod +x uwsgi-nginx-entrypoint2.sh \ + && chmod +x entrypoint2.sh \ + && chown -R nginx /uwsgi-nginx-entrypoint2.sh \ + && chown -R nginx /entrypoint2.sh WORKDIR ${APP_DIR}