-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathRemoteSettings.Dockerfile
More file actions
101 lines (78 loc) · 2.8 KB
/
RemoteSettings.Dockerfile
File metadata and controls
101 lines (78 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
############################
# Compile stage
############################
FROM python:3.14.3 AS compile
ENV VIRTUAL_ENV=/opt/.venv \
PATH="/opt/.venv/bin:$PATH"
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
WORKDIR /opt
COPY ./uv.lock ./pyproject.toml ./
RUN uv venv $VIRTUAL_ENV
RUN uv sync --frozen --no-install-project --no-editable \
--no-group kinto-remote-settings \
--no-group cronjobs \
--no-group git-reader \
--no-group dev \
--no-group docs
COPY ./kinto-remote-settings ./kinto-remote-settings
RUN uv sync --frozen --no-install-project --no-editable \
--group kinto-remote-settings \
--no-group cronjobs \
--no-group git-reader \
--no-group dev \
--no-group docs
############################
# Kinto Admin stage
############################
# We pull the Kinto Admin assets at the version specified in `kinto-admin/VERSION`.
FROM alpine:3 AS get-admin
WORKDIR /opt
COPY bin/pull-kinto-admin.sh .
COPY kinto-admin/ kinto-admin/
RUN ./pull-kinto-admin.sh
############################
# Production stage
############################
FROM python:3.14.3-slim AS production
ENV KINTO_INI=config/local.ini \
KINTO_ADMIN_ASSETS_PATH=/app/kinto-admin/build/ \
PATH="/opt/.venv/bin:$PATH" \
GRANIAN_HOST="0.0.0.0" \
GRANIAN_PORT=8888 \
GRANIAN_TRUSTED_HOSTS="*" \
GRANIAN_METRICS_ENABLED=true \
GRANIAN_METRICS_ADDRESS="0.0.0.0" \
GRANIAN_METRICS_PORT=9090 \
# cap concurrent WSGI requests to something reasonable relative to the DB pool size
GRANIAN_BACKPRESSURE="32" \
PYTHONUNBUFFERED=1 \
VIRTUAL_ENV=/opt/.venv \
PROMETHEUS_MULTIPROC_DIR="/tmp/metrics" \
VERSION_FILE=/app/version.json
COPY /bin/update_and_install_system_packages.sh /opt
RUN /opt/update_and_install_system_packages.sh \
# Needed for psycopg2
libpq-dev
COPY --from=compile $VIRTUAL_ENV $VIRTUAL_ENV
WORKDIR /app
RUN chown 10001:10001 /app && \
groupadd --gid 10001 app && \
useradd --no-create-home --uid 10001 --gid 10001 --home-dir /app app
COPY --chown=app:app . .
COPY --from=get-admin /opt/kinto-admin/build $KINTO_ADMIN_ASSETS_PATH
# Generate local key pair to simplify running without Autograph out of the box (see `config/testing.ini`)
RUN python -m kinto_remote_settings.signer.generate_keypair /app/ecdsa.private.pem /app/ecdsa.public.pem
EXPOSE $GRANIAN_PORT $GRANIAN_METRICS_PORT
USER app
ENTRYPOINT ["./bin/run.sh"]
# Run server by default
CMD ["start"]
############################
# Local stage
############################
FROM production AS local
# Serve attachments at /attachments
ENV GRANIAN_STATIC_PATH_ROUTE=/attachments
ENV GRANIAN_STATIC_PATH_MOUNT=/tmp/attachments
# create directories for volume mounts used in browser tests / local development
RUN mkdir -p -m 777 /app/mail && mkdir -p -m 777 /tmp/attachments