From b399636b3187ff59cfdf8863434cae9c0f699a9f Mon Sep 17 00:00:00 2001 From: "Paul S. Schweigert" Date: Thu, 3 Oct 2024 13:31:55 -0400 Subject: [PATCH] use multistage build for gateway Signed-off-by: Paul S. Schweigert --- gateway/Dockerfile | 60 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/gateway/Dockerfile b/gateway/Dockerfile index ac92454e8..68a11e083 100644 --- a/gateway/Dockerfile +++ b/gateway/Dockerfile @@ -1,37 +1,61 @@ -FROM registry.access.redhat.com/ubi9-minimal:9.4@sha256:104cf11d890aeb7dd5728b7d7732e175a0e4018f1bb00d2faebcc8f6bf29bd52 -RUN microdnf install -y python3.11-3.11.7 python3.11-pip-22.3.1 python3.11-devel-3.11.7 vim-enhanced-8.2.2637 &&\ - microdnf clean all -RUN ln -s /usr/bin/python3.11 /usr/local/bin/python3 && \ - ln -s /usr/bin/python3.11 /usr/local/bin/python &&\ - ln -s /usr/bin/pip3.11 /usr/local/bin/pip3 &&\ - ln -s /usr/bin/pip3.11 /usr/local/bin/pip +ARG MICRO_IMAGE_DIR=/ubi-micro-img +# BASE image using UBI 9 micro where the +# application and requirements will be installed +FROM registry.access.redhat.com/ubi9-micro:9.4-15 AS BASE + +# BUILD image using UBI 9 where the dependencies that +# require installing with a package manager will be installed +FROM registry.access.redhat.com/ubi9:9.4-1214.1726694543 AS BUILD +ARG MICRO_IMAGE_DIR + +# Copy the BASE image into the BUILD image +RUN mkdir ${MICRO_IMAGE_DIR} +COPY --from=BASE / ${MICRO_IMAGE_DIR} + +# Install Python inside the BASE image +# hadolint ignore=DL3041 +RUN dnf install --installroot ${MICRO_IMAGE_DIR} --nodocs -y \ + python3.11-3.11.7 \ + python3.11-devel-3.11.7 \ + libstdc++ &&\ + dnf upgrade --installroot ${MICRO_IMAGE_DIR} --nodocs -y && \ + dnf clean all --installroot ${MICRO_IMAGE_DIR} + +# APP image from `scratch` which will be the final image +# and remaining application requirements will be installed +FROM scratch AS APP +ARG MICRO_IMAGE_DIR +# hadolint ignore=DL3045 +COPY --from=BUILD ${MICRO_IMAGE_DIR}/ . + +# create symlinks for python +RUN ln -s /usr/bin/python3.11 /usr/bin/python + +# Create project dir WORKDIR /usr/src/app # set environment variables ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 -USER 0 COPY gateway/requirements.txt . -RUN pip install -r requirements.txt --no-cache-dir &&\ +# Install pip +RUN python3.11 -m ensurepip --upgrade +# Install dependencies and update then uninstall pip (not needed in final image) +RUN python3.11 -m pip install -r requirements.txt --no-cache-dir --upgrade && \ cp -r -n /usr/local/lib64/python3.11/site-packages/symengine /usr/local/lib/python3.11/site-packages &&\ - cp -r -n /usr/local/lib/python3.11/site-packages/symengine /usr/local/lib64/python3.11/site-packages + cp -r -n /usr/local/lib/python3.11/site-packages/symengine /usr/local/lib64/python3.11/site-packages &&\ + python3.11 -m pip uninstall -y pip + COPY gateway . RUN chown -R 1000:100 /usr/src/app &&\ mkdir /usr/src/app/media && chown 1000:100 /usr/src/app/media -# Need versions of pip/setuptools more recent than provided by UBI image -RUN python3.11 -m ensurepip --upgrade - -# hadolint ignore=DL3013 -RUN pip install --upgrade --no-cache-dir pip>=24.2 &&\ - pip install --upgrade --no-cache-dir setuptools>=72.1.0 - -USER 1000:100 RUN sed -i 's/\r$//g' /usr/src/app/entrypoint.sh &&\ chmod +x /usr/src/app/entrypoint.sh EXPOSE 8000 +USER 1000:100 # run entrypoint.sh ENTRYPOINT ["/usr/src/app/entrypoint.sh"]