omg wtf

bcgov · Dec 10, 2024 · 1bc3889 · 1bc3889
1 parent f7b5aff
commit 1bc3889
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 52 deletions.
diff --git a/backend-py/Dockerfile b/backend-py/Dockerfile
@@ -1,66 +1,66 @@
 FROM python:3.13.1 AS build
 
-# Disable cache dir, disable upgrade message, create .venv in project dir
-ARG PIP_NO_CACHE_DIR=off \
-    PIP_DISABLE_PIP_VERSION_CHECK=on \
-    POETRY_VIRTUALENVS_IN_PROJECT=1
-
 # Packages
 RUN apt update && \
-apt install -y --no-install-recommends libpq-dev
+    apt install -y --no-install-recommends libpq-dev
 
 # Install poetry, then dependencies
 WORKDIR /app
 COPY pyproject.toml poetry.lock ./
-RUN pip install poetry==1.6.1
+RUN pip install --no-cache-dir "poetry==1.6.1"
 RUN poetry install --no-root -vvv --without dev --sync
 
-# Deploy
-# FROM python:3.13.1-slim  AS deploy
-FROM gcr.io/distroless/cc-debian12
+# uvicorn server
+RUN pip install --no-cache-dir "uvicorn==0.32.1"
+RUN chmod 0755 /usr/local/bin/uvicorn
+
 
-# Output to stdout/stderr, don't create .pyc files, etc.
-ENV PYTHONUNBUFFERED=1 \
-    PYTHONDONTWRITEBYTECODE=1 \
-    PATH="/app/.venv/bin:$PATH" \
-    PORT=3000
+# Deploy
+FROM gcr.io/distroless/python3 AS deploy
 
 # Dependencies, config and app
-WORKDIR /app
-COPY --from=build /app/.venv /app/.venv
-COPY logger.conf ./
-COPY ./src ./src
+WORKDIR /app/
+COPY --from=build /app/ /app/
+COPY --from=build /root/.cache/pypoetry/virtualenvs/* /app/.venv/
+
+# ### /usr/lib/x86_64-linux-gnu
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libpq.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libkrb5.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libk5crypto.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libkrb5support.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/liblber-2.4.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libsasl2.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libgnutls.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libp11-kit.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libidn2.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libunistring.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libtasn1.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libnettle.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libhogweed.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libgmp.so* /usr/lib/x86_64-linux-gnu/
+# COPY --from=build /usr/lib/x86_64-linux-gnu/libffi.so* /usr/lib/x86_64-linux-gnu/
 
-### /usr/lib/x86_64-linux-gnu
-#COPY --from=build /usr/lib/x86_64-linux-gnu/* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libpq.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libkrb5.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libk5crypto.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libkrb5support.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/liblber-2.4.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libsasl2.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libgnutls.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libp11-kit.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libidn2.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libunistring.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libtasn1.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libnettle.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libhogweed.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libgmp.so* /usr/lib/x86_64-linux-gnu/
-COPY --from=build /usr/lib/x86_64-linux-gnu/libffi.so* /usr/lib/x86_64-linux-gnu/
+# ### /lib/x86_64-linux-gnu
+# COPY --from=build /lib/x86_64-linux-gnu/libcom_err.so.2 /lib/x86_64-linux-gnu/libcom_err.so.2
+# COPY --from=build /lib/x86_64-linux-gnu/libcom_err.so.2.1 /lib/x86_64-linux-gnu/libcom_err.so.2.1
 
-### /lib/x86_64-linux-gnu
-#COPY --from=build /lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
-COPY --from=build /lib/x86_64-linux-gnu/libcom_err.so.2 /lib/x86_64-linux-gnu/libcom_err.so.2
-COPY --from=build /lib/x86_64-linux-gnu/libcom_err.so.2.1 /lib/x86_64-linux-gnu/libcom_err.so.2.1
-# COPY --from=build /lib/x86_64-linux-gnu/libkeyutils.so.1 /lib/x86_64-linux-gnu/libkeyutils.so.1
-# COPY --from=build /lib/x86_64-linux-gnu/libkeyutils.so.1.9 /lib/x86_64-linux-gnu/libkeyutils.so.1.9
+### Dev - delete this!
+COPY --from=build /bin/ls /bin/
+COPY --from=build /bin/sh /bin/
+COPY --from=build /bin/sleep /bin/
+COPY --from=build /bin/which /bin/
+COPY --from=build /bin/env /bin/
+COPY --from=build /bin/chmod /bin/
+COPY --from=build /bin/find /bin/
+COPY --from=build /usr/lib/x86_64-linux-gnu/libselinux.so.1 /usr/lib/x86_64-linux-gnu/
+COPY --from=build /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 /usr/lib/x86_64-linux-gnu/
 
-# Healthcheck
+# Healthcheck - ignored by OpenShift/Kubernetes
 HEALTHCHECK --interval=300s --timeout=10s CMD timeout 10s sh -c 'true > http://localhost:${PORT} || exit 1'
 
-# Start with non-privileged user
-USER 1001
-ENTRYPOINT uvicorn src.main:app --host 0.0.0.0 --port ${PORT} --workers 1 --server-header --date-header --limit-concurrency 1000 --log-config ./logger.conf
+WORKDIR /app/
+ENV PYTHONPATH=/app/.venv/lib/python3.13/site-packages
+COPY --from=build /usr/local/lib/python3.13/site-packages /app/.venv/lib/python3.13/site-packages
+ENTRYPOINT ["sleep", "infinity"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,6 +1,4 @@
 ---
-version: "3.9"
-
 x-var:
   - &POSTGRES_USER
     postgres
@@ -59,7 +57,7 @@ services:
         condition: service_healthy
 
   migrations-py:
-    profiles: ["python", "all"]
+    profiles: ["python", "all", "backend-py-deploy"]
     image: flyway/flyway:9-alpine
     container_name: migrations-py
     command: info migrate info
@@ -88,7 +86,7 @@ services:
         condition: service_started
 
   backend-py-model-generator:
-    profiles: ["python", "all"]
+    profiles: ["python", "all", "backend-py-deploy"]
     image: python:3.11-slim-buster # DO NOT change, as it breaks the module.
     container_name: backend-py-model-generator
     environment:
@@ -109,7 +107,19 @@ services:
     volumes: ["./backend-py:/application", "/application/.venv"]
     healthcheck:
       test: timeout 10s bash -c 'true > /dev/tcp/127.0.0.1/3000'
+    environment:
+      <<: [*postgres-vars, *python-vars]
+    ports: ["3003:3000"]
+    depends_on:
+      backend-py-model-generator:
+        condition: service_started
 
+  backend-py-deploy:
+    profiles: ["backend-py-deploy"]
+    build: ./backend-py
+    container_name: backend-py-deploy
+    healthcheck:
+      test: timeout 10s bash -c 'true > /dev/tcp/127.0.0.1/3000'
     environment:
       <<: [*postgres-vars, *python-vars]
     ports: ["3003:3000"]