richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add hadolint as a workflow

pull/1803/head
Hironsan 2 years ago
parent
4c096c94ec
commit
81948d440f
5 changed files with 41 additions and 25 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      .dockerignore
  2. 11
      .github/workflows/ci.yml
  3. 41
      docker/Dockerfile
  4. 4
      docker/Dockerfile.nginx
  5. 5
      docker/Dockerfile.prod

5
.dockerignore
View File

@ -3,6 +3,10 @@ junitxml
.mypy_cache .mypy_cache
.pytest_cache .pytest_cache
.vscode .vscode
.git
.github
.DS_Store
dist
backend/*.sqlite3* backend/*.sqlite3*
backend/junitxml backend/junitxml
@ -12,6 +16,7 @@ backend/stored_uploads
backend/staticfiles backend/staticfiles
backend/venv backend/venv
backend/**/__pycache__/ backend/**/__pycache__/
backend/.mypy_cache
frontend/.nuxt/ frontend/.nuxt/
frontend/coverage/ frontend/coverage/

11
.github/workflows/ci.yml
View File

@ -55,3 +55,14 @@ jobs:
run: yarn install run: yarn install
- name: Lint - name: Lint
run: yarn lint run: yarn lint
docker-lint:
runs-on: ubuntu-latest
container: hadolint/hadolint:latest-debian
defaults:
run:
working-directory: ./docker
steps:
- uses: actions/checkout@v2
- name: hadolint
run: hadolint ./Dockerfile*

41
docker/Dockerfile
View File

@ -1,20 +1,22 @@
ARG PYTHON_VERSION="3.8.12-slim-buster" ARG PYTHON_VERSION="3.8.12-slim-buster"
ARG NODE_VERSION="16.5-alpine3.14"
ARG NODE_VERSION="16.14-buster-slim"
FROM node:${NODE_VERSION} AS frontend-builder FROM node:${NODE_VERSION} AS frontend-builder
COPY frontend/ /frontend/ COPY frontend/ /frontend/
WORKDIR /frontend WORKDIR /frontend
ENV PUBLIC_PATH="/static/_nuxt/" ENV PUBLIC_PATH="/static/_nuxt/"
# hadolint ignore=DL3018
RUN apk add -U --no-cache git python3 make g++ \
# hadolint ignore=DL3008
RUN apt-get update \
&& apt-get install -y --no-install-recommends git python3 make g++ ca-certificates \
&& git config --global url."https://github.com/".insteadOf git://github.com/ \ && git config --global url."https://github.com/".insteadOf git://github.com/ \
&& yarn install \ && yarn install \
&& yarn build \ && yarn build \
&& apk del --no-cache git make g++
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
FROM python:${PYTHON_VERSION} AS backend-builder FROM python:${PYTHON_VERSION} AS backend-builder
# hadolint ignore=DL3008
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
netcat=1.* \ netcat=1.* \
@ -23,46 +25,44 @@ RUN apt-get update \
g++=4:* \ g++=4:* \
libssl-dev=1.* \ libssl-dev=1.* \
curl \ curl \
&& apt-get clean
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /tmp WORKDIR /tmp
COPY backend/pyproject.toml backend/poetry.lock /tmp/ COPY backend/pyproject.toml backend/poetry.lock /tmp/
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# hadolint ignore=DL3013
RUN pip install --upgrade pip \
RUN pip install --no-cache-dir pip==22.0.4 \
&& curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \ && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
&& PATH="${PATH}:$HOME/.poetry/bin" \ && PATH="${PATH}:$HOME/.poetry/bin" \
&& poetry export --without-hashes -o /requirements.txt \ && poetry export --without-hashes -o /requirements.txt \
&& echo "psycopg2-binary==2.8.6" >> /requirements.txt \ && echo "psycopg2-binary==2.8.6" >> /requirements.txt \
&& echo "django-heroku==0.3.1" >> /requirements.txt \ && echo "django-heroku==0.3.1" >> /requirements.txt \
&& pip install --no-cache-dir -r /requirements.txt \
&& pip wheel --no-cache-dir -r /requirements.txt -w /deps
&& pip install --no-cache-dir -r /requirements.txt
FROM python:${PYTHON_VERSION} AS runtime FROM python:${PYTHON_VERSION} AS runtime
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
libpq-dev \
libpq-dev=11.* \
unixodbc-dev=2.* \ unixodbc-dev=2.* \
libssl-dev=1.* \ libssl-dev=1.* \
&& apt-get clean
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -ms /bin/sh doccano RUN useradd -ms /bin/sh doccano
RUN mkdir /data \ RUN mkdir /data \
&& chown doccano:doccano /data && chown doccano:doccano /data
COPY --from=backend-builder /deps /deps
# hadolint ignore=DL3013
RUN pip install --no-cache-dir -U pip \
&& pip install --no-cache-dir /deps/*.whl \
&& rm -rf /deps
COPY --from=backend-builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages
COPY --from=backend-builder /usr/local/bin/celery /usr/local/bin/celery
COPY --from=backend-builder /usr/local/bin/gunicorn /usr/local/bin/gunicorn
COPY --chown=doccano:doccano . /doccano COPY --chown=doccano:doccano . /doccano
WORKDIR /doccano/backend WORKDIR /doccano/backend
COPY --from=frontend-builder /frontend/dist /doccano/backend/client/dist COPY --from=frontend-builder /frontend/dist /doccano/backend/client/dist
RUN python manage.py collectstatic --noinput
RUN chown -R doccano:doccano .
RUN python manage.py collectstatic --noinput \
&& chown -R doccano:doccano .
VOLUME /data VOLUME /data
ENV DATABASE_URL="sqlite:////data/doccano.db" ENV DATABASE_URL="sqlite:////data/doccano.db"
@ -74,7 +74,6 @@ ENV PORT="8000"
ENV WORKERS="2" ENV WORKERS="2"
ENV CELERY_WORKERS="2" ENV CELERY_WORKERS="2"
ENV GOOGLE_TRACKING_ID="" ENV GOOGLE_TRACKING_ID=""
ENV AZURE_APPINSIGHTS_IKEY=""
ENV DJANGO_SETTINGS_MODULE="config.settings.production" ENV DJANGO_SETTINGS_MODULE="config.settings.production"
USER doccano USER doccano

4
docker/Dockerfile.nginx
View File

@ -3,9 +3,9 @@ FROM node:${NODE_VERSION} AS frontend-builder
COPY frontend/ /app/ COPY frontend/ /app/
WORKDIR /app WORKDIR /app
# hadolint ignore=DL3008
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y git python3 make g++ \
&& apt-get install -y --no-install-recommends git python3 make g++ ca-certificates \
&& git config --global url."https://github.com/".insteadOf git://github.com/ \ && git config --global url."https://github.com/".insteadOf git://github.com/ \
&& yarn install \ && yarn install \
&& yarn build \ && yarn build \

5
docker/Dockerfile.prod
View File

@ -12,8 +12,9 @@ RUN groupadd -g 61000 doccano \
&& useradd -g 61000 -l -M -s /bin/false -u 61000 doccano && useradd -g 61000 -l -M -s /bin/false -u 61000 doccano
COPY --chown=doccano:doccano backend/pyproject.toml backend/poetry.lock /backend/ COPY --chown=doccano:doccano backend/pyproject.toml backend/poetry.lock /backend/
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# hadolint ignore=DL3013
# hadolint ignore=DL3013,DL3008
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
netcat=1.* \ netcat=1.* \
@ -21,7 +22,7 @@ RUN apt-get update \
unixodbc-dev=2.* \ unixodbc-dev=2.* \
g++=4:* \ g++=4:* \
curl \ curl \
&& pip install --upgrade pip \
&& pip install --upgrade --no-cache-dir pip \
&& curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \ && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
&& PATH="${PATH}:$HOME/.poetry/bin" \ && PATH="${PATH}:$HOME/.poetry/bin" \
&& poetry config virtualenvs.create false \ && poetry config virtualenvs.create false \

Write Preview
Loading…
Cancel
Save