From 8dfa0016d1f20c6bb7e390f344efe0b466453fa6 Mon Sep 17 00:00:00 2001 From: Hironsan Date: Mon, 12 Sep 2022 11:40:19 +0900 Subject: [PATCH] Use multi-stage build to reduce the image size --- docker/Dockerfile.prod | 54 ++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 7f3b9954..3fb43e3d 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -1,45 +1,57 @@ ARG PYTHON_VERSION="3.8.13-slim-bullseye" -FROM python:${PYTHON_VERSION} +FROM python:${PYTHON_VERSION} AS backend-builder -CMD ["python3"] - -WORKDIR /backend - -ENV PYTHONDONTWRITEBYTECODE 1 -ENV PYTHONUNBUFFERED 1 - -RUN groupadd -g 61000 doccano \ - && useradd -g 61000 -l -M -s /bin/false -u 61000 doccano - -COPY --chown=doccano:doccano backend/pyproject.toml backend/poetry.lock /backend/ -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# hadolint ignore=DL3013,DL3008 +# hadolint ignore=DL3008 RUN apt-get update \ && apt-get install -y --no-install-recommends \ netcat=1.* \ libpq-dev=13.* \ unixodbc-dev=2.* \ g++=4:* \ + libssl-dev=1.* \ curl \ - && pip install --upgrade --no-cache-dir pip==22.2.2 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /tmp +COPY backend/pyproject.toml backend/poetry.lock /tmp/ +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN pip install -U --no-cache-dir pip==22.2.2 \ && curl -sSL https://install.python-poetry.org | python - \ && export PATH="/root/.local/bin:$PATH" \ - && poetry config virtualenvs.create false \ - && poetry install --no-dev --no-root \ - && poetry add psycopg2-binary \ + && poetry export --without-hashes -o /requirements.txt \ + && echo "psycopg2-binary==2.8.6" >> /requirements.txt \ + && pip install --no-cache-dir -r /requirements.txt + +FROM python:${PYTHON_VERSION} AS runtime + +WORKDIR /backend + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + libpq-dev=13.* \ + unixodbc-dev=2.* \ + libssl-dev=1.* \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* +RUN groupadd -g 61000 doccano \ + && useradd -g 61000 -l -M -s /bin/false -u 61000 doccano + +COPY --from=backend-builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages +COPY --from=backend-builder /usr/local/bin/celery /usr/local/bin/celery +COPY --from=backend-builder /usr/local/bin/gunicorn /usr/local/bin/gunicorn COPY --chown=doccano:doccano tools/ /opt/bin/ +COPY --chown=doccano:doccano backend/ /backend/ RUN mkdir -p /backend/staticfiles \ && mkdir -p /backend/client/dist/static \ && mkdir -p /backend/media \ && mkdir -p /backend/filepond-temp-uploads \ && chown -R doccano:doccano /backend/ -COPY --chown=doccano:doccano ./backend/ /backend/ -RUN ls /backend +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 USER doccano:doccano VOLUME /backend/staticfiles