Spaces:
Running
Running
# syntax=docker/dockerfile:1.3 | |
ARG PYTHON_VERSION=3.12-slim-bullseye | |
FROM python:${PYTHON_VERSION} | |
ENV PYTHONDONTWRITEBYTECODE 1 | |
ENV PYTHONUNBUFFERED 1 | |
# Install dependencies | |
RUN apt-get update && apt-get install -y \ | |
libpq-dev \ | |
gcc \ | |
g++ \ | |
wget \ | |
unzip \ | |
xvfb \ | |
libxi6 \ | |
libgconf-2-4 \ | |
gnupg \ | |
curl \ | |
&& rm -rf /var/lib/apt/lists/* | |
# Install Chrome | |
RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \ | |
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \ | |
&& apt-get update \ | |
&& apt-get install -y google-chrome-stable | |
# Install ChromeDriver | |
RUN CHROMEDRIVER_VERSION=$(curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE) \ | |
&& wget -O /tmp/chromedriver.zip http://chromedriver.storage.googleapis.com/$CHROMEDRIVER_VERSION/chromedriver_linux64.zip \ | |
&& unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ | |
RUN useradd -m -u 1000 user | |
USER user | |
ENV PATH="/home/user/.local/bin:$PATH" | |
# Install Python dependencies | |
COPY --chown=user requirements.txt /tmp/requirements.txt | |
RUN pip install --no-cache-dir --upgrade pip \ | |
&& pip install --no-cache-dir -r /tmp/requirements.txt | |
# Copy application code | |
COPY --chown=user . /code | |
WORKDIR /code | |
USER root | |
# Use secrets during build | |
RUN mkdir -p /secrets | |
RUN --mount=type=secret,id=HOST,required=true \ | |
--mount=type=secret,id=DJANGO_SECRET,required=true \ | |
--mount=type=secret,id=SECURE_TOKEN,required=true \ | |
--mount=type=secret,id=WORKER_TOKEN,required=true \ | |
--mount=type=secret,id=CLOUDFLARE_TURNSTILE_SECRET,required=true \ | |
--mount=type=secret,id=REDIS_URL,required=true \ | |
bash -c 'cp -r /run/secrets/* /secrets/' | |
RUN chown -R user:user /secrets | |
USER user | |
RUN bash -c 'export HOST=$(cat /secrets/HOST) && \ | |
export DJANGO_SECRET=$(cat /secrets/DJANGO_SECRET) && \ | |
export SECURE_TOKEN=$(cat /secrets/SECURE_TOKEN) && \ | |
export WORKER_TOKEN=$(cat /secrets/WORKER_TOKEN) && \ | |
export CLOUDFLARE_TURNSTILE_SECRET=$(cat /secrets/CLOUDFLARE_TURNSTILE_SECRET) && \ | |
export REDIS_URL=$(cat /secrets/REDIS_URL) && \ | |
python manage.py makemigrations && \ | |
python manage.py migrate --database=default && \ | |
python manage.py migrate --database=cache && \ | |
python manage.py migrate --database=DB1 && \ | |
python manage.py migrate --database=DB2' | |
RUN rm -rf /secrets | |
CMD ["uvicorn", "core.asgi:application", "--host", "0.0.0.0", "--port", "7860", "--log-level", "debug"] | |