ComicMTL / Dockerfile
BloodyInside's picture
last test
d34638f
raw
history blame
2.65 kB
# syntax=docker/dockerfile:1.3
ARG PYTHON_VERSION=3.12-slim-bullseye
FROM python:${PYTHON_VERSION}
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
# Install dependencies
RUN apt-get update && apt-get install -y \
libpq-dev \
gcc \
g++ \
wget \
unzip \
xvfb \
libxi6 \
libgconf-2-4 \
gnupg \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install Chrome
RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
&& apt-get update \
&& apt-get install -y google-chrome-stable
# Install ChromeDriver
RUN CHROMEDRIVER_VERSION=$(curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE) \
&& wget -O /tmp/chromedriver.zip http://chromedriver.storage.googleapis.com/$CHROMEDRIVER_VERSION/chromedriver_linux64.zip \
&& unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/
RUN useradd -m -u 1000 user
USER user
ENV PATH="/home/user/.local/bin:$PATH"
# Install Python dependencies
COPY --chown=user requirements.txt /tmp/requirements.txt
RUN pip install --no-cache-dir --upgrade pip \
&& pip install --no-cache-dir -r /tmp/requirements.txt
# Copy application code
COPY --chown=user . /code
WORKDIR /code
USER root
# Use secrets during build
RUN mkdir -p /secrets
RUN --mount=type=secret,id=HOST,required=true \
--mount=type=secret,id=DJANGO_SECRET,required=true \
--mount=type=secret,id=SECURE_TOKEN,required=true \
--mount=type=secret,id=WORKER_TOKEN,required=true \
--mount=type=secret,id=CLOUDFLARE_TURNSTILE_SECRET,required=true \
--mount=type=secret,id=REDIS_URL,required=true \
bash -c 'cp -r /run/secrets/* /secrets/'
RUN chown -R user:user /secrets
USER user
RUN bash -c 'export HOST=$(cat /secrets/HOST) && \
export DJANGO_SECRET=$(cat /secrets/DJANGO_SECRET) && \
export SECURE_TOKEN=$(cat /secrets/SECURE_TOKEN) && \
export WORKER_TOKEN=$(cat /secrets/WORKER_TOKEN) && \
export CLOUDFLARE_TURNSTILE_SECRET=$(cat /secrets/CLOUDFLARE_TURNSTILE_SECRET) && \
export REDIS_URL=$(cat /secrets/REDIS_URL) && \
python manage.py makemigrations && \
python manage.py migrate --database=default && \
python manage.py migrate --database=cache && \
python manage.py migrate --database=DB1 && \
python manage.py migrate --database=DB2'
RUN rm -rf /secrets
CMD ["uvicorn", "core.asgi:application", "--host", "0.0.0.0", "--port", "7860", "--log-level", "debug"]