Iain Sproat
b396029cf6
* chore(Dockerfile): pin images by digest this ensures consistent builds with images pinned by SHA * introduces a GitHub Action will create a PR to update the images when there is a new version, and will pin to that newer version SHA. * Bump debian to 12 'bookworm' * Bump pypi libraries * except frontend-1, as only debian 11 is currently supported by openresty * Bump debian packages
34 lines
1.1 KiB
Docker
34 lines
1.1 KiB
Docker
FROM debian:12-slim@sha256:45287d89d96414e57c7705aa30cb8f9836ef30ae8897440dd8f06c4cff801eec AS build-stage
|
|
|
|
WORKDIR /build
|
|
|
|
# install tini
|
|
ARG TINI_VERSION=v0.19.0
|
|
ENV TINI_VERSION=${TINI_VERSION}
|
|
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini ./tini
|
|
RUN chmod +x ./tini
|
|
|
|
# Add python virtual env
|
|
WORKDIR /venv
|
|
RUN apt-get update && \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install \
|
|
--no-install-suggests --no-install-recommends --yes \
|
|
python3-venv=3.11.2-1+b1 && \
|
|
python3 -m venv /venv
|
|
|
|
COPY utils/monitor-deployment/requirements.txt /requirements.txt
|
|
RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt
|
|
|
|
FROM gcr.io/distroless/python3-debian12:nonroot@sha256:27d2d6afcfb109e4c147449d4af957f71cb770196527d0da1d1d92b9680b0daa as production-stage
|
|
ARG PG_CONNECTION_STRING
|
|
ARG NODE_EXTRA_CA_CERTS
|
|
ENV PG_CONNECTION_STRING=${PG_CONNECTION_STRING} \
|
|
NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS}
|
|
|
|
COPY --from=build-stage /venv /venv
|
|
COPY --from=build-stage /build/tini /usr/bin/tini
|
|
WORKDIR /app
|
|
COPY utils/monitor-deployment .
|
|
|
|
ENTRYPOINT [ "tini", "--", "/venv/bin/python3", "-u", "src/run.py"]
|