From c69d5817cb1e7ee353b63f73919fbaead5c5a412 Mon Sep 17 00:00:00 2001 From: Juha Louhiranta Date: Mon, 23 Sep 2024 16:20:28 +0300 Subject: [PATCH] chore(dockerfile): use RedHat UBI base image Refs: TETP-295 --- backend/docker/tet.Dockerfile | 56 ++++++++++++++------------------ backend/tet/docker-entrypoint.sh | 7 +++- 2 files changed, 31 insertions(+), 32 deletions(-) diff --git a/backend/docker/tet.Dockerfile b/backend/docker/tet.Dockerfile index a83f45cd66..f465de5cc1 100644 --- a/backend/docker/tet.Dockerfile +++ b/backend/docker/tet.Dockerfile @@ -1,52 +1,46 @@ # ============================== -FROM helsinkitest/python:3.8-slim as appbase +FROM registry.access.redhat.com/ubi9/python-39 AS appbase # ============================== +USER root +WORKDIR /app + RUN mkdir /entrypoint -COPY --chown=appuser:appuser tet/requirements.txt /app/requirements.txt -COPY --chown=appuser:appuser tet/requirements-prod.txt /app/requirements-prod.txt -COPY --chown=appuser:appuser tet/.prod/escape_json.c /app/.prod/escape_json.c -COPY --chown=appuser:appuser shared /shared/ - -RUN apt-install.sh \ - git \ - netcat-traditional \ - libpq-dev \ - build-essential \ - wkhtmltopdf \ +COPY --chown=default:root tet/requirements.txt /app/requirements.txt +COPY --chown=default:root tet/requirements-prod.txt /app/requirements-prod.txt +COPY --chown=default:root tet/.prod/escape_json.c /app/.prod/escape_json.c +COPY --chown=default:root shared /shared/ + +RUN dnf --disableplugin subscription-manager update -y \ + && dnf --disableplugin subscription-manager install -y \ + nmap-ncat \ + postgresql-devel \ && pip install -U pip setuptools wheel \ && pip install --no-cache-dir -r /app/requirements.txt \ - && pip install --no-cache-dir -r /app/requirements-prod.txt \ + && pip install --no-cache-dir -r /app/requirements-prod.txt \ && uwsgi --build-plugin /app/.prod/escape_json.c \ && mv /app/escape_json_plugin.so /app/.prod/escape_json_plugin.so \ - && apt-cleanup.sh build-essential + && dnf --disableplugin subscription-manager clean all -COPY --chown=appuser:appuser tet/docker-entrypoint.sh /entrypoint/docker-entrypoint.sh +COPY --chown=default:root tet/docker-entrypoint.sh /entrypoint/docker-entrypoint.sh ENTRYPOINT ["/entrypoint/docker-entrypoint.sh"] -COPY --chown=appuser:appuser tet /app/ +COPY --chown=default:root tet /app/ + +EXPOSE 8000/tcp # ============================== -FROM appbase as development +FROM appbase AS development # ============================== -COPY --chown=appuser:appuser tet/requirements-dev.txt /app/requirements-dev.txt -RUN apt-install.sh \ - build-essential \ - && pip install --no-cache-dir -r /app/requirements-dev.txt \ - && apt-cleanup.sh build-essential +COPY --chown=default:root tet/requirements-dev.txt /app/requirements-dev.txt +RUN pip install --no-cache-dir -r /app/requirements-dev.txt ENV DEV_SERVER=1 - -USER appuser -EXPOSE 8000/tcp +USER default # ============================== -FROM appbase as production +FROM appbase AS production # ============================== -# TODO this doesn't work before STATIC_ROOT is set -# RUN SECRET_KEY="only-used-for-collectstatic" python manage.py collectstatic --noinput - -USER appuser -EXPOSE 8000/tcp +USER default diff --git a/backend/tet/docker-entrypoint.sh b/backend/tet/docker-entrypoint.sh index 9363b7dcf0..c6e9212695 100755 --- a/backend/tet/docker-entrypoint.sh +++ b/backend/tet/docker-entrypoint.sh @@ -4,7 +4,12 @@ set -e # Wait for the database if [ -z "$SKIP_DATABASE_CHECK" -o "$SKIP_DATABASE_CHECK" = "0" ]; then - wait-for-it.sh "${DATABASE_HOST}:${DATABASE_PORT-5432}" --timeout=30 + until nc -z -v -w30 "${DATABASE_HOST}" "${DATABASE_PORT-5432}" + do + echo "Waiting for postgres database connection..." + sleep 1 + done + echo "Database is up!" fi # Apply database migrations