diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index c03adae..0000000 --- a/.dockerignore +++ /dev/null @@ -1,154 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ -.env.example - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# Uploads folder -uploads/ - -# Tests folder -tests/ - -# GitHub Actions -.github/ - -# Visual Studio Code -.vscode/ - -# Renovate -# https://github.com/marketplace/renovate -renovate.json - -# Git files and directories -.git/ -.gitignore - -# Docker files -docker-compose.yml -Dockerfile diff --git a/Dockerfile b/Dockerfile index bf68648..07e6002 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,43 +1,39 @@ +FROM python:3.12-slim as builder + +# Install Poetry +RUN pip install poetry + +# Add /home/root/.local/bin to the PATH +ENV PATH=/home/root/.local/bin:$PATH + +# Copy pyproject.toml and poetry.lock +COPY pyproject.toml poetry.lock ./ + +# Create a requirements.txt file +RUN poetry export -f requirements.txt --output requirements.txt --without-hashes + FROM python:3.12-slim -# TODO: Do the Poetry stuff in its own stage -# TODO: Add support for logging -# TODO: Add health check -# TODO: Add support for changing uid/gid -# TODO: Add support for changing host and port -# We don't want apt-get to interact with us and we want the default answers to be used for all questions. -ARG DEBIAN_FRONTEND=noninteractive +# Install ffmpeg +RUN apt-get update && apt-get install ffmpeg -y --no-install-recommends -# Force the stdout and stderr streams to be unbuffered. -# Will allow log messages to be immediately dumped instead of being buffered. -# This is useful when the bot crashes before writing messages stuck in the buffer. -ENV PYTHONUNBUFFERED 1 +# Create a non-root user and our upload directory. +RUN useradd --create-home botuser && mkdir /Uploads && chown botuser:botuser /Uploads -# Update the system and install curl, it is needed for downloading Poetry. -RUN apt-get update && apt-get install curl ffmpeg -y --no-install-recommends - -# 1. Create user so we don't run as root -# 2. Create directories that the bot needs that are owned by the user. -# /Uploads is used to store the uploaded files. -# /home/botuser/discord-embed is where the Python code is stored. -RUN useradd --create-home botuser && \ - install --verbose --directory --mode=0775 --owner=botuser --group=botuser /Uploads /home/botuser/discord-embed - -# Change to the user we created. +# Switch to the non-root user USER botuser # Change directory to where we will run the bot. -WORKDIR /home/botuser/discord-embed +WORKDIR /app + +# Copy the requirements.txt file from the builder stage +COPY --from=builder ./requirements.txt . + +# Install the Python requirements +RUN pip install --no-cache-dir --disable-pip-version-check -r requirements.txt # Add needed files to the container, files and directories not needed are ignored in .dockerignore. -ADD --chown=botuser:botuser . /home/botuser/discord-embed/ - -# 1. Install Poetry. -# 2. Add Poetry to the PATH. -# 3. Install dependencies. -ENV PATH="/home/botuser/.local/bin/:$PATH" -RUN curl -sSL https://install.python-poetry.org | python - -RUN poetry install --no-interaction --no-ansi --only main +ADD --chown=botuser:botuser /discord_embed /app/discord_embed # Persist the uploaded files and files we have created. VOLUME ["/Uploads"] @@ -45,4 +41,6 @@ VOLUME ["/Uploads"] # Run the server on all interfaces and on port 5000. # You should run a reverse proxy like nginx infront of this. EXPOSE 5000 -CMD ["poetry", "run", "uvicorn", "discord_embed.main:app", "--host", "0.0.0.0", "--port", "5000"] + +ENV PATH=/home/botuser/.local/bin:$PATH +CMD ["uvicorn", "discord_embed.main:app", "--host", "0.0.0.0", "--port", "5000", "--access-log", "--use-colors", "--proxy-headers", "--forwarded-allow-ips", "*"]