forked from cfpb/consumerfinance.gov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
141 lines (106 loc) · 4.8 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
FROM centos:7 AS cfgov-dev
# Ensure that the environment uses UTF-8 encoding by default
ENV LANG en_US.UTF-8
LABEL maintainer="[email protected]"
# Specify SCL-based Python version
# Currently used option: rh-python36
# See: https://www.softwarecollections.org/en/scls/user/rhscl/?search=python
ARG scl_python_version
ENV SCL_PYTHON_VERSION ${scl_python_version}
# Stops Python default buffering to stdout, improving logging to the console.
ENV PYTHONUNBUFFERED 1
ENV APP_HOME /src/consumerfinance.gov
RUN mkdir -p ${APP_HOME}
WORKDIR ${APP_HOME}
SHELL ["/bin/bash", "--login", "-o", "pipefail", "-c"]
# Install common OS packages
RUN yum -y install \
centos-release-scl \
epel-release && \
rpm -i https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm && \
curl -sL https://rpm.nodesource.com/setup_12.x | bash - && \
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \
yum -y update && \
yum -y install \
gcc \
git \
mailcap \
postgresql10 \
which \
gettext \
${SCL_PYTHON_VERSION} && \
yum clean all && rm -rf /var/cache/yum && \
echo "source scl_source enable ${SCL_PYTHON_VERSION}" > /etc/profile.d/enable_scl_python.sh && \
source /etc/profile && \
pip install --no-cache-dir --upgrade pip setuptools wheel
# Disables pip cache. Reduces build time, and suppresses warnings when run as non-root.
# NOTE: MUST be after pip upgrade. Build fails otherwise due to bug in old pip.
ENV PIP_NO_CACHE_DIR true
# Install python requirements
COPY requirements requirements
RUN pip install -r requirements/local.txt -r requirements/deployment.txt
EXPOSE 8000
ENTRYPOINT ["./docker-entrypoint.sh"]
CMD ["python", "./cfgov/manage.py", "runserver", "0.0.0.0:8000"]
# Build Frontend Assets
FROM cfgov-dev as cfgov-build
ENV STATIC_PATH ${APP_HOME}/cfgov/static/
ENV PYTHONPATH ${APP_HOME}/cfgov
# Django Settings
ENV DJANGO_SETTINGS_MODULE cfgov.settings.production
ENV DJANGO_STATIC_ROOT ${STATIC_PATH}
ENV ALLOWED_HOSTS '["*"]'
# See .dockerignore for details on which files are included
COPY . .
RUN yum -y install nodejs yarn && \
./frontend.sh production && \
cfgov/manage.py collectstatic && \
yarn cache clean && \
rm -rf node_modules npm-packages-offline-cache
# Production-like Apache-based image
FROM cfgov-dev as cfgov-prod
ENV SCL_HTTPD_VERSION httpd24
ENV SCL_HTTPD_ROOT /opt/rh/${SCL_HTTPD_VERSION}/root
# Apache HTTPD settings
ENV APACHE_SERVER_ROOT ${APP_HOME}/cfgov/apache
ENV APACHE_PROCESS_COUNT 4
ENV ACCESS_LOG /dev/stdout
ENV ERROR_LOG /dev/stderr
ENV STATIC_PATH ${APP_HOME}/cfgov/static/
# mod_wsgi settings
ENV CFGOV_PATH ${APP_HOME}
ENV CFGOV_CURRENT ${APP_HOME}
ENV PYTHONPATH ${APP_HOME}/cfgov
# Django Settings
ENV DJANGO_SETTINGS_MODULE cfgov.settings.production
ENV DJANGO_STATIC_ROOT ${STATIC_PATH}
ENV ALLOWED_HOSTS '["*"]'
# Install and enable SCL-based Apache server and mod_wsgi,
# and converts all Docker Secrets into environment variables.
RUN yum -y install ${SCL_HTTPD_VERSION} ${SCL_PYTHON_VERSION}-mod_wsgi && \
yum clean all && rm -rf /var/cache/yum && \
echo "source scl_source enable ${SCL_HTTPD_VERSION}" > /etc/profile.d/enable_scl_httpd.sh && \
echo '[ -d /var/run/secrets ] && cd /var/run/secrets && for s in *; do export $s=$(cat $s); done && cd -' > /etc/profile.d/secrets_env.sh
# Copy the cfgov directory form the build image
COPY --from=cfgov-build --chown=apache:apache ${CFGOV_PATH}/cfgov ${CFGOV_PATH}/cfgov
COPY --from=cfgov-build --chown=apache:apache ${CFGOV_PATH}/docker-entrypoint.sh ${CFGOV_PATH}/refresh-data.sh ${CFGOV_PATH}/
COPY --from=cfgov-build --chown=apache:apache ${CFGOV_PATH}/static.in ${CFGOV_PATH}/static.in
RUN yum clean all && rm -rf /var/cache/yum && \
chown -R apache:apache ${APP_HOME} ${SCL_HTTPD_ROOT}/usr/share/httpd ${SCL_HTTPD_ROOT}/var/run
ENV PATH="/opt/rh/${SCL_PYTHON_VERSION}/root/usr/bin:${PATH}"
# Remove files flagged by image vulnerability scanner
RUN cd /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/ && \
rm -f ndg/httpsclient/test/pki/localhost.key sslserver/certs/development.key
USER apache
# Build frontend, cleanup excess file, and setup filesystem
# - cfgov/f/ - Wagtail file uploads
# - /tmp/eregs_cache/ - Django file-based cache
RUN ln -s ${SCL_HTTPD_ROOT}/etc/httpd/modules ${APACHE_SERVER_ROOT}/modules && \
ln -s ${SCL_HTTPD_ROOT}/etc/httpd/run ${APACHE_SERVER_ROOT}/run && \
rm -rf cfgov/apache/www cfgov/unprocessed && \
mkdir -p cfgov/f /tmp/eregs_cache
RUN ./frontend.sh
# Healthcheck retry set high since database loads take a while
HEALTHCHECK --start-period=15s --interval=30s --retries=30 \
CMD curl -sf -A docker-healthcheck -o /dev/null http://localhost:8000
CMD ["httpd", "-d", "cfgov/apache", "-D", "FOREGROUND"]