-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
68 lines (56 loc) Β· 2.29 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
ARG BASE_IMAGE=docker.io/python:3.10.0-slim-bullseye
ARG SOURCE_DIR_PATH=/location-guessing-game-telegram-bot
# hadolint ignore=DL3006
FROM $BASE_IMAGE as build
# hadolint ignore=DL3008
RUN apt-get update \
&& apt-get install --no-install-recommends --yes \
ca-certificates \
git `# setuptools_scm` \
jq `# edit Pipfile.lock` \
&& rm -rf /var/lib/apt/lists/* \
&& useradd --create-home build
USER build
RUN pip install --user --no-cache-dir pipenv==2020.11.15
ARG SOURCE_DIR_PATH
COPY --chown=build Pipfile Pipfile.lock $SOURCE_DIR_PATH/
WORKDIR $SOURCE_DIR_PATH
ENV PIPENV_CACHE_DIR=/tmp/pipenv-cache \
PIPENV_VENV_IN_PROJECT=yes-please \
PATH=/home/build/.local/bin:$PATH
# `sponge` is not pre-installed
RUN jq 'del(.default."location-guessing-game-telegram-bot", .default."sanitized-package")' Pipfile.lock > Pipfile.lock~ \
&& mv Pipfile.lock~ Pipfile.lock \
&& pipenv install --deploy \
&& rm -rf $PIPENV_CACHE_DIR
COPY --chown=build . $SOURCE_DIR_PATH
# allow manual specification to support build without git history
ARG SETUPTOOLS_SCM_PRETEND_VERSION=
RUN pipenv install --deploy \
&& pipenv run location-guessing-game-telegram-bot --help \
&& pipenv graph \
&& pipenv run pip freeze \
&& rm -rf .git/ $PIPENV_CACHE_DIR \
&& chmod -cR a+rX .
# workaround for broken multi-stage copy
# > failed to copy files: failed to copy directory: Error processing tar file(exit status 1): Container ID ... cannot be mapped to a host ID
USER 0
RUN chown -R 0:0 $SOURCE_DIR_PATH
USER build
# hadolint ignore=DL3006
FROM $BASE_IMAGE
# hadolint ignore=DL3008
RUN apt-get update \
&& apt-get install --no-install-recommends --yes ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& find / -xdev -type f -perm /u+s -exec chmod -c u-s {} \; \
&& find / -xdev -type f -perm /g+s -exec chmod -c g-s {} \;
USER nobody
ARG SOURCE_DIR_PATH
COPY --from=build $SOURCE_DIR_PATH $SOURCE_DIR_PATH
ENV PATH=$SOURCE_DIR_PATH/.venv/bin:$PATH
WORKDIR $SOURCE_DIR_PATH
CMD ["location-guessing-game-telegram-bot"]
# https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md
LABEL org.opencontainers.image.title="location guessing game telegram bot" \
org.opencontainers.image.source="https://github.com/fphammerle/location-guessing-game-telegram-bot"