-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathDockerfile
More file actions
155 lines (130 loc) · 7.01 KB
/
Copy pathDockerfile
File metadata and controls
155 lines (130 loc) · 7.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
FROM python:3.13-trixie AS builder
LABEL maintainer="Front Matter <info@front-matter.de>"
ENV DEBIAN_FRONTEND=noninteractive \
TZ=Etc/UTC \
LANG=en_US.UTF-8 \
LANGUAGE=en_US:en
# Install OS package dependencies and Node.js in a single layer
RUN --mount=type=cache,sharing=locked,target=/var/cache/apt \
apt-get update --fix-missing && \
apt-get install -y build-essential libssl-dev libffi-dev \
python3-dev cargo pkg-config curl git libcairo2 \
libpangocairo-1.0-0 libpq5 libxml2 libxslt1.1 \
libjpeg62-turbo libwebp7 libtiff6 --no-install-recommends && \
curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
apt-get install -y nodejs --no-install-recommends && \
npm install -g pnpm@latest-10
# Install uv and activate virtualenv
COPY --from=ghcr.io/astral-sh/uv:0.9.26 /uv /uvx /bin/
RUN uv venv /opt/invenio/.venv
# Use the virtual environment automatically
ENV VIRTUAL_ENV=/opt/invenio/.venv \
UV_PROJECT_ENVIRONMENT=/opt/invenio/.venv \
PATH="/opt/invenio/.venv/bin:$PATH" \
WORKING_DIR=/opt/invenio \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
UV_COMPILE_BYTECODE=1 \
UV_LINK_MODE=copy \
UV_PYTHON_DOWNLOADS=0 \
INVENIO_INSTANCE_PATH=/opt/invenio/var/instance
WORKDIR ${WORKING_DIR}
# Copy dependency files first for better layer caching
COPY pyproject.toml uv.lock ./
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-install-project --no-dev
# Copy application code
COPY . .
# Install Python dependencies
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev
# Build Javascript assets using rspack
ENV WEBPACKEXT_PROJECT=invenio_assets.webpack:rspack_project
RUN --mount=type=cache,target=/var/cache/assets \
invenio collect --verbose && \
invenio webpack create
# Copy application files to instance path
COPY ./invenio.cfg ${INVENIO_INSTANCE_PATH}/
COPY site ${INVENIO_INSTANCE_PATH}/site
COPY static ${INVENIO_INSTANCE_PATH}/static
COPY assets ${INVENIO_INSTANCE_PATH}/assets
COPY templates ${INVENIO_INSTANCE_PATH}/templates
COPY app_data ${INVENIO_INSTANCE_PATH}/app_data
COPY translations ${INVENIO_INSTANCE_PATH}/translations
# Enable the option to have a deterministic javascript dependency build
# From: https://github.com/tu-graz-library/docker-invenio-base
COPY ./package.json ${INVENIO_INSTANCE_PATH}/assets/
COPY ./pnpm-lock.yaml ${INVENIO_INSTANCE_PATH}/assets/
WORKDIR ${INVENIO_INSTANCE_PATH}/assets
RUN pnpm install && \
pnpm run build
# Gather runtime libraries into a single directory for easy copying
RUN mkdir -p /invenio-libs && \
cp -P /usr/lib/x86_64-linux-gnu/libcairo*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libpango*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libharfbuzz*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libfontconfig*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libfreetype*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libpixman*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libpng*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libexpat*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libbrotli*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libxcb*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libX*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libfribidi*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libthai*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libglib*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libgobject*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libdatrie*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libpcre2*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libffi*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libbsd*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libmd*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libpq*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libssl*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libcrypto*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libxml2*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libxslt*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libexslt*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libjpeg*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libwebp*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libtiff*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libz*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/liblzma*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libcurl*.so* /invenio-libs/ && \
cp -P /usr/lib/x86_64-linux-gnu/libnghttp*.so* /invenio-libs/ 2>/dev/null || true && \
cp -P /usr/lib/x86_64-linux-gnu/librtmp*.so* /invenio-libs/ 2>/dev/null || true && \
cp -P /usr/lib/x86_64-linux-gnu/libssh*.so* /invenio-libs/ 2>/dev/null || true && \
cp -P /usr/lib/x86_64-linux-gnu/libicui18n*.so* /invenio-libs/ 2>/dev/null || true && \
cp -P /usr/lib/x86_64-linux-gnu/libicuuc*.so* /invenio-libs/ 2>/dev/null || true && \
cp -P /usr/lib/x86_64-linux-gnu/libicudata*.so* /invenio-libs/ 2>/dev/null || true
FROM python:3.13-slim-bookworm AS runtime
# FROM dhi.io/python:3.13-debian13 AS runtime
ENV LANG=en_US.UTF-8 \
LANGUAGE=en_US:en
ENV VIRTUAL_ENV=/opt/invenio/.venv \
PATH="/opt/invenio/.venv/bin:$PATH" \
WORKING_DIR=/opt/invenio \
INVENIO_INSTANCE_PATH=/opt/invenio/var/instance
# create non-root invenio user
ENV INVENIO_USER_ID=1654
RUN adduser invenio --uid ${INVENIO_USER_ID} --gid 0 --no-create-home --disabled-password
# Copy runtime libraries from builder (Cairo for invenio_formatter, etc.)
COPY --from=builder /invenio-libs/* /usr/lib/x86_64-linux-gnu/
COPY --from=builder --chown=1654:0 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/site ${INVENIO_INSTANCE_PATH}/site
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/static ${INVENIO_INSTANCE_PATH}/static
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/assets ${INVENIO_INSTANCE_PATH}/assets
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/templates ${INVENIO_INSTANCE_PATH}/templates
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/app_data ${INVENIO_INSTANCE_PATH}/app_data
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/translations ${INVENIO_INSTANCE_PATH}/translations
COPY --from=builder --chown=1654:0 ${INVENIO_INSTANCE_PATH}/invenio.cfg ${INVENIO_INSTANCE_PATH}/invenio.cfg
COPY --chown=1654:0 ./Caddyfile /etc/caddy/Caddyfile
COPY --chown=1654:0 --chmod=755 ./entrypoint.sh /opt/invenio/.venv/bin/entrypoint.sh
# Declare volumes for persistent data
VOLUME ["/opt/invenio/var/instance/data", "/opt/invenio/var/instance/archive"]
WORKDIR ${WORKING_DIR}/src
USER invenio
EXPOSE 5000
# ENTRYPOINT ["/opt/invenio/.venv/bin/entrypoint.sh"]
CMD ["gunicorn", "invenio_app.wsgi:application", "--bind", "0.0.0.0:5000", "--workers", "2", "--threads", "2", "--access-logfile", "-", "--error-logfile", "-", "--log-level", "ERROR"]