docker/Dockerfile.prod
FROM python:3.7-slim AS base
# ENV LANG=C.UTF-8 # Sets utf-8 encoding for Python et al
# ENV PYTHONDONTWRITEBYTECODE=1 # Turns off writing .pyc files; superfluous on an ephemeral container.
# ENV PYTHONUNBUFFERED=1 # Seems to speed things up
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
LANG=C.UTF-8 \
PIP_NO_CACHE_DIR=off \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
POETRY_PATH=/opt/poetry \
VENV_PATH=/opt/venv \
POETRY_VERSION=1.0.0
# Ensures that the python and pip executables used
# in the image will be those from our virtualenv.
ENV PATH="$POETRY_PATH/bin:$VENV_PATH/bin:$PATH" \
PYTHONPATH=/app
# add non-priviledged user TODO - keep keeping permission denied error trying to start app
# RUN adduser --uid 1000 --disabled-password --gecos '' --no-create-home appuser
RUN apt-get -qy update && apt-get install --no-install-recommends -y git
FROM base as poetryprod
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# deps for installing poetry
curl \
# deps for building python deps
build-essential \
\
# install poetry - uses $POETRY_VERSION internally
&& curl -sSL https://raw.githubusercontent.com/sdispater/poetry/master/get-poetry.py | python \
&& mv /root/.poetry $POETRY_PATH \
&& poetry --version \
\
# configure poetry & make a virtualenv ahead of time since we only need one
&& python -m venv $VENV_PATH \
&& poetry config virtualenvs.create false \
\
# cleanup
&& rm -rf /var/lib/apt/lists/*
COPY api/poetry.lock api/pyproject.toml ./
COPY src /src
RUN poetry install --no-dev --no-interaction --no-ansi -vvv
# Prod version of docker image
FROM base AS prod
WORKDIR /app
EXPOSE 80
# install runtime libraries (different from development libraries!)
RUN rm -rf /var/cache/apt/* /var/lib/apt/lists/*
COPY --from=poetryprod $VENV_PATH $VENV_PATH
COPY ./api/app /app
# RUN chown appuser.appuser -R /app
# USER appuser
CMD ["gunicorn", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-c", "/app/gunicorn_conf.py", "main:app"]