From f67af8efd7422b4412f5b60bf3b6882c28800a4b Mon Sep 17 00:00:00 2001 From: Nicola Belluti Date: Thu, 30 Jan 2025 10:59:56 +0100 Subject: [PATCH 1/4] Made the Docker image significantly smaller --- .dockerignore | 17 ++++++++++++++++- Dockerfile | 12 ++++++++++++ dockerfile | 15 --------------- 3 files changed, 28 insertions(+), 16 deletions(-) create mode 100644 Dockerfile delete mode 100644 dockerfile diff --git a/.dockerignore b/.dockerignore index ba520cc..73f02a3 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,16 @@ -db.sqlite3 \ No newline at end of file +docker-compose.yml + +# Docs +README.md +setup.md +LICENSE + +# Git stuff +.git +.github +.gitignore + +# .gitignore +*.pyc +.venv +db.sqlite3 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..370ca5d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM python:3.13-alpine + +WORKDIR /opt/rdgen + +COPY . . + +RUN pip install --no-cache-dir -r requirements.txt \ + && python manage.py migrate + +EXPOSE 8000 + +CMD ["gunicorn", "-c", "gunicorn.conf.py", "rdgen.wsgi:application"] diff --git a/dockerfile b/dockerfile deleted file mode 100644 index 15fd770..0000000 --- a/dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3.13 - -WORKDIR /opt/rdgen - -COPY . . - -RUN python -m venv rdgen -RUN chmod +x rdgen/bin/activate -RUN /bin/sh -c rdgen/bin/activate -RUN pip install --no-cache-dir -r requirements.txt -RUN python manage.py migrate - -EXPOSE 8000 - -CMD ["gunicorn", "-c", "gunicorn.conf.py", "rdgen.wsgi:application"] \ No newline at end of file From 0891dc0edafdb0c77e6325bc1c63e4fa44ce38b8 Mon Sep 17 00:00:00 2001 From: Nicola Belluti Date: Thu, 30 Jan 2025 11:01:17 +0100 Subject: [PATCH 2/4] Don't try to build the Docker image everytime something is pushed on `master` --- .github/workflows/docker-build.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 3c38103..80c5bf9 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -1,9 +1,7 @@ name: update docker image on: - push: - branches: - - "master" + workflow_dispatch: jobs: build: @@ -23,4 +21,4 @@ jobs: uses: docker/build-push-action@v6 with: push: true - tags: ${{ vars.DOCKERHUB_USERNAME }}/rdgen:latest \ No newline at end of file + tags: ${{ vars.DOCKERHUB_USERNAME }}/rdgen:latest From e2ac4365d0d8dd82843ed793220d3c8bebf7d732 Mon Sep 17 00:00:00 2001 From: Nicola Belluti Date: Thu, 30 Jan 2025 11:22:03 +0100 Subject: [PATCH 3/4] Added an unprivileged user, an healthcheck and unbuffered outputs --- Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 370ca5d..5de7316 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,18 @@ FROM python:3.13-alpine +RUN adduser -D user +USER user + WORKDIR /opt/rdgen COPY . . - RUN pip install --no-cache-dir -r requirements.txt \ && python manage.py migrate +ENV PYTHONUNBUFFERED=1 + EXPOSE 8000 -CMD ["gunicorn", "-c", "gunicorn.conf.py", "rdgen.wsgi:application"] +HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD wget --spider 0.0.0.0:8000 + +CMD ["/home/user/.local/bin/gunicorn", "-c", "gunicorn.conf.py", "rdgen.wsgi:application"] From f9d1ad40237e91a14c1e2dc2af582c638cc90edd Mon Sep 17 00:00:00 2001 From: Nicola Belluti <131605815+nicolabelluti@users.noreply.github.com> Date: Fri, 31 Jan 2025 17:42:54 +0100 Subject: [PATCH 4/4] Now the Docker image is built only when a tag with the version is pushed --- .github/workflows/docker-build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 80c5bf9..aa8a9f2 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -1,7 +1,9 @@ name: update docker image on: - workflow_dispatch: + push: + tags: + - 'v*.*.*' jobs: build: