From ff03fbe23aac91cb4d094562df563745537f1db6 Mon Sep 17 00:00:00 2001
From: Gareth Rushgrove <gareth@morethanseven.net>
Date: Sat, 14 Dec 2019 16:58:40 +0000
Subject: [PATCH] Added distroless build

---
 Dockerfile           | 19 ++++++++++++++++++-
 Makefile.docker      | 11 ++++++++++-
 src/gunicorn.conf.py | 11 +++++++++++
 src/run.py           |  5 +++++
 4 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 src/run.py

diff --git a/Dockerfile b/Dockerfile
index d43d7e8..4c1438d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -65,6 +65,20 @@ RUN conftest test --namespace docker Dockerfile
 RUN conftest test snyky.yaml
 
 
+FROM ${IMAGE} AS build-env
+COPY Pipfile .
+COPY Pipfile.lock .
+RUN pip install pipenv && pipenv install --system --deploy
+
+
+FROM gcr.io/distroless/python3 as Distroless
+WORKDIR src /app
+COPY --from=build-env /usr/local/lib/python3.7/site-packages /site-packages
+COPY src/ .
+ENV PYTHONPATH=/site-packages
+CMD ["run.py", "app:app"]
+
+
 FROM base AS Shell
 CMD ["flask", "shell"] 
 
@@ -79,4 +93,7 @@ ENV FLASK_ENV=development
 
 
 FROM release AS Prod
-CMD gunicorn --capture-output --access-logfile=- --log-file=- --workers=2 --threads=4 --worker-class=gthread --worker-tmp-dir /dev/shm -b :${PORT} "app:app"
+CMD ["gunicorn", "app:app"]
+
+
+
diff --git a/Makefile.docker b/Makefile.docker
index 9f4ab48..493bd6a 100644
--- a/Makefile.docker
+++ b/Makefile.docker
@@ -18,6 +18,15 @@ endif
 build: check-buildkit
 	@$(BUILD) -t $(IMAGE) .
 
+slim: check-buildkit
+	@$(BUILD) --build-arg IMAGE=python:slim  -t $(IMAGE):slim .
+
+alpine: check-buildkit
+	@$(BUILD) --build-arg DISTRO=alpine --build-arg IMAGE=python:3.7-alpine3.8  -t $(IMAGE):alpine .
+
+distroless: check-buildkit
+	@$(BUILD) --target Distroless -t $(IMAGE):distroless .
+
 test: check-buildkit
 	@$(BUILD) --target Test .
 
@@ -27,4 +36,4 @@ snyk: check-buildkit check-snyk-token
 policy:
 	@$(BUILD) --target Policy .
 
-.PHONY: build test snyk policy
+.PHONY: build slim alpine distroless test snyk policy
diff --git a/src/gunicorn.conf.py b/src/gunicorn.conf.py
index 8f2387c..5733679 100644
--- a/src/gunicorn.conf.py
+++ b/src/gunicorn.conf.py
@@ -1,3 +1,4 @@
+import os
 import structlog
 import log_helper
 
@@ -36,3 +37,13 @@
         },
     },
 }
+
+capture_output = True
+access_logfile = "-"
+log_file = "-"
+workers = 2
+threads = 4
+worker_class = "gthread"
+woker_tmp_dir = "/dev/shm"
+port = os.getenv('PORT') or 8000
+bind = ":%s" % port
diff --git a/src/run.py b/src/run.py
new file mode 100644
index 0000000..0760aab
--- /dev/null
+++ b/src/run.py
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+import sys
+from gunicorn.app.wsgiapp import run
+if __name__ == '__main__':
+    sys.exit(run())