-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile
119 lines (83 loc) · 4.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# syntax=docker/dockerfile:1.6@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021
FROM python:3.10-bookworm@sha256:4f7ca582d310c40d430ab6a17c46a0b360aee5987e0ef5aa155eeabc9ffa8393 as build
ARG BUILD_VERSION=0.10.0
WORKDIR /app
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
apt-get update -yq \
&& apt-get install -yq --no-install-recommends \
build-essential=12.9 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /var/log/*
# hadolint ignore=DL3042
RUN --mount=type=cache,sharing=locked,id=pipcache,mode=0777,target=/root/.cache/pip/http \
pip install --no-compile build==$BUILD_VERSION
FROM build as build-common
COPY src/ ./src/
RUN --mount=type=secret,id=pipconf,dst="/root/.config/pip/pip.conf" \
--mount=type=cache,sharing=locked,id=pipcache,mode=0777,target=/root/.cache/pip/http \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
--mount=type=bind,source=VERSION,target=VERSION \
python -m build --sdist
FROM build as build-production
# hadolint ignore=DL3042
RUN --mount=type=secret,id=pipconf,dst="/root/.config/pip/pip.conf" \
--mount=type=cache,sharing=locked,id=pipcache,mode=0777,target=/root/.cache/pip/http \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
pip wheel --no-deps --wheel-dir /app/wheels -r requirements.txt
FROM build as build-development
# hadolint ignore=DL3042
RUN --mount=type=secret,id=pipconf,dst="/root/.config/pip/pip.conf" \
--mount=type=cache,sharing=locked,id=pipcache,mode=0777,target=/root/.cache/pip/http \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
--mount=type=bind,source=requirements-dev.txt,target=requirements-dev.txt \
pip wheel --no-deps --wheel-dir /app/wheels -r requirements.txt -r requirements-dev.txt
FROM python:3.10-slim-bookworm@sha256:9a97ede5d731252b42541a5d3ec60f6d4cd03747ca75315adc784ed864651c0e as runtime
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND noninteractive
# hadolint ignore=DL3008
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
apt-get update -yq \
&& apt-get install -yq --no-install-recommends \
curl \
ffmpeg \
git \
libmagic-dev \
software-properties-common \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /var/log/* \
&& update-ca-certificates
RUN mkdir -p /usr/share/GeoIP/ \
&& curl -L https://github.com/P3TERX/GeoLite.mmdb/releases/download/2024.07.16/GeoLite2-City.mmdb -o /usr/share/GeoIP/GeoLite2-City.mmdb
RUN curl -L https://github.com/dectalk/dectalk/releases/download/2023-10-30/ubuntu-latest.tar.gz -o /tmp/dectalk.tar.gz \
&& mkdir -p /tmp/dectalk /opt/dectalk \
&& tar -xvf /tmp/dectalk.tar.gz -C /tmp/dectalk --strip-components=1 \
&& mv /tmp/dectalk/say /opt/dectalk \
&& mv /tmp/dectalk/dic/* /opt/dectalk \
&& mv /tmp/dectalk/lib /opt/dectalk \
&& rm -rf /tmp/dectalk.tar.gz /tmp/dectalk
RUN groupadd -g 1000 rootless && \
useradd --create-home -r -u 1000 -g rootless rootless
USER rootless
WORKDIR /app
ENV PATH="/home/rootless/.local/bin:/opt/dectalk:${PATH}"
FROM runtime as development
USER root
RUN --mount=type=bind,from=build-development,source=/app/wheels,target=/wheels \
pip install --no-cache-dir --no-compile --prefer-binary /wheels/*
RUN --mount=type=bind,from=build-common,source=/app/dist,target=/dist \
pip install --no-cache-dir --no-compile --prefer-binary /dist/*
USER rootless
COPY --chown=rootless:rootless config/ /app/config
COPY --chown=rootless:rootless sounds/ /app/sounds
FROM runtime as production
USER root
RUN --mount=type=bind,from=build-production,source=/app/wheels,target=/wheels \
pip install --no-cache-dir --no-compile --prefer-binary /wheels/*
RUN --mount=type=bind,from=build-common,source=/app/dist,target=/dist \
pip install --no-cache-dir --no-compile --prefer-binary /dist/*
USER rootless
COPY --chown=rootless:rootless config/ /app/config
COPY --chown=rootless:rootless sounds/ /app/sounds
COPY --chown=rootless:rootless ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]