coulomb/vergabe-teilnahme
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ae4aba4a862859a5314222ab9156d2c0c66ac09
vergabe-teilnahme/Dockerfile
tegwick 739ffafedd fixes
2026-05-23 06:42:44 +02:00

99 lines
3.6 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1.7
#
# Build:
# docker build \
# --secret id=gitea_pypi_user,env=GITEA_PYPI_USER \
# --secret id=gitea_pypi_password,env=GITEA_PYPI_TOKEN \
# -t gitea.coulomb.social/coulomb/vergabe-teilnahme:<tag> .
#
# The optional secrets let uv authenticate to the Gitea Python package
# registry when resolving issue-core.
# ─── Stage 1 ─── Vite + Tailwind asset build ────────────────────────────────
FROM node:22-alpine AS assets
WORKDIR /build
COPY package.json package-lock.json ./
RUN npm ci --no-audit --no-fund
COPY vite.config.js ./
COPY static/src ./static/src
# Tailwind v4 scans these for utility-class usage at build time. They must be
# present or the generated CSS omits every utility class (broken layout, giant
# SVG icons). Paths mirror the @source directive in static/src/main.css.
COPY vergabe_teilnahme/templates ./vergabe_teilnahme/templates
RUN npm run build
# Output: /build/static/dist/main.css
# ─── Stage 2 ─── Python deps via uv ─────────────────────────────────────────
FROM python:3.12-slim-bookworm AS python-deps
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
UV_LINK_MODE=copy \
UV_PYTHON_DOWNLOADS=never
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential libpq-dev curl ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:0.5.11 /uv /usr/local/bin/uv
WORKDIR /app
COPY pyproject.toml uv.lock ./
RUN --mount=type=secret,id=gitea_pypi_user,required=false \
--mount=type=secret,id=gitea_pypi_password,required=false \
sh -eu -c '\
if [ -f /run/secrets/gitea_pypi_user ]; then \
export UV_INDEX_GITEA_USERNAME="$(cat /run/secrets/gitea_pypi_user)"; \
fi; \
if [ -f /run/secrets/gitea_pypi_password ]; then \
export UV_INDEX_GITEA_PASSWORD="$(cat /run/secrets/gitea_pypi_password)"; \
fi; \
uv sync --no-dev --no-install-project \
'
# ─── Stage 3 ─── Runtime image ──────────────────────────────────────────────
FROM python:3.12-slim-bookworm AS runtime
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
DJANGO_SETTINGS_MODULE=vergabe_teilnahme.settings.prod \
PATH=/app/.venv/bin:$PATH \
PORT=8000
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 curl ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& groupadd -r app && useradd -r -g app -d /app -s /sbin/nologin app
WORKDIR /app
COPY --from=python-deps /app/.venv ./.venv
COPY --chown=app:app manage.py pyproject.toml ./
COPY --chown=app:app vergabe_teilnahme ./vergabe_teilnahme
COPY --chown=app:app static/src ./static/src
COPY --chown=app:app static/vendor ./static/vendor
COPY --chown=app:app templates ./templates
COPY --from=assets --chown=app:app /build/static/dist ./static/dist
RUN mkdir -p ./media ./staticfiles ./.issue-facade && chown -R app:app /app
# collectstatic needs SECRET_KEY + ALLOWED_HOSTS but no DB; provide placeholders.
RUN SECRET_KEY=build-only ALLOWED_HOSTS=localhost \
python manage.py collectstatic --noinput
USER app
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
CMD curl -fsS http://127.0.0.1:8000/health/ || exit 1
CMD ["gunicorn", "vergabe_teilnahme.wsgi:application", \
"--bind", "0.0.0.0:8000", \
"--workers", "3", \
"--access-logfile", "-", \
"--error-logfile", "-"]
Reference in New Issue View Git Blame Copy Permalink