-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathDockerfile
78 lines (56 loc) · 2.28 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
FROM node:18 AS nodejs
WORKDIR /app
COPY frontend/package.json frontend/package-lock.json ./
RUN --mount=type=cache,target=/root/.npm \
npm install --loglevel verbose
COPY frontend frontend/
COPY templates templates/
RUN npm --prefix frontend run build
FROM python:3.12-slim
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
UV_PROJECT_ENVIRONMENT=/usr/local
# weasyprint deps: libpango-1.0-0 libpangoft2-1.0-0 libharfbuzz-subset0
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
libpango-1.0-0 libpangoft2-1.0-0 libharfbuzz-subset0 \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:0.4.7 /uv /bin/uv
COPY --from=klakegg/hugo:0.101.0 /usr/lib/hugo/hugo /bin/hugo
WORKDIR /app
RUN addgroup --gid 222 --system app \
&& adduser --uid 222 --system --group app
# Clean up annoying font errors of `Fontconfig error: No writable cache directories`
RUN chown -R app:app /usr/local/share/fonts /var/cache/fontconfig \
&& su app -s /bin/sh -c "fc-cache --really-force"
RUN mkdir -p /app && chown app:app /app
COPY --chown=app:app pyproject.toml uv.lock /app/
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev
COPY --chown=app:app . /app/
COPY --from=nodejs /app/static/site.css static/
# Some configuration is needed to make Django happy, but these values have no
# impact to collectstatic so we can use dummy values.
RUN \
AWS_ACCESS_KEY_ID=a-secret-to-everybody \
AWS_SECRET_ACCESS_KEY=a-secret-to-everybody \
DJSTRIPE_WEBHOOK_SECRET=whsec_asecrettoeverybody \
DJSTRIPE_WEBHOOK_VALIDATION='' \
HASHID_FIELD_SALT=a-secret-to-everybody \
SECRET_KEY=a-secret-to-everybody \
SENDGRID_API_KEY=a-secret-to-everybody \
SENTRY_ENABLED=off \
SENTRY_DSN=dsn_example \
STRIPE_LIVE_MODE=off \
STRIPE_LIVE_SECRET_KEY=sk_live_a-secret-to-everybody \
STRIPE_TEST_SECRET_KEY=sk_test_a-secret-to-everybody \
STRIPE_TEST_PUBLISHABLE_KEY=pk_test_a-secret-to-everybody \
python manage.py collectstatic --noinput
RUN sphinx-build -M html "docs" "docs/_build" -W -b dirhtml \
&& python -m whitenoise.compress docs/_build/html
RUN hugo --source blog \
&& python -m whitenoise.compress blog/out
USER app
ENTRYPOINT ["/app/bin/docker-entrypoint"]
EXPOSE 8000
CMD ["/app/bin/server"]