From 65a69319c154b6a189e13509c3fbb0aebbfe4fb0 Mon Sep 17 00:00:00 2001 From: Raiden Sakura Date: Wed, 10 Apr 2024 19:53:03 +0800 Subject: [PATCH 1/4] Update Dockerfile --- Dockerfile | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96a398fad4..8316d6139b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,38 @@ -FROM python:3.10 as py +FROM python:3.11-alpine as base -FROM py as build +RUN apk add --no-cache \ + # cairosvg dependencies + cairo-dev cairo cairo-tools \ + # pillow dependencies + jpeg-dev zlib-dev \ + && adduser -D -h /home/modmail -g 'Modmail' modmail -RUN apt update && apt install -y g++ git +ENV VIRTUAL_ENV=/home/modmail/.venv +ENV PATH="$VIRTUAL_ENV/bin:$PATH" -COPY requirements.txt / -RUN pip install --prefix=/inst -U -r /requirements.txt +WORKDIR /home/modmail -FROM py +FROM base as builder -COPY --from=build /inst /usr/local +RUN apk add build-base libffi-dev +RUN python -m venv $VIRTUAL_ENV + +COPY --chown=modmail:modmail requirements.txt . +RUN pip install --upgrade pip setuptools && \ + pip install -r requirements.txt + +FROM base as runtime + +# copy the entire venv +COPY --from=builder --chown=modmail:modmail $VIRTUAL_ENV $VIRTUAL_ENV + +# copy repository files +COPY --chown=modmail:modmail . . + +# this disables the internal auto-update ENV USING_DOCKER yes -RUN useradd --system --no-create-home modmail + USER modmail -WORKDIR /modmailbot CMD ["python", "bot.py"] -COPY --chown=modmail:modmail . /modmailbot From ea825c43210b204777a22aa5031446b9b36c7686 Mon Sep 17 00:00:00 2001 From: Taku <45324516+Taaku18@users.noreply.github.com> Date: Tue, 14 May 2024 03:50:22 -0700 Subject: [PATCH 2/4] Use the slim-bookworm image, refactored some steps --- Dockerfile | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8316d6139b..18584c342e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,38 +1,38 @@ -FROM python:3.11-alpine as base - -RUN apk add --no-cache \ - # cairosvg dependencies - cairo-dev cairo cairo-tools \ - # pillow dependencies - jpeg-dev zlib-dev \ - && adduser -D -h /home/modmail -g 'Modmail' modmail - -ENV VIRTUAL_ENV=/home/modmail/.venv -ENV PATH="$VIRTUAL_ENV/bin:$PATH" - -WORKDIR /home/modmail +FROM python:3.11-slim-bookworm as base + +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + # Install CairoSVG dependencies. + libcairo2 && \ + # Cleanup APT. + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + # Create a non-root user. + useradd --create-home -d /opt/modmail modmail FROM base as builder -RUN apk add build-base libffi-dev +COPY requirements.txt . -RUN python -m venv $VIRTUAL_ENV +RUN pip install --root-user-action=ignore --no-cache-dir --upgrade pip wheel && \ + python -m venv /opt/modmail/.venv && \ + . /opt/modmail/.venv/bin/activate && \ + pip install --no-cache-dir --upgrade -r requirements.txt -COPY --chown=modmail:modmail requirements.txt . -RUN pip install --upgrade pip setuptools && \ - pip install -r requirements.txt +FROM base -FROM base as runtime - -# copy the entire venv -COPY --from=builder --chown=modmail:modmail $VIRTUAL_ENV $VIRTUAL_ENV +# Copy the entire venv. +COPY --from=builder --chown=modmail:modmail /opt/modmail/.venv /opt/modmail/.venv # copy repository files +WORKDIR /opt/modmail +USER modmail:modmail COPY --chown=modmail:modmail . . -# this disables the internal auto-update -ENV USING_DOCKER yes - -USER modmail +# This sets some Python runtime variables and disables the internal auto-update. +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 \ + PATH=/opt/modmail/.venv/bin:$PATH \ + USING_DOCKER=yes CMD ["python", "bot.py"] From 386fa792f081566efffb3d3d22152a426a64d2a6 Mon Sep 17 00:00:00 2001 From: Taku <45324516+Taaku18@users.noreply.github.com> Date: Tue, 14 May 2024 04:03:04 -0700 Subject: [PATCH 3/4] Disable user login --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 18584c342e..b61a2d6d7a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ # Create a non-root user. - useradd --create-home -d /opt/modmail modmail + useradd --shell /usr/sbin/nologin --create-home -d /opt/modmail modmail FROM base as builder From dd66d875bdcccae42d345fbf7ccd2f674b38b984 Mon Sep 17 00:00:00 2001 From: Taku <45324516+Taaku18@users.noreply.github.com> Date: Tue, 14 May 2024 04:05:09 -0700 Subject: [PATCH 4/4] Capitalize comment --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b61a2d6d7a..246d3cf7a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ FROM base # Copy the entire venv. COPY --from=builder --chown=modmail:modmail /opt/modmail/.venv /opt/modmail/.venv -# copy repository files +# Copy repository files. WORKDIR /opt/modmail USER modmail:modmail COPY --chown=modmail:modmail . .