From e783ede93e1c0f2f76a332fc82f6e6a7f40f04fc Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 28 Aug 2020 14:00:14 +0100 Subject: [PMSH] Docker multi stage build Signed-off-by: efiacor Change-Id: I8935d7d1b4b3ff28f5b2fe183e9553d1ee8828ad Issue-ID: DCAEGEN2-2292 --- components/pm-subscription-handler/Changelog.md | 4 ++ components/pm-subscription-handler/Dockerfile | 67 ++++++++++++++----------- components/pm-subscription-handler/tox.ini | 2 +- 3 files changed, 44 insertions(+), 29 deletions(-) diff --git a/components/pm-subscription-handler/Changelog.md b/components/pm-subscription-handler/Changelog.md index 918179c0..83caf2ca 100755 --- a/components/pm-subscription-handler/Changelog.md +++ b/components/pm-subscription-handler/Changelog.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.1.1] +### Changed +* Moved to alpine base image (DCAEGEN2-2292) + ## [1.1.0] ### Changed * Added new API endpoint to fetch all Subscription data (DCAEGEN2-2154) diff --git a/components/pm-subscription-handler/Dockerfile b/components/pm-subscription-handler/Dockerfile index a30c3484..f1545440 100644 --- a/components/pm-subscription-handler/Dockerfile +++ b/components/pm-subscription-handler/Dockerfile @@ -17,40 +17,51 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END===================================================== -FROM python:3.8.2-alpine3.11 +FROM python:3.8.2-alpine3.11 as build MAINTAINER lego@est.tech +RUN set -eux; \ + apk add \ + build-base \ + python3-dev \ + postgresql-dev + +COPY setup.py ./ +COPY requirements.txt ./ +RUN pip install --prefix /opt -r requirements.txt --no-cache-dir + +# Second stage +FROM python:3.8.2-alpine3.11 + +COPY --from=build /opt /opt + ARG user=onap ARG group=onap -WORKDIR /app - # set PATH & PYTHONPATH vars -ENV PATH=/usr/local/lib/python3.8/bin:$PATH:./bin \ - PYTHONPATH=/usr/local/lib/python3.8/site-packages:./mod:./:$PYTHONPATH:./bin \ - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \ +ENV APPDIR="/opt/app/pmsh" \ + LD_LIBRARY_PATH=/opt/lib:/opt/lib64 \ + PYTHONPATH=${APPDIR}/mod:/opt/lib/python3.8/site-packages \ + PATH=$PATH:${APPDIR}/bin \ LOGS_PATH="/var/log/ONAP/dcaegen2/services/pmsh" \ - LOGGER_CONFIG=/opt/app/pmsh/log_config.yaml + LOGGER_CONFIG="/opt/app/pmsh/log_config.yaml" - # add non root user & group -RUN addgroup --system $user && adduser --ingroup $user --system $user && \ - # create and chown the LOGS_PATH - apk add build-base libffi-dev postgresql-dev && \ - mkdir -p $LOGS_PATH && \ - chown -R $user:$group $LOGS_PATH +WORKDIR $APPDIR +RUN mkdir -p $APPDIR -COPY setup.py ./ -COPY requirements.txt ./ -COPY ./pmsh_service ./bin/ -COPY log_config.yaml /opt/app/pmsh/ - - # run the pip install -RUN pip install --upgrade pip && \ - pip install -r requirements.txt && \ - pip install -e . && \ - # change own & perms on entrypoint - chown -R $user:$group . && \ - chmod 500 ./bin/*.py - -# run the app -ENTRYPOINT ["python", "./bin/pmsh_service_main.py"] \ No newline at end of file +RUN set -eux; \ + apk add --no-cache postgresql-libs nano + +COPY ./pmsh_service ./bin +COPY log_config.yaml ./ + +# Create a group and user +RUN addgroup -S $group && adduser -S -D -h /home/$user $user $group && \ + mkdir -p ${LOGS_PATH} && \ + chown -R $user:$group ${LOGS_PATH} && \ + chown -R $user:$group ${APPDIR} + +# Tell docker that all future commands should be run as the onap user +USER $user + +ENTRYPOINT ["python", "/opt/app/pmsh/bin/pmsh_service_main.py"] \ No newline at end of file diff --git a/components/pm-subscription-handler/tox.ini b/components/pm-subscription-handler/tox.ini index 1136f5a3..3843a37d 100644 --- a/components/pm-subscription-handler/tox.ini +++ b/components/pm-subscription-handler/tox.ini @@ -17,7 +17,7 @@ # ============LICENSE_END========================================================= [tox] -envlist = py36,py37,flake8,py38 +envlist = flake8,py38 skip_missing_interpreters = true [testenv] -- cgit 1.2.3-korg