SPDT
/
sapl
mirror of https://github.com/interlegis/sapl.git
5
0
Fork 0
Code Issues Releases Wiki Activity
Sistema de Apoio ao Processo Legislativo
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5821 Commits
50 Branches
266 Tags
224 MiB
 
 
 
 
 
Tree: 2953b898b5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2953b898b5'
${ noResults }
sapl/docker/Dockerfile

123 lines
4.9 KiB
Raw Blame History

# ---------- 1) BUILDER ----------
FROM python:3.12-slim-bookworm AS builder
ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 \
DEBIAN_FRONTEND=noninteractive \
VENV_DIR=/opt/venv \
PIP_NO_CACHE_DIR=on
# Dev headers e toolchain só no builder
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential git pkg-config \
libpq-dev libxml2-dev libjpeg-dev libssl-dev libffi-dev libxslt1-dev \
libcairo2-dev libpango1.0-dev libgdk-pixbuf-2.0-dev libharfbuzz-dev \
libfreetype6-dev zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
# Venv independente do sistema
RUN python -m venv "${VENV_DIR}" \
&& "${VENV_DIR}/bin/pip" install --upgrade pip setuptools wheel
WORKDIR /build
# Copie APENAS os requirements primeiro para maximizar cache
COPY requirements/ ./requirements/
# Instale os requisitos de produção
# ATENÇÃO: se seu código importa prompt_toolkit em runtime, inclua em requirements.txt:
# prompt_toolkit>=3,<4
RUN "${VENV_DIR}/bin/pip" install -r requirements/requirements.txt
# Opcional: verificação de conflitos (falha cedo se faltar algo)
RUN "${VENV_DIR}/bin/pip" check || true
# ---------- 2) RUNTIME ----------
FROM python:3.12-slim-bookworm AS runtime
ARG WITH_GRAPHVIZ=1
ARG WITH_POPPLER=1
ARG WITH_PSQL_CLIENT=1
ARG WITH_NGINX=1
ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 \
DEBIAN_FRONTEND=noninteractive \
VENV_DIR=/opt/venv \
PATH=/opt/venv/bin:$PATH \
PIP_NO_CACHE_DIR=on
# Pacotes de runtime (sem *-dev)
# Removi python3/python3-venv (já temos o Python da base)
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
curl jq bash tzdata fontconfig tini libmagic1 \
libcairo2 libpango-1.0-0 libpangocairo-1.0-0 libgdk-pixbuf-2.0-0 \
libharfbuzz0b libfreetype6 libjpeg62-turbo zlib1g fonts-dejavu-core; \
if [ "$WITH_GRAPHVIZ" = "1" ]; then apt-get install -y --no-install-recommends graphviz; fi; \
if [ "$WITH_POPPLER" = "1" ]; then apt-get install -y --no-install-recommends poppler-utils; fi; \
if [ "$WITH_PSQL_CLIENT" = "1" ]; then apt-get install -y --no-install-recommends postgresql-client; fi; \
if [ "$WITH_NGINX" = "1" ]; then apt-get install -y --no-install-recommends nginx; fi; \
rm -rf /var/lib/apt/lists/*
# Usuários/grupos (idempotente)
RUN useradd --system --no-create-home --shell /usr/sbin/nologin sapl || true \
&& groupadd -r nginx || true \
&& usermod -aG nginx www-data || true \
&& usermod -aG nginx sapl || true
# Estrutura de diretórios
RUN mkdir -p /var/interlegis/sapl /var/interlegis/sapl/data /var/interlegis/sapl/media /var/interlegis/sapl/run \
&& chown -R root:nginx /var/interlegis/sapl /var/interlegis/sapl/run \
&& chmod -R g+rwX /var/interlegis/sapl \
&& chmod 2775 /var/interlegis/sapl /var/interlegis/sapl/run \
&& find /var/interlegis/sapl -type d -exec chmod g+s {} +
WORKDIR /var/interlegis/sapl/
# Traga o venv pré-instalado
COPY --from=builder ${VENV_DIR} ${VENV_DIR}
# Código da aplicação (depois do venv para aproveitar cache)
COPY . /var/interlegis/sapl/
# Nginx (somente se instalado)
RUN if [ "$WITH_NGINX" = "1" ]; then \
rm -f /etc/nginx/conf.d/*; \
cp docker/config/nginx/sapl.conf /etc/nginx/conf.d/sapl.conf; \
cp docker/config/nginx/nginx.conf /etc/nginx/nginx.conf; \
fi
# Scripts + gunicorn.conf no diretório da app
RUN install -m 755 docker/startup_scripts/start.sh /var/interlegis/sapl/start.sh \
&& install -m 755 docker/startup_scripts/wait-for-pg.sh /var/interlegis/sapl/wait-for-pg.sh \
&& install -m 755 docker/startup_scripts/wait-for-solr.sh /var/interlegis/sapl/wait-for-solr.sh \
&& install -m 644 docker/startup_scripts/solr_cli.py /var/interlegis/sapl/solr_cli.py \
&& install -m 644 docker/startup_scripts/create_admin.py /var/interlegis/sapl/create_admin.py \
&& install -m 644 docker/startup_scripts/genkey.py /var/interlegis/sapl/genkey.py \
&& install -m 644 docker/startup_scripts/gunicorn.conf.py /var/interlegis/sapl/gunicorn.conf.py
# (Se possível, evite copiar .env no build. Use secrets/variáveis em runtime.)
COPY docker/config/env_dockerfile /var/interlegis/sapl/sapl/.env
# Logs (só se nginx estiver presente)
RUN if [ "$WITH_NGINX" = "1" ]; then \
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log; \
fi \
&& mkdir -p /var/log/sapl/ \
&& ln -sf /var/interlegis/sapl/sapl.log /var/log/sapl/sapl.log
# Cache de fontes e collectstatic
# NÃO atualizamos pip aqui (já veio pronto do builder)
RUN fc-cache -fv \
&& python manage.py collectstatic --noinput --clear \
&& rm -f /var/interlegis/sapl/sapl/.env /var/interlegis/sapl/sapl.db || true
ENV DEBIAN_FRONTEND=teletype
EXPOSE 80 443
VOLUME ["/var/interlegis/sapl/data", "/var/interlegis/sapl/media", "/var/log/sapl/"]
ENTRYPOINT ["/usr/bin/tini","--"]
CMD ["/var/interlegis/sapl/start.sh"]