From 7b4b19485f1f82189b2e42cef609ed0924bda59c Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Mon, 20 Feb 2023 13:03:09 +0100 Subject: [PATCH] Improve docker setup - add .dockerignore to minimize build context - add runtime ldap and sasl libraries - add entrypoint script to allow initialization as root and drop privileges for gvaldap.sh - add importlib-metadata dependency required by celery --- .dockerignore | 11 +++++++++++ Dockerfile | 10 +++++----- entrypoint.sh | 5 +++++ poetry.lock | 10 +++++----- pyproject.toml | 1 + 5 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 .dockerignore create mode 100755 entrypoint.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ed5c8c3 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +**/*.pyc +**/.coverage +.env +.git +.gitignore +.vagrant +Vagrantfile +change-vmdebootstrap-default-dhcp.sh +coverage-report +docs +salt diff --git a/Dockerfile b/Dockerfile index 7625212..dfb6562 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,8 @@ RUN apt-get update \ ca-certificates \ dumb-init \ gettext \ + libldap-2.4-2 \ + libsasl2-2 \ python3 \ python3-pip \ python3-wheel \ @@ -59,10 +61,8 @@ RUN addgroup --gid $GVAGID $GVAAPP ; \ COPY --chown=$GVAAPP:$GVAAPP --from=builder /srv/$GVAAPP/.venv /srv/$GVAAPP/.venv -USER $GVAAPP +VOLUME /srv/$GVAAPP/$GVAAPP -VOLUME /srv/$GVAAPP +COPY ${GVAAPP}.sh entrypoint.sh /srv/ -COPY ${GVAAPP}.sh /srv/ - -ENTRYPOINT ["dumb-init", "/srv/${GVAAPP}.sh"] +ENTRYPOINT ["dumb-init", "/srv/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..fb6c9ab --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +su -c /srv/gvaldap.sh gvaldap diff --git a/poetry.lock b/poetry.lock index 05853d2..6ee7dd6 100644 --- a/poetry.lock +++ b/poetry.lock @@ -550,14 +550,14 @@ files = [ [[package]] name = "importlib-metadata" -version = "6.0.0" +version = "4.13.0" description = "Read metadata from Python packages" category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "importlib_metadata-6.0.0-py3-none-any.whl", hash = "sha256:7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad"}, - {file = "importlib_metadata-6.0.0.tar.gz", hash = "sha256:e354bedeb60efa6affdcc8ae121b73544a7aa74156d047311948f6d711cd378d"}, + {file = "importlib_metadata-4.13.0-py3-none-any.whl", hash = "sha256:8a8a81bcf996e74fee46f0d16bd3eaa382a7eb20fd82445c3ad11f4090334116"}, + {file = "importlib_metadata-4.13.0.tar.gz", hash = "sha256:dd0173e8f150d6815e098fd354f6414b0f079af4644ddfe90c71e2fc6174346d"}, ] [package.dependencies] @@ -565,7 +565,7 @@ typing-extensions = {version = ">=3.6.4", markers = "python_version < \"3.8\""} zipp = ">=0.5" [package.extras] -docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] +docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)"] perf = ["ipython"] testing = ["flake8 (<5)", "flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.3)", "pytest-flake8", "pytest-mypy (>=0.9.1)", "pytest-perf (>=0.9.2)"] @@ -1123,4 +1123,4 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools" [metadata] lock-version = "2.0" python-versions = "^3.7" -content-hash = "5a55874d1239c94e2a260e1e5c3fb6ff6ec2c617b48e255628e90805426bfb73" +content-hash = "d3292d9d4193b3f870b8b973863f302a69e7efe3ca5dbe96c02a2676d87cb337" diff --git a/pyproject.toml b/pyproject.toml index 95bb311..06e7fec 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -16,6 +16,7 @@ django-model-utils = "^4.3.1" redis = "^4.5.1" passlib = "^1.7.4" django-debug-toolbar = "^3.8.1" +importlib-metadata = "<5" [[tool.poetry.source]] name = "gnuviech"