Container build: simplify & speed up, removing the final step running the app as a dedicated user

2024-11-01 23:24:44 +01:00 · 2024-11-01 23:24:44 +01:00 · 0f612ae3cc
commit 0f612ae3cc
parent ae0d3532aa
3 changed files with 13 additions and 47 deletions
--- a/27
+++ b/27
@ -1,26 +1,23 @@
-FROM localhost/treetrail-backend-base
+# Build: podman build -t treetrail-backend-base -f Containerfile.base

-RUN <<EOT
-groupadd -r app
-useradd -r -d /app -g app -N app
-mkdir /var/lib/treetrail
-chown app: /var/lib/treetrail
-EOT
+FROM localhost/treetrail-backend-deps

-COPY --from=localhost/treetrail-backend-base --chown=app:app /app /app
+ENV PYTHONPATH $UV_PROJECT_ENVIRONMENT/lib/python3.12/site-packages

-USER app
-WORKDIR /app
+COPY . /src

-# Instances should override the prod.yaml file
-#COPY ./prod.yaml /etc/treetrail/prod.yaml
-#COPY ./dist/treetrail_backend-0.3.0.tar.gz /src/
+#RUN --mount=type=cache,target=/root/.cache \
+#  cd /src && \
+#  uv sync --locked --no-dev --no-editable

-#RUN uv pip install /src/treetrail_backend-0.3.0.tar.gz 
+RUN uv pip install \
+  --python=$UV_PROJECT_ENVIRONMENT \
+  --no-deps \
+  /src

 CMD [ \
  "uvicorn", "treetrail.application:app", \
  "--port", "8081", \
  #"--log-config", "/app/config/logging.yaml", \
  "--host", "0.0.0.0" \
-]
+  ]
--- a/Containerfile.base
+++ b/Containerfile.base
@ -1,16 +0,0 @@
-# Build: podman build -t treetrail-backend-base -f Containerfile.base
-
-FROM localhost/treetrail-backend-deps
-
-ENV PYTHONPATH $UV_PROJECT_ENVIRONMENT/lib/python3.12/site-packages
-
-COPY . /src
-
-RUN --mount=type=cache,target=/root/.cache \
-  cd /src && \
-  uv sync --locked --no-dev --no-editable
-
-#uv pip install \
-#    --python=$UV_PROJECT_ENVIRONMENT \
-#    --no-deps \
-#    /src
--- a/build.yaml
+++ b/build.yaml
@ -31,22 +31,7 @@
        push_args:
          dest: "{{ repository }}/treetrail-backend-deps"

-    - name: Build a backend base container image, with sources in /src
-      containers.podman.podman_image:
-        name: treetrail-backend-base
-        state: build
-        force: true
-        path: "{{ playbook_dir }}"
-        build:
-          format: oci
-          force_rm: "{{ force_rm }}"
-          cache: "{{ cache }}"
-          file: Containerfile.base
-        push: true
-        push_args:
-          dest: "{{ repository }}/treetrail-backend-base"
-
-    - name: Build the prod container image
+    - name: Build the backend base container image
      containers.podman.podman_image:
        name: treetrail-backend
        state: build