3wordchant/capsul-flask
1
0
Fork 1
Code Issues Pull Requests 1 Releases Wiki Activity

Docker image, & local development docker-compose.yml #2

Merged
3wordchant merged 12 commits from docker into master 2021-07-21 23:18:11 +00:00
Conversation 2 Commits 12 Files Changed 4 +113
3wordchant commented 2021-07-19 21:38:20 +00:00
Owner
Copy Link

Adds:

  • a Docker image, which can be used in both development and production
  • a docker-compose.yml file for local development (could probably be adapted for production deployments)

Testing:

App architecture

I added the ability to load secret config variables (HUB_TOKEN, STRIPE_SECRET_KEY etc) from files, to support Docker Secrets natively. The code should probably log an error if a specified HUB_TOKEN_FILE doesn't exist instead of failing silently..

Docker architecture

This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over.

The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons!

You can rebuild the image locally using docker-compose build, but this isn't required for changes to the app code, only if you edit the Dockerfile, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials).

Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.

Adds: - a Docker image, which can be used in both development and production - a `docker-compose.yml` file for local development (could probably be adapted for production deployments) Testing: - `git checkout docker` - `docker-compose up` - pray 🙏 - go to http://localhost:5000 ## App architecture I added the ability to load secret config variables (`HUB_TOKEN`, `STRIPE_SECRET_KEY` etc) from files, to support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/) natively. The code should probably log an error if a specified `HUB_TOKEN_FILE` doesn't exist instead of failing silently.. ## Docker architecture This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over. The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons! You can rebuild the image locally using `docker-compose build`, but this isn't required for changes to the app code, only if you edit the `Dockerfile`, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials). Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.
3wordchant added 3 commits 2021-07-19 21:38:21 +00:00
3wordchant force-pushed docker from 6102e812a0 to be6c1b38b7 2021-07-19 23:51:56 +00:00 Compare
3wordchant added 1 commit 2021-07-19 23:52:36 +00:00
Add openssh-cient to Dockerfile for ssh-keyscan
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
Details
continuous-integration/drone/push Build is passing
Details
2e6c6517f3
decentral1se approved these changes 2021-07-20 20:57:17 +00:00
decentral1se left a comment
Collaborator
Copy Link

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.
.drone.yml Outdated
@ -0,0 +10,4 @@
password:
from_secret: docker_reg_passwd_3wc
repo: 3wordchant/capsul-flask
tags: latest
decentral1se commented 2021-07-20 20:48:41 +00:00
Collaborator
Copy Link

Off-topic: does capsul do tagged releases? That'd be handy as the plugins/docker plugin has a auto_tag: true which generates the image tag based on the git tag. That is probably One For Later ™️

Off-topic: does capsul do tagged releases? That'd be handy as the [plugins/docker](http://plugins.drone.io/drone-plugins/drone-docker/) plugin has a `auto_tag: true` which generates the image tag based on the git tag. That is probably One For Later :tm:
3wordchant commented 2021-07-20 21:44:35 +00:00
Author
Owner
Copy Link

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that?

Even more off-topic: can auto_tag: true work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that? Even more off-topic: can `auto_tag: true` work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.
3wordchant commented 2021-07-21 22:55:19 +00:00
Author
Owner
Copy Link

auto_tag doesn't, but I think it's possible with interpolating e.g. ${DRONE_COMMIT_BRANCH}, see 982556a

`auto_tag` doesn't, but I think it's possible with interpolating e.g. `${DRONE_COMMIT_BRANCH}`, see 982556a
3wordchant marked this conversation as resolved
Dockerfile Outdated
@ -0,0 +1,33 @@
FROM python:3.8-alpine as build
RUN apk add gettext git gcc python3-dev musl-dev \
decentral1se commented 2021-07-20 20:51:21 +00:00
Collaborator
Copy Link

Feel free to ignore but I usually add --no-cache to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes.

RUN apk add --no-cache \
    build-base \
    gcc \
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev \
    --virtual .build-dependencies
Feel free to ignore but I usually add `--no-cache` to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes. ``` RUN apk add --no-cache \ build-base \ gcc \ gettext \ git \ jpeg-dev \ libffi-dev \ libjpeg \ musl-dev \ postgresql-dev \ python3-dev \ zlib-dev \ --virtual .build-dependencies ```
❤️ 1
3wordchant marked this conversation as resolved
Dockerfile Outdated
@ -0,0 +17,4 @@
FROM python:3.8-alpine
RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \
decentral1se commented 2021-07-20 20:52:37 +00:00
Collaborator
Copy Link

Same totally optional comment as https://git.autonomic.zone/3wordchant/capsul-flask/pulls/2/files#issuecomment-7607.

Same totally optional comment as https://git.autonomic.zone/3wordchant/capsul-flask/pulls/2/files#issuecomment-7607.
👍 1
3wordchant marked this conversation as resolved
capsulflask/__init__.py Outdated
@ -31,0 +33,4 @@
"SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
"BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
]:
var = os.environ.get(f"{var_name}_FILE", False)
decentral1se commented 2021-07-20 20:53:42 +00:00
Collaborator
Copy Link

Optional: var = os.environ.get(f"{var_name}_FILE") also works as it defaults to None if missing.

Optional: `var = os.environ.get(f"{var_name}_FILE")` also works as it defaults to `None` if missing.
👍 1
3wordchant marked this conversation as resolved
docker-compose.yml Outdated
@ -0,0 +26,4 @@
devices:
- "/dev/kvm:/dev/kvm"
db:
image: "postgres:9.6.5"
decentral1se commented 2021-07-20 20:56:22 +00:00
Collaborator
Copy Link

Maybe postgres:9.6-alpine as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated

Maybe `postgres:9.6-alpine` as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated
3wordchant marked this conversation as resolved
3wordchant added 1 commit 2021-07-20 21:48:49 +00:00
Changes from @decentral1se code review
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is passing
Details
2e6894ad14
3wordchant added 1 commit 2021-07-21 09:38:50 +00:00
Make docker-compose file less demanding
Some checks reported errors
continuous-integration/drone/pr Build was killed
Details
continuous-integration/drone/push Build is passing
Details
fc7e264178
forest commented 2021-07-21 21:35:32 +00:00
Collaborator
Copy Link

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.
👍 1
3wordchant commented 2021-07-21 21:42:00 +00:00
Author
Owner
Copy Link

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.
3wordchant force-pushed docker from 8e22948f82 to 13646e64da 2021-07-21 21:50:59 +00:00 Compare
3wordchant added 1 commit 2021-07-21 22:28:55 +00:00
Tag with current branch, instead of latest
Some checks reported errors
continuous-integration/drone/pr Build was killed
Details
continuous-integration/drone/push Build is passing
Details
982556a2c5
3wordchant added 1 commit 2021-07-21 23:13:55 +00:00
Merge branch 'master' into docker
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is passing
Details
18294cec43
3wordchant added 1 commit 2021-07-21 23:17:05 +00:00
Merge branch 'master' into docker
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
abe768a521
3wordchant merged commit 72c04d8495 into master 2021-07-21 23:18:11 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
decentral1se
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: 3wordchant/capsul-flask#2
No description provided.
Delete Branch "docker"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?