Docker image, & local development docker-compose.yml #2

Birleştirildi
3wordchant 2021-07-21 23:18:11 +00:00 docker içindeki 12 işlemeyi master ile birleştirdi
Sahibi

Adds:

  • a Docker image, which can be used in both development and production
  • a docker-compose.yml file for local development (could probably be adapted for production deployments)

Testing:

App architecture

I added the ability to load secret config variables (HUB_TOKEN, STRIPE_SECRET_KEY etc) from files, to support Docker Secrets natively. The code should probably log an error if a specified HUB_TOKEN_FILE doesn't exist instead of failing silently..

Docker architecture

This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over.

The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons!

You can rebuild the image locally using docker-compose build, but this isn't required for changes to the app code, only if you edit the Dockerfile, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials).

Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.

Adds: - a Docker image, which can be used in both development and production - a `docker-compose.yml` file for local development (could probably be adapted for production deployments) Testing: - `git checkout docker` - `docker-compose up` - pray 🙏 - go to http://localhost:5000 ## App architecture I added the ability to load secret config variables (`HUB_TOKEN`, `STRIPE_SECRET_KEY` etc) from files, to support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/) natively. The code should probably log an error if a specified `HUB_TOKEN_FILE` doesn't exist instead of failing silently.. ## Docker architecture This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over. The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons! You can rebuild the image locally using `docker-compose build`, but this isn't required for changes to the app code, only if you edit the `Dockerfile`, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials). Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.
3wordchant 3 işlemeyi 2021-07-19 21:38:21 +00:00 ekledi
3wordchant docker 6102e812a0 hedefinden be6c1b38b7 hedefine zorla gönderildi 2021-07-19 23:51:56 +00:00 Karşılaştır
3wordchant 1 işlemeyi 2021-07-19 23:52:36 +00:00 ekledi
Add openssh-cient to Dockerfile for ssh-keyscan
Bazı kontroller hatalar bildirdi
continuous-integration/drone/pr Build encountered an error
continuous-integration/drone/push Build is passing
2e6c6517f3
decentral1se 2021-07-20 20:57:17 +00:00 bu değişiklikleri onayladı
decentral1se bir yorum yaptı
Katkıcı

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.
.drone.yml Eskimiş
@ -0,0 +10,4 @@
password:
from_secret: docker_reg_passwd_3wc
repo: 3wordchant/capsul-flask
tags: latest
Katkıcı

Off-topic: does capsul do tagged releases? That'd be handy as the plugins/docker plugin has a auto_tag: true which generates the image tag based on the git tag. That is probably One For Later ™️

Off-topic: does capsul do tagged releases? That'd be handy as the [plugins/docker](http://plugins.drone.io/drone-plugins/drone-docker/) plugin has a `auto_tag: true` which generates the image tag based on the git tag. That is probably One For Later :tm:
Yazar
Sahibi

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that?

Even more off-topic: can auto_tag: true work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that? Even more off-topic: can `auto_tag: true` work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.
Yazar
Sahibi

auto_tag doesn't, but I think it's possible with interpolating e.g. ${DRONE_COMMIT_BRANCH}, see 982556a

`auto_tag` doesn't, but I think it's possible with interpolating e.g. `${DRONE_COMMIT_BRANCH}`, see 982556a
3wordchant bu konuşmayı çözümlenmiş olarak işaretledi
Dockerfile Eskimiş
@ -0,0 +1,33 @@
FROM python:3.8-alpine as build
RUN apk add gettext git gcc python3-dev musl-dev \
Katkıcı

Feel free to ignore but I usually add --no-cache to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes.

RUN apk add --no-cache \
    build-base \
    gcc \
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev \
    --virtual .build-dependencies
Feel free to ignore but I usually add `--no-cache` to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes. ``` RUN apk add --no-cache \ build-base \ gcc \ gettext \ git \ jpeg-dev \ libffi-dev \ libjpeg \ musl-dev \ postgresql-dev \ python3-dev \ zlib-dev \ --virtual .build-dependencies ```
3wordchant bu konuşmayı çözümlenmiş olarak işaretledi
Dockerfile Eskimiş
@ -0,0 +17,4 @@
FROM python:3.8-alpine
RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \
Katkıcı
Same totally optional comment as https://git.autonomic.zone/3wordchant/capsul-flask/pulls/2/files#issuecomment-7607.
3wordchant bu konuşmayı çözümlenmiş olarak işaretledi
@ -31,0 +33,4 @@
"SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
"BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
]:
var = os.environ.get(f"{var_name}_FILE", False)
Katkıcı

Optional: var = os.environ.get(f"{var_name}_FILE") also works as it defaults to None if missing.

Optional: `var = os.environ.get(f"{var_name}_FILE")` also works as it defaults to `None` if missing.
3wordchant bu konuşmayı çözümlenmiş olarak işaretledi
@ -0,0 +26,4 @@
devices:
- "/dev/kvm:/dev/kvm"
db:
image: "postgres:9.6.5"
Katkıcı
Maybe `postgres:9.6-alpine` as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated
3wordchant bu konuşmayı çözümlenmiş olarak işaretledi
3wordchant 1 işlemeyi 2021-07-20 21:48:49 +00:00 ekledi
Changes from @decentral1se code review
Bazı kontroller başarısız oldu
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
2e6894ad14
3wordchant 1 işlemeyi 2021-07-21 09:38:50 +00:00 ekledi
Make docker-compose file less demanding
Bazı kontroller hatalar bildirdi
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build is passing
fc7e264178
Katkıcı

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.
Yazar
Sahibi

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.
3wordchant docker 8e22948f82 hedefinden 13646e64da hedefine zorla gönderildi 2021-07-21 21:50:59 +00:00 Karşılaştır
3wordchant 1 işlemeyi 2021-07-21 22:28:55 +00:00 ekledi
Tag with current branch, instead of latest
Bazı kontroller hatalar bildirdi
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build is passing
982556a2c5
3wordchant 1 işlemeyi 2021-07-21 23:13:55 +00:00 ekledi
Merge branch 'master' into docker
Bazı kontroller başarısız oldu
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
18294cec43
3wordchant 1 işlemeyi 2021-07-21 23:17:05 +00:00 ekledi
Merge branch 'master' into docker
Bazı kontroller başarısız oldu
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing
abe768a521
3wordchant 72c04d8495 işlemesi, master dalına birleştirildi 2021-07-21 23:18:11 +00:00
Bu konuşmaya katılmak için oturum aç.
No Reviewers
Etiket Yok
3 Katılımcı
Bildirimler
Bitiş Tarihi
Bitiş tarihi atanmadı.
Bağımlılıklar

Bağımlılık yok.

Referans: 3wordchant/capsul-flask#2
Herhangi bir açıklama sağlanmadı.