diff --git a/.github/workflows/ecr-image-build.yml b/.github/workflows/ecr-image-build.yml index b331e3f778..14d1245daf 100644 --- a/.github/workflows/ecr-image-build.yml +++ b/.github/workflows/ecr-image-build.yml @@ -10,8 +10,8 @@ on: workflow_dispatch: jobs: - build: - runs-on: ubuntu-20.04 + build-ubuntu: + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -52,7 +52,7 @@ jobs: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV - - name: (Ubuntu) Build and push + - name: Build and push id: docker-build-ubuntu uses: docker/build-push-action@v2 with: @@ -69,29 +69,9 @@ jobs: tags: | ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }} - - name: (Alpine) Build and push - id: docker-build-alpine - uses: docker/build-push-action@v2 - with: - context: . - file: ./docker/onadata-uwsgi/Dockerfile.alpine - platforms: linux/amd64 - cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version }} - cache-to: type=inline - ssh: | - default=/tmp/ssh-agent.sock - build-args: | - optional_packages=PyYAML django-redis ${{ secrets.ECR_OPTIONAL_PACKAGES }} - push: true - tags: | - ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }}-alpine - - - name: (Ubuntu) Image digest + - name: Image digest run: echo ${{ steps.docker-build-ubuntu.outputs.digest }} - - name: (Alpine) Image digest - run: echo ${{ steps.docker-build-alpine.outputs.digest }} - - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: diff --git a/docker/onadata-uwsgi/Dockerfile.alpine b/docker/onadata-uwsgi/Dockerfile.alpine index 9cbee22e52..0e7814a9ae 100644 --- a/docker/onadata-uwsgi/Dockerfile.alpine +++ b/docker/onadata-uwsgi/Dockerfile.alpine @@ -1,3 +1,4 @@ +# NOTE: This image currently does not work with the SAV export package FROM python:3.9-alpine3.17 ENV PYTHONUNBUFFERED 1 diff --git a/docker/onadata-uwsgi/Dockerfile.ubuntu b/docker/onadata-uwsgi/Dockerfile.ubuntu index 58a00cfc15..b15c651a81 100644 --- a/docker/onadata-uwsgi/Dockerfile.ubuntu +++ b/docker/onadata-uwsgi/Dockerfile.ubuntu @@ -13,16 +13,10 @@ RUN mkdir -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts # hadolint ignore=DL3013 RUN --mount=type=ssh if [ -n "$optional_packages" ]; then pip install ${optional_packages} ; fi -FROM ubuntu:focal-20230412 -COPY --from=intermediate /usr/local/lib/python3.9/site-packages/ /usr/local/lib/python3.9/dist-packages/ - -ARG release_version=v3.7.1 +FROM python:3.9-slim -# Silence configuration prompts ENV DEBIAN_FRONTEND noninteractive - ENV PYTHONUNBUFFERED 1 - ENV DJANGO_SETTINGS_MODULE onadata.settings.docker # Install service dependencies @@ -35,10 +29,6 @@ RUN apt-get update -q &&\ libmemcached-dev \ build-essential \ supervisor \ - python3.9 \ - python3-dev \ - python3-pip \ - python3-setuptools \ git \ libssl-dev \ libpq-dev \ @@ -47,11 +37,8 @@ RUN apt-get update -q &&\ libjpeg-dev \ libxml2-dev \ libxslt1-dev \ - libpython3.9-dev \ zlib1g-dev \ ghostscript \ - python3-celery \ - python3-sphinx \ pkg-config \ gcc \ automake \ @@ -60,8 +47,12 @@ RUN apt-get update -q &&\ libpcre3 \ libpcre3-dev \ locales \ - netcat && \ - rm -rf /var/lib/apt/lists/* + netcat \ + ca-certificates \ + openssl \ + && apt-get autoremove -y \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* # Generate and set en_US.UTF-8 locale RUN locale-gen en_US.UTF-8 @@ -75,12 +66,15 @@ RUN useradd -G tty -m onadata # Clone Repository and Change owner RUN mkdir -p /srv/onadata -COPY ../../ /srv/onadata/ - RUN chown -R onadata:onadata /srv/onadata # Install service requirements WORKDIR /srv/onadata + +COPY requirements/ requirements/ + +COPY --from=intermediate /usr/local/lib/python3.9/site-packages/ /usr/local/lib/python3.9/dist-packages/ + # hadolint ignore=DL3013 RUN python3.9 -m pip install --no-cache-dir -U pip && \ python3.9 -m pip install --no-cache-dir -r requirements/base.pip && \ @@ -90,6 +84,9 @@ RUN python3.9 -m pip install --no-cache-dir -U pip && \ python3.9 -m pip install setuptools==65.5.1 && \ python3.9 -m pip install --no-cache-dir pyyaml uwsgitop +COPY . . + + # Compile API Docs RUN make -C docs html