Skip to content

Commit

Permalink
🔧(docker) restrict what is copied in the production image
Browse files Browse the repository at this point in the history
We analyzed the production image to detect if files are copied in it and
are not needed to run in production. We updated the .dockerignore file
to ignore files used in the development process. In the Dockerfile, in
the final layer we only copy the backend application. The front sources
are not needed anymore, they have been built and are copied in the
static repository.
lunika committed Mar 4, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent c238b1f commit c547683
Showing 3 changed files with 15 additions and 4 deletions.
12 changes: 11 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
@@ -13,6 +13,8 @@ build

# Docker
docker-compose.*
docker/
!docker/files/usr
env.d

# Docs
@@ -23,12 +25,20 @@ docs
# Development/test cache & configurations
.cache
.circleci
.idea
.git
.gitignore
.gitlint
.github
.vscode
.ssh
.vscode
bin/
!bin/entrypoint
crowdin
lib/gitlint
Makefile
readthedocs.yml
renovate.json

# Assets
data
7 changes: 4 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -55,8 +55,8 @@ RUN apt-get update && \
# Copy installed python dependencies
COPY --from=back-builder /install /usr/local

# Copy marsha application (see .dockerignore)
COPY . /app/
# Copy marsha backend application (see .dockerignore)
COPY ./src/backend /app/src/backend
# Copy front-end dependencies
COPY --from=front-builder /app/marsha/static /app/src/backend/marsha/static
COPY --from=mail-builder /app/backend/marsha/core/templates/core/mail /app/src/backend/marsha/core/templates/core/mail
@@ -91,6 +91,7 @@ COPY --from=link-collector ${MARSHA_STATIC_ROOT} ${MARSHA_STATIC_ROOT}
# Gunicorn
RUN mkdir -p /usr/local/etc/gunicorn
COPY docker/files/usr/local/etc/gunicorn/marsha.py /usr/local/etc/gunicorn/marsha.py
COPY docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint

# Give the "root" group the same permissions as the "root" user on /etc/passwd
# to allow a user belonging to the root group to add new users; typically the
@@ -102,7 +103,7 @@ WORKDIR /app/src/backend
# We wrap commands run in this container by the following entrypoint that
# creates a user on-the-fly with the container user ID (see USER) and root group
# ID.
ENTRYPOINT [ "/app/bin/entrypoint" ]
ENTRYPOINT [ "entrypoint" ]

# The default command runs gunicorn WSGI server
CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/marsha.py", "marsha.asgi:application"]
File renamed without changes.

0 comments on commit c547683

Please sign in to comment.