bugsink/Dockerfile.fromwheel at main · ptdev/bugsink · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# This is the Dockerfile that builds an image given a specified WHEEL_FILE,
# rather than from source/working dir.
#
# The reason for this is that, although Bugsink is certainly available as a
# Docker image, it is available as a Python package first. We thus want
# the Docker image to be as faithful as possible to the Python package.
#
# Because the typical expectation for a Dockerfile is that it "just works"
# and that it builds from source (the working directory), the present file
# is not named Dockerfile, but an explicitly postfixed one. Still, for the
# purpose of what actually ends up on Docker hub, the present file is the
# one that's used.
ARG PYTHON_VERSION=3.12

# Build image: non-slim, in particular to build the mysqlclient wheel
FROM python:${PYTHON_VERSION} AS build

# mysqlclient is not available as a .whl on PyPI, so we need to build it from
# source and store the .whl. This is both the most expensive part of the build
# and the one that is least likely to change, so we do it first.
RUN --mount=type=cache,target=/var/cache/buildkit/pip \
    pip wheel --wheel-dir /wheels mysqlclient

# NOTE: At some point in the past, we built all requirements as encoded in the
# Bugsink wheel file into wheels at this point. It is not clear that this saves
# any build time however, because:
#
# * this moves the dependency on the bugsink wheel up in the build-order, and
#     that's precisely the most changing part, i.e. the thing that breaks caching.
#
# * all current (Aug 2025) dependencies .whl files are available on PyPI anyway.
#     Nothing much is gained by fetch-first-install-later. And if we ever
#     depend on packages that require a build step, explicit action is probably
#     needed anyway b/c of the build deps.
#
# * pointing to requirements.txt here instead of the wheel is tempting, but
#     breaks the idea of "just build the wheel" (requirements.txt is whatever
#     it happens to be right now, not what it was at the time the wheel was
#     built)
#
# Moreover, there's the argument of image _size_ rather than build time, and
# copying over all wheels instead of just their unpacked equivalents increases
# that.

# Actual image (based on slim)
FROM python:${PYTHON_VERSION}-slim

ARG WHEEL_FILE=wheelfile-not-specified.whoops

ENV PYTHONUNBUFFERED=1

ENV PORT=8000

WORKDIR /app

# mysqlclient dependencies; needed here too, because the built wheel depends on .o files
RUN apt update && apt install default-libmysqlclient-dev -y

COPY --from=build /wheels /wheels

RUN --mount=type=cache,target=/var/cache/buildkit/pip \
    pip install --find-links /wheels --no-index mysqlclient

RUN --mount=type=cache,target=/var/cache/buildkit/pip \
    pip install "psycopg[binary]"

COPY dist/$WHEEL_FILE /wheels/

RUN --mount=type=cache,target=/var/cache/buildkit/pip \
    pip install /wheels/$WHEEL_FILE

RUN cp /usr/local/lib/python3.12/site-packages/bugsink/conf_templates/docker.py.template /app/bugsink_conf.py && \
    cp /usr/local/lib/python3.12/site-packages/bugsink/gunicorn.docker.conf.py /app/gunicorn.docker.conf.py

RUN groupadd --gid 14237 bugsink \
 && useradd --uid 14237 --gid 14237 bugsink \
 && mkdir -p /data \
 && chown -R bugsink:bugsink /data

USER bugsink

HEALTHCHECK CMD python -c 'import requests; requests.get("http://localhost:8000/health/ready").raise_for_status()'

CMD [ "monofy", "bugsink-show-version", "&&", "bugsink-manage", "check", "--deploy", "--fail-level", "WARNING", "&&", "bugsink-manage", "migrate", "snappea", "--database=snappea", "&&", "bugsink-manage", "migrate", "&&", "bugsink-manage", "prestart", "&&", "gunicorn", "--config", "gunicorn.docker.conf.py", "--bind=0.0.0.0:$PORT", "--access-logfile", "-", "bugsink.wsgi", "|||", "bugsink-runsnappea"]