Merge pull request #1 from atrifat/feat-docker-image-build

atrifat · web-flow · commit 8fe3c07dd11d · 2023-11-16T09:19:04.000+08:00
Add docker image build
diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
@@ -0,0 +1,53 @@
+name: Build Docker Image
+
+on:
+  push:
+    branches: ["main", "dev"]
+    tags: ["v*"]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract Docker metadata
+        if: ${{ !env.ACT }}
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+
+      - name: Log into Container Registry
+        if: github.event_name != 'pull_request' && ${{ !env.ACT }}
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        if: github.event_name != 'pull_request' && ${{ !env.ACT }}
+        with:
+          context: .
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,43 @@
+FROM python:3.10-bookworm as builder
+
+WORKDIR /builder
+
+RUN addgroup --gid 1000 user
+RUN adduser --disabled-password --gecos '' --uid 1000 --gid 1000 user
+
+ENV USER=user
+ENV HOME=/home/user
+
+RUN python3 -mvenv venv && ./venv/bin/pip install --no-cache-dir --upgrade pip
+
+COPY requirements.txt requirements.txt
+
+RUN ./venv/bin/pip install -U --no-cache-dir -r requirements.txt
+
+FROM python:3.10-bookworm as runner
+
+WORKDIR /app
+
+RUN addgroup --gid 1000 user
+RUN adduser --disabled-password --gecos '' --uid 1000 --gid 1000 user
+
+ENV USER=user
+ENV HOME=/home/user
+
+COPY --from=builder --chown=user:user /builder/venv /app/venv
+
+COPY --chown=user:user app.py app.py 
+
+RUN chown -R user:user /app && chown -R user:user /home/user
+
+USER user
+
+ENV ENABLE_API_TOKEN=false
+ENV API_TOKEN=
+ENV APP_ENV=production
+ENV LISTEN_HOST=0.0.0.0
+ENV LISTEN_PORT=7860
+
+EXPOSE $LISTEN_PORT
+
+ENTRYPOINT [ "./venv/bin/python" , "app.py" ]
