diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30cdde4..e9e70c1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,3 +74,33 @@ pages: - public rules: - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + + +docker-build: + # Use the official docker image. + image: docker:latest + stage: build + services: + - docker:dind + before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + # Default branch leaves tag empty (= latest tag) + # All other branches are tagged with the escaped branch name (commit ref slug) + script: + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + tag="" + echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" + else + tag=":$CI_COMMIT_REF_SLUG" + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + fi + - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . + - docker push "$CI_REGISTRY_IMAGE${tag}" + - docker build --pull --target cron -t "$CI_REGISTRY_IMAGE:cron-$CI_COMMIT_BRANCH" . + - docker push "$CI_REGISTRY_IMAGE:cron-$CI_COMMIT_BRANCH" + # Run this job in a branch where a Dockerfile exists + rules: + - if: $CI_COMMIT_BRANCH + exists: + - Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..36f19ae --- /dev/null +++ b/Dockerfile @@ -0,0 +1,65 @@ +#FROM python:3.9.13-slim-bullseye +FROM debian:bullseye AS portal +MAINTAINER Ana Custura + +ENV APP="bc" +ENV APP_BASE="/srv/" +ENV SHELL="/bin/bash" +ENV FLASK_APP="${FLASK_APP:-app}" +ENV FLASK_RUN_HOST="${FLASK_RUN_HOST:-0.0.0.0}" +ENV FLASK_RUN_PORT="${FLASK_RUN_PORT:-5000}" + +# Set PATH and PYTHONPATH in the container +ENV PYTHONPATH="/usr/lib/python3/dist-packages:/home/${APP}/.local/lib/python3.9/site-packages" +ENV PATH="/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/home/${APP}/.local/bin" + +# UID and GID might be read-only values, so use non-conflicting ones +ARG CONTAINER_UID="${CONTAINER_UID:-1000}" +ARG CONTAINER_GID="${CONTAINER_GID:-1000}" + +# Install dependencies +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + curl \ + software-properties-common \ + python3-pip \ + cron \ + gnupg2 + +# Install Terraform +# See https://www.terraform.io/downloads +RUN /usr/bin/curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - +RUN apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com bullseye main" +RUN apt-get update && \ + apt-get install -y terraform \ + && rm -rf /var/lib/apt/lists/* + +# Switch to a regular user +RUN groupadd -r -g ${CONTAINER_GID} ${APP} && \ + useradd --no-log-init -r -u ${CONTAINER_UID} -g ${APP} ${APP} && \ + mkdir -p /home/${APP} && chown -R ${APP}. /home/${APP} +RUN mkdir -p ${APP_BASE}/${APP} && chown ${APP}. ${APP_BASE}/${APP} +USER ${APP} + +# Copy the project into the workdir +WORKDIR ${APP_BASE}/${APP} +COPY . ${APP_BASE}/${APP} + +# Install Python requirements +RUN pip3 install -r requirements.txt +RUN pip3 install psycopg2-binary + +# Set the entrypoint to the web app +ENTRYPOINT exec flask run + +# Image for the cron service +FROM portal AS CRON + +# Run as root +USER root + +# Setup the crontab +RUN crontab -u ${APP} docker-crontab + +# Entrypoint for the cron service +ENTRYPOINT [ "cron", "-f" ] diff --git a/docker-crontab b/docker-crontab new file mode 100644 index 0000000..cf3623a --- /dev/null +++ b/docker-crontab @@ -0,0 +1 @@ +*/1 * * * * (cd /srv/portal ; python -m app.cli automate --all) > /dev/null 2>&1