Add Dockerfile and build image with CI

.gitlab-ci.yml

@@ -74,3 +74,33 @@ pages:
     - public
   rules:
     - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+
+
+docker-build:
+  # Use the official docker image.
+  image: docker:latest
+  stage: build
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  # Default branch leaves tag empty (= latest tag)
+  # All other branches are tagged with the escaped branch name (commit ref slug)
+  script:
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        tag=""
+        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
+      else
+        tag=":$CI_COMMIT_REF_SLUG"
+        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
+      fi
+    - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
+    - docker push "$CI_REGISTRY_IMAGE${tag}"
+    - docker build --pull --target cron -t "$CI_REGISTRY_IMAGE:cron-$CI_COMMIT_BRANCH" .
+    - docker push "$CI_REGISTRY_IMAGE:cron-$CI_COMMIT_BRANCH"
+  # Run this job in a branch where a Dockerfile exists
+  rules:
+    - if: $CI_COMMIT_BRANCH
+      exists:
+        - Dockerfile

Dockerfile

@@ -0,0 +1,65 @@
+#FROM python:3.9.13-slim-bullseye
+FROM debian:bullseye AS portal
+MAINTAINER Ana Custura <ana@sr2.uk>
+
+ENV APP="bc"
+ENV APP_BASE="/srv/"
+ENV SHELL="/bin/bash"
+ENV FLASK_APP="${FLASK_APP:-app}"
+ENV FLASK_RUN_HOST="${FLASK_RUN_HOST:-0.0.0.0}"
+ENV FLASK_RUN_PORT="${FLASK_RUN_PORT:-5000}"
+
+# Set PATH and PYTHONPATH in the container
+ENV PYTHONPATH="/usr/lib/python3/dist-packages:/home/${APP}/.local/lib/python3.9/site-packages"
+ENV PATH="/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/home/${APP}/.local/bin"
+
+# UID and GID might be read-only values, so use non-conflicting ones
+ARG CONTAINER_UID="${CONTAINER_UID:-1000}"
+ARG CONTAINER_GID="${CONTAINER_GID:-1000}"
+
+# Install dependencies
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+    curl \
+    software-properties-common \
+    python3-pip \
+    cron \
+    gnupg2
+
+# Install Terraform
+# See https://www.terraform.io/downloads
+RUN /usr/bin/curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
+RUN apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com bullseye main"
+RUN apt-get update && \
+    apt-get install -y terraform \
+    && rm -rf /var/lib/apt/lists/*
+
+# Switch to a regular user
+RUN groupadd -r -g ${CONTAINER_GID} ${APP} && \
+    useradd --no-log-init -r -u ${CONTAINER_UID} -g ${APP} ${APP} && \
+    mkdir -p /home/${APP} && chown -R ${APP}. /home/${APP}
+RUN mkdir -p ${APP_BASE}/${APP} && chown ${APP}. ${APP_BASE}/${APP}
+USER ${APP}
+
+# Copy the project into the workdir
+WORKDIR ${APP_BASE}/${APP}
+COPY . ${APP_BASE}/${APP}
+
+# Install Python requirements
+RUN pip3 install -r requirements.txt
+RUN pip3 install psycopg2-binary
+
+# Set the entrypoint to the web app
+ENTRYPOINT exec flask run
+
+# Image for the cron service
+FROM portal AS CRON
+
+# Run as root
+USER root
+
+# Setup the crontab
+RUN crontab -u ${APP} docker-crontab
+
+# Entrypoint for the cron service
+ENTRYPOINT [ "cron", "-f" ]

docker-crontab

@@ -0,0 +1 @@
+*/1 * * * * (cd /srv/portal ; python -m app.cli automate --all) > /dev/null 2>&1