feat: upgrade python version and install frontend in container

Dockerfile

@@ -1,55 +1,64 @@
-#FROM python:3.9.13-slim-bullseye
-FROM debian:bullseye AS portal
-MAINTAINER Ana Custura <ana@sr2.uk>
+FROM debian:bookworm AS portal
 
 ENV APP="bc"
-ENV APP_BASE="/srv/"
+ENV APP_BASE="/srv"
 ENV SHELL="/bin/bash"
 ENV FLASK_APP="${FLASK_APP:-app}"
 ENV FLASK_RUN_HOST="${FLASK_RUN_HOST:-0.0.0.0}"
 ENV FLASK_RUN_PORT="${FLASK_RUN_PORT:-5000}"
+ENV PYTHONPATH="${APP_BASE}/env/lib/python3.11/site-packages"
+ENV PATH="${APP_BASE}/env/bin:/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/home/${APP}/.local/bin"
 
-# Set PATH and PYTHONPATH in the container
-ENV PYTHONPATH="/usr/lib/python3/dist-packages:/home/${APP}/.local/lib/python3.9/site-packages"
-ENV PATH="/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/home/${APP}/.local/bin"
-
-# UID and GID might be read-only values, so use non-conflicting ones
 ARG CONTAINER_UID="${CONTAINER_UID:-1000}"
 ARG CONTAINER_GID="${CONTAINER_GID:-1000}"
 
-# Install dependencies
 RUN apt-get update && \
     apt-get install --no-install-recommends -y \
     curl \
-    software-properties-common \
     python3-pip \
+    python3-venv \
     cron \
     git \
-    gnupg2
+    gnupg && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ARG OPENTOFU_VERSION="1.8.5"
+RUN curl -fsSL https://get.opentofu.org/opentofu.gpg -o opentofu.gpg && \
+    gpg --import opentofu.gpg && \
+    curl -fsSL https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_linux_amd64.tar.gz -o opentofu.tar.gz && \
+    curl -fsSL https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_linux_amd64.tar.gz.gpgsig -o opentofu.tar.gz.gpgsig && \
+    gpg --verify opentofu.tar.gz.gpgsig opentofu.tar.gz && \
+    tar -xzf opentofu.tar.gz -C /usr/local/bin tofu && \
+    chmod +x /usr/local/bin/tofu && \
+    ln -s /usr/local/bin/tofu /usr/local/bin/terraform && \
+    rm -rf opentofu.tar.gz opentofu.tar.gz.gpgsig opentofu.gpg /tmp/* /var/tmp/*
 
-# Install Terraform
-# See https://www.terraform.io/downloads
-RUN /usr/bin/curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
-RUN apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com bullseye main"
 RUN apt-get update && \
-    apt-get install -y terraform \
-    && rm -rf /var/lib/apt/lists/*
+    apt-get install --no-install-recommends -y curl sudo && \
+    curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get install -y nodejs && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# Switch to a regular user
 RUN groupadd -r -g ${CONTAINER_GID} ${APP} && \
     useradd --no-log-init -r -u ${CONTAINER_UID} -g ${APP} ${APP} && \
-    mkdir -p /home/${APP} && chown -R ${APP}. /home/${APP}
-RUN mkdir -p ${APP_BASE}/${APP} && chown ${APP}. ${APP_BASE}/${APP}
+    mkdir -p /home/${APP} && chown -R ${APP}:${APP} /home/${APP} && \
+    mkdir -p ${APP_BASE}/${APP} ${APP_BASE}/env && chown ${APP}:${APP} ${APP_BASE}/${APP} ${APP_BASE}/env
+
 USER ${APP}
 
-# Copy the project into the workdir
 WORKDIR ${APP_BASE}/${APP}
 COPY --chown=${APP}:${APP} . ${APP_BASE}/${APP}
 
-# Install Python requirements
-RUN pip3 install -r requirements.txt
-RUN pip3 install psycopg2-binary
+RUN python3 -m venv ${APP_BASE}/env && \
+    ${APP_BASE}/env/bin/pip install --no-cache-dir -r requirements.txt && \
+    ${APP_BASE}/env/bin/pip install --no-cache-dir psycopg2-binary
+
+RUN rm -rf frontend && \
+    git clone https://gitlab.com/guardianproject-ops/bypass-censorship/portal-frontend.git frontend && \
+    cd frontend && npm install && npm run build && \
+    mkdir -p ${APP_BASE}/${APP}/app/static/ui && \
+    cp -r dist/* ${APP_BASE}/${APP}/app/static/ui && \
+    rm -rf frontend /tmp/* /var/tmp/*
 
 USER root
 RUN crontab -u ${APP} docker-crontab
-# Set the entrypoint to the web app