Use s6 to run everything in a single container

2024-01-13 21:43:10 +00:00 · 2024-01-13 21:43:10 +00:00 · 8ce25dcf2d
commit 8ce25dcf2d
parent 6f1b823dfa
27 changed files with 58 additions and 24 deletions
--- a/13
+++ b/13
@ -15,6 +15,9 @@ FROM python:3.12-slim as production

 ENV VIRTUAL_ENV=/venv

+# renovate: datasource=github-tags depName=gchq/cyberchef
+ENV S6_OVERLAY_VERSION=3.1.6.2
+
 RUN useradd website --create-home -u 1000 && mkdir /app $VIRTUAL_ENV && chown -R website /app $VIRTUAL_ENV

 WORKDIR /app
@ -31,6 +34,9 @@ RUN apt-get update --yes --quiet && apt-get install --yes --quiet --no-install-r
    && apt-get autoremove && rm -rf /var/lib/apt/lists/*

 RUN curl -fsSL https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64 -o /usr/local/bin/supercronic && chmod +x /usr/local/bin/supercronic
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz

 ENV PATH=$VIRTUAL_ENV/bin:$PATH \
    PYTHONUNBUFFERED=1
@ -56,7 +62,11 @@ RUN cat ./etc/bashrc.sh >> ~/.bashrc

 RUN SECRET_KEY=none python manage.py collectstatic --noinput --clear

-CMD ["/app/etc/entrypoints/web"]
+COPY ./etc/s6-rc.d /etc/s6-overlay/s6-rc.d
+
+# Become root at the last minute for s6
+USER root
+ENTRYPOINT [ "/init" ]

 # Just dev stuff
 FROM production as dev
@ -74,4 +84,5 @@ USER website
 COPY --chown=website dev-requirements.txt ./
 RUN pip install --no-cache -r dev-requirements.txt

+ENTRYPOINT []
 CMD sleep infinity
--- a/docker/dev/docker-compose.yml
+++ b/docker/dev/docker-compose.yml
@ -4,7 +4,6 @@ services:
    build:
      context: ../../
      target: dev
-    init: true
    environment:
      - QUEUE_STORE_URL=redis://redis/0
      - DEBUG=true
--- a/etc/entrypoints/nginx
+++ b/etc/entrypoints/nginx
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-exec nginx -g "daemon off;"
--- a/etc/entrypoints/web
+++ b/etc/entrypoints/web
@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-python manage.py migrate --noinput
-
-exec gunicorn -c etc/gunicorn.conf.py
--- a/etc/entrypoints/worker
+++ b/etc/entrypoints/worker
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-exec python manage.py rqworker --with-scheduler
--- a/etc/gunicorn.conf.py
+++ b/etc/gunicorn.conf.py
@ -1,8 +1,7 @@
 wsgi_app = "website.wsgi:application"
-accesslog = "-"
 disable_redirect_access_to_syslog = True
 preload_app = True
-bind = "0.0.0.0:8080"
+bind = "127.0.0.1:8080"
 max_requests = 1200
 max_requests_jitter = 50
 forwarded_allow_ips = "*"
--- a/etc/nginx.conf
+++ b/etc/nginx.conf
@ -26,7 +26,7 @@ server {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header Proxy "";

-    proxy_pass http://django:8080;
+    proxy_pass http://localhost:8080;
  }

  location /static {
--- a/etc/s6-rc.d/cron/dependencies.d/migrate
+++ b/etc/s6-rc.d/cron/dependencies.d/migrate
--- a/etc/s6-rc.d/cron/run
+++ b/etc/s6-rc.d/cron/run
@ -0,0 +1,7 @@
+#!/command/with-contenv bash
+
+set -e
+
+cd /app
+
+exec supercronic etc/crontab
--- a/etc/s6-rc.d/cron/type
+++ b/etc/s6-rc.d/cron/type
@ -0,0 +1 @@
+longrun
--- a/etc/s6-rc.d/django/dependencies.d/migrate
+++ b/etc/s6-rc.d/django/dependencies.d/migrate
--- a/etc/s6-rc.d/django/run
+++ b/etc/s6-rc.d/django/run
@ -0,0 +1,7 @@
+#!/command/with-contenv bash
+
+set -e
+
+cd /app
+
+exec s6-setuidgid website gunicorn -c etc/gunicorn.conf.py
--- a/etc/s6-rc.d/django/type
+++ b/etc/s6-rc.d/django/type
@ -0,0 +1 @@
+longrun
--- a/etc/s6-rc.d/migrate/type
+++ b/etc/s6-rc.d/migrate/type
@ -0,0 +1 @@
+oneshot
--- a/etc/s6-rc.d/migrate/up
+++ b/etc/s6-rc.d/migrate/up
@ -0,0 +1 @@
+s6-setuidgid website with-contenv bash -c "cd /app && python manage.py migrate --noinput"
--- a/etc/s6-rc.d/nginx/dependencies.d/django
+++ b/etc/s6-rc.d/nginx/dependencies.d/django
--- a/etc/s6-rc.d/nginx/run
+++ b/etc/s6-rc.d/nginx/run
@ -0,0 +1,7 @@
+#!/command/with-contenv bash
+
+set -e
+
+cd /app
+
+exec nginx -g "daemon off;"
--- a/etc/s6-rc.d/nginx/type
+++ b/etc/s6-rc.d/nginx/type
@ -0,0 +1 @@
+longrun
--- a/etc/s6-rc.d/rq/dependencies.d/migrate
+++ b/etc/s6-rc.d/rq/dependencies.d/migrate
--- a/etc/s6-rc.d/rq/run
+++ b/etc/s6-rc.d/rq/run
@ -0,0 +1,7 @@
+#!/command/with-contenv bash
+
+set -e
+
+cd /app
+
+exec s6-setuidgid website python manage.py rqworker --with-scheduler
--- a/etc/s6-rc.d/rq/type
+++ b/etc/s6-rc.d/rq/type
@ -0,0 +1 @@
+longrun
--- a/etc/s6-rc.d/user/contents.d/cron
+++ b/etc/s6-rc.d/user/contents.d/cron
--- a/etc/s6-rc.d/user/contents.d/django
+++ b/etc/s6-rc.d/user/contents.d/django
--- a/etc/s6-rc.d/user/contents.d/nginx
+++ b/etc/s6-rc.d/user/contents.d/nginx
--- a/etc/s6-rc.d/user/contents.d/rq
+++ b/etc/s6-rc.d/user/contents.d/rq
--- a/4
+++ b/4
@ -9,7 +9,7 @@ DEV_COMPOSE := justfile_directory() + "/docker/dev/docker-compose.yml"
 build:
  docker-compose -f {{ DEV_COMPOSE }} pull
  docker-compose -f {{ DEV_COMPOSE }} build
-  docker-compose -f {{ DEV_COMPOSE }} run --rm --no-deps web bash -lc "npm ci"
+  docker-compose -f {{ DEV_COMPOSE }} run --user=website --rm --no-deps web -c "npm ci"

@compose +ARGS:
  docker-compose -f {{ DEV_COMPOSE }} {{ ARGS }}
@ -50,7 +50,7 @@ lint_python:

@sh:
  docker-compose -f {{ DEV_COMPOSE }} up -d
-  docker-compose -f {{ DEV_COMPOSE }} exec web bash
+  docker-compose -f {{ DEV_COMPOSE }} exec --user=website web bash

@down:
  docker-compose -f {{ DEV_COMPOSE }} down
--- a/renovate.json
+++ b/renovate.json
@ -10,5 +10,13 @@
      "schedule": ["every weekend"],
      "enabled": false
    }
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": ["ENV S6_OVERLAY_VERSION=(?<currentValue>.*?)\\n"],
+      "depNameTemplate": "just-containers/s6-overlay",
+      "datasourceTemplate": "github-releases"
+    }
  ]
 }
				`@ -0,0 +1 @@`
				`s6-setuidgid website with-contenv bash -c "cd /app && python manage.py migrate --noinput"`