Use s6 to run everything in a single container

This commit is contained in:
Jake Howard 2024-01-13 21:43:10 +00:00
parent 6f1b823dfa
commit 8ce25dcf2d
Signed by: jake
GPG key ID: 57AFB45680EDD477
27 changed files with 58 additions and 24 deletions

View file

@ -15,6 +15,9 @@ FROM python:3.12-slim as production
ENV VIRTUAL_ENV=/venv ENV VIRTUAL_ENV=/venv
# renovate: datasource=github-tags depName=gchq/cyberchef
ENV S6_OVERLAY_VERSION=3.1.6.2
RUN useradd website --create-home -u 1000 && mkdir /app $VIRTUAL_ENV && chown -R website /app $VIRTUAL_ENV RUN useradd website --create-home -u 1000 && mkdir /app $VIRTUAL_ENV && chown -R website /app $VIRTUAL_ENV
WORKDIR /app WORKDIR /app
@ -31,6 +34,9 @@ RUN apt-get update --yes --quiet && apt-get install --yes --quiet --no-install-r
&& apt-get autoremove && rm -rf /var/lib/apt/lists/* && apt-get autoremove && rm -rf /var/lib/apt/lists/*
RUN curl -fsSL https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64 -o /usr/local/bin/supercronic && chmod +x /usr/local/bin/supercronic RUN curl -fsSL https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64 -o /usr/local/bin/supercronic && chmod +x /usr/local/bin/supercronic
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
ENV PATH=$VIRTUAL_ENV/bin:$PATH \ ENV PATH=$VIRTUAL_ENV/bin:$PATH \
PYTHONUNBUFFERED=1 PYTHONUNBUFFERED=1
@ -56,7 +62,11 @@ RUN cat ./etc/bashrc.sh >> ~/.bashrc
RUN SECRET_KEY=none python manage.py collectstatic --noinput --clear RUN SECRET_KEY=none python manage.py collectstatic --noinput --clear
CMD ["/app/etc/entrypoints/web"] COPY ./etc/s6-rc.d /etc/s6-overlay/s6-rc.d
# Become root at the last minute for s6
USER root
ENTRYPOINT [ "/init" ]
# Just dev stuff # Just dev stuff
FROM production as dev FROM production as dev
@ -74,4 +84,5 @@ USER website
COPY --chown=website dev-requirements.txt ./ COPY --chown=website dev-requirements.txt ./
RUN pip install --no-cache -r dev-requirements.txt RUN pip install --no-cache -r dev-requirements.txt
ENTRYPOINT []
CMD sleep infinity CMD sleep infinity

View file

@ -4,7 +4,6 @@ services:
build: build:
context: ../../ context: ../../
target: dev target: dev
init: true
environment: environment:
- QUEUE_STORE_URL=redis://redis/0 - QUEUE_STORE_URL=redis://redis/0
- DEBUG=true - DEBUG=true

View file

@ -1,5 +0,0 @@
#!/usr/bin/env bash
set -e
exec nginx -g "daemon off;"

View file

@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -e
python manage.py migrate --noinput
exec gunicorn -c etc/gunicorn.conf.py

View file

@ -1,5 +0,0 @@
#!/usr/bin/env bash
set -e
exec python manage.py rqworker --with-scheduler

View file

@ -1,8 +1,7 @@
wsgi_app = "website.wsgi:application" wsgi_app = "website.wsgi:application"
accesslog = "-"
disable_redirect_access_to_syslog = True disable_redirect_access_to_syslog = True
preload_app = True preload_app = True
bind = "0.0.0.0:8080" bind = "127.0.0.1:8080"
max_requests = 1200 max_requests = 1200
max_requests_jitter = 50 max_requests_jitter = 50
forwarded_allow_ips = "*" forwarded_allow_ips = "*"

View file

@ -26,7 +26,7 @@ server {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_pass http://django:8080; proxy_pass http://localhost:8080;
} }
location /static { location /static {

View file

7
etc/s6-rc.d/cron/run Normal file
View file

@ -0,0 +1,7 @@
#!/command/with-contenv bash
set -e
cd /app
exec supercronic etc/crontab

1
etc/s6-rc.d/cron/type Normal file
View file

@ -0,0 +1 @@
longrun

7
etc/s6-rc.d/django/run Normal file
View file

@ -0,0 +1,7 @@
#!/command/with-contenv bash
set -e
cd /app
exec s6-setuidgid website gunicorn -c etc/gunicorn.conf.py

1
etc/s6-rc.d/django/type Normal file
View file

@ -0,0 +1 @@
longrun

1
etc/s6-rc.d/migrate/type Normal file
View file

@ -0,0 +1 @@
oneshot

1
etc/s6-rc.d/migrate/up Normal file
View file

@ -0,0 +1 @@
s6-setuidgid website with-contenv bash -c "cd /app && python manage.py migrate --noinput"

View file

7
etc/s6-rc.d/nginx/run Normal file
View file

@ -0,0 +1,7 @@
#!/command/with-contenv bash
set -e
cd /app
exec nginx -g "daemon off;"

1
etc/s6-rc.d/nginx/type Normal file
View file

@ -0,0 +1 @@
longrun

View file

7
etc/s6-rc.d/rq/run Normal file
View file

@ -0,0 +1,7 @@
#!/command/with-contenv bash
set -e
cd /app
exec s6-setuidgid website python manage.py rqworker --with-scheduler

1
etc/s6-rc.d/rq/type Normal file
View file

@ -0,0 +1 @@
longrun

View file

View file

View file

View file

View file

@ -9,7 +9,7 @@ DEV_COMPOSE := justfile_directory() + "/docker/dev/docker-compose.yml"
build: build:
docker-compose -f {{ DEV_COMPOSE }} pull docker-compose -f {{ DEV_COMPOSE }} pull
docker-compose -f {{ DEV_COMPOSE }} build docker-compose -f {{ DEV_COMPOSE }} build
docker-compose -f {{ DEV_COMPOSE }} run --rm --no-deps web bash -lc "npm ci" docker-compose -f {{ DEV_COMPOSE }} run --user=website --rm --no-deps web -c "npm ci"
@compose +ARGS: @compose +ARGS:
docker-compose -f {{ DEV_COMPOSE }} {{ ARGS }} docker-compose -f {{ DEV_COMPOSE }} {{ ARGS }}
@ -50,7 +50,7 @@ lint_python:
@sh: @sh:
docker-compose -f {{ DEV_COMPOSE }} up -d docker-compose -f {{ DEV_COMPOSE }} up -d
docker-compose -f {{ DEV_COMPOSE }} exec web bash docker-compose -f {{ DEV_COMPOSE }} exec --user=website web bash
@down: @down:
docker-compose -f {{ DEV_COMPOSE }} down docker-compose -f {{ DEV_COMPOSE }} down

View file

@ -10,5 +10,13 @@
"schedule": ["every weekend"], "schedule": ["every weekend"],
"enabled": false "enabled": false
} }
],
"regexManagers": [
{
"fileMatch": ["^Dockerfile$"],
"matchStrings": ["ENV S6_OVERLAY_VERSION=(?<currentValue>.*?)\\n"],
"depNameTemplate": "just-containers/s6-overlay",
"datasourceTemplate": "github-releases"
}
] ]
} }