ci: use reusable golden images

2026-04-28 20:34:05 +02:00
parent 29e4fa8e97
commit 77d84b9778
3 changed files with 254 additions and 120 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,11 @@
-FROM python:3.11-slim-bookworm AS base
+ARG PYTHON_IMAGE=python:3.11-slim-bookworm
+ARG UV_IMAGE=ghcr.io/astral-sh/uv:0.7.2
+ARG GOLDEN_WEB_IMAGE=web-deps-base
+ARG GOLDEN_CELERY_IMAGE=celery-deps-base
+
+FROM ${UV_IMAGE} AS uv-bin
+
+FROM ${PYTHON_IMAGE} AS base

 ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
@@ -11,13 +18,10 @@ WORKDIR /app

 RUN groupadd -r appgroup && useradd -r -g appgroup -m appuser

-# Install uv binary.
-COPY --from=ghcr.io/astral-sh/uv:0.7.2 /uv /uvx /usr/local/bin/
+COPY --from=uv-bin /uv /uvx /usr/local/bin/


-FROM base AS builder
-
-ARG INSTALL_DEV=false
+FROM base AS builder-base

 # hadolint ignore=DL3008
 RUN apt-get update \
@@ -34,14 +38,29 @@ RUN apt-get update \

 COPY pyproject.toml uv.lock ./

-RUN if [ "${INSTALL_DEV}" = "true" ]; then \
-        uv sync --frozen --no-install-project --dev; \
-    else \
-        uv sync --frozen --no-install-project; \
-    fi
+
+FROM builder-base AS prod-deps-base
+
+RUN uv sync --frozen --no-install-project


-FROM base AS runtime-base
+FROM builder-base AS ci-deps-build
+
+RUN uv sync --frozen --no-install-project --dev
+
+
+FROM base AS ci-deps-base
+
+COPY --from=ci-deps-build /app/.venv /app/.venv
+
+ENV PATH="/app/.venv/bin:${PATH}" \
+    PYTHONPATH=/workspace/src \
+    DJANGO_SETTINGS_MODULE=settings.test
+
+
+FROM ci-deps-base AS web-deps-base
+
+USER root

 # hadolint ignore=DL3008
 RUN apt-get update \
@@ -54,13 +73,8 @@ RUN apt-get update \
    zlib1g \
    && rm -rf /var/lib/apt/lists/*

-COPY --from=builder /app/.venv /app/.venv
-COPY src/ ./src/
-COPY docker/scripts/ ./docker/scripts/
-
 RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
-    && chmod +x /app/docker/scripts/*.sh \
-    && chown -R appuser:appgroup /app
+    && chown -R appuser:appgroup logs media staticfiles input src/static

 ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONPATH=/app/src \
@@ -94,13 +108,7 @@ ENV PATH="/app/.venv/bin:${PATH}" \
 USER appuser


-FROM runtime-base AS runtime-web
-
-EXPOSE 8000
-CMD ["/app/docker/scripts/start-web.sh"]
-
-
-FROM runtime-base AS runtime-celery
+FROM ${GOLDEN_WEB_IMAGE} AS celery-deps-base

 USER root

@@ -129,7 +137,36 @@ RUN apt-get update \

 ENV PLAYWRIGHT_BROWSERS_PATH=/app/.playwright
 RUN python -m playwright install chromium \
-    && chown -R appuser:appgroup /app
+    && chown -R appuser:appgroup /app/.playwright
+
+USER appuser
+
+
+FROM ${GOLDEN_WEB_IMAGE} AS runtime-web
+
+WORKDIR /app
+USER root
+COPY src/ ./src/
+COPY docker/scripts/ ./docker/scripts/
+RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
+    && chmod +x /app/docker/scripts/*.sh \
+    && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts
+
+USER appuser
+
+EXPOSE 8000
+CMD ["/app/docker/scripts/start-web.sh"]
+
+
+FROM ${GOLDEN_CELERY_IMAGE} AS runtime-celery
+
+WORKDIR /app
+USER root
+COPY src/ ./src/
+COPY docker/scripts/ ./docker/scripts/
+RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
+    && chmod +x /app/docker/scripts/*.sh \
+    && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts

 USER appuser