ARG PYTHON_IMAGE=python:3.11-slim-bookworm ARG UV_IMAGE=ghcr.io/astral-sh/uv:0.7.2 ARG GOLDEN_WEB_IMAGE=web-deps-base ARG GOLDEN_CELERY_IMAGE=celery-deps-base FROM ${UV_IMAGE} AS uv-bin FROM ${PYTHON_IMAGE} AS base ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ UV_COMPILE_BYTECODE=1 \ UV_LINK_MODE=copy \ UV_PYTHON_DOWNLOADS=never \ UV_PROJECT_ENVIRONMENT=/app/.venv WORKDIR /app RUN groupadd -r appgroup && useradd -r -g appgroup -m appuser COPY --from=uv-bin /uv /uvx /usr/local/bin/ FROM base AS builder-base # hadolint ignore=DL3008 RUN apt-get update \ && apt-get install -y --no-install-recommends \ build-essential \ gcc \ libpq-dev \ libffi-dev \ libxml2-dev \ libxslt1-dev \ zlib1g-dev \ pkg-config \ && rm -rf /var/lib/apt/lists/* COPY pyproject.toml uv.lock ./ FROM builder-base AS prod-deps-base RUN uv sync --frozen --no-install-project FROM builder-base AS ci-deps-build RUN uv sync --frozen --no-install-project --dev FROM base AS ci-deps-base COPY --from=ci-deps-build /app/.venv /app/.venv ENV PATH="/app/.venv/bin:${PATH}" \ PYTHONPATH=/workspace/src \ DJANGO_SETTINGS_MODULE=settings.test FROM ci-deps-base AS web-deps-base USER root # hadolint ignore=DL3008 RUN apt-get update \ && apt-get install -y --no-install-recommends \ curl \ libpq5 \ libffi8 \ libxml2 \ libxslt1.1 \ zlib1g \ && rm -rf /var/lib/apt/lists/* RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \ && chown -R appuser:appgroup logs media staticfiles input src/static ENV PATH="/app/.venv/bin:${PATH}" \ PYTHONPATH=/app/src \ DJANGO_SETTINGS_MODULE=settings.dev \ POSTGRES_HOST=10.10.0.114 \ POSTGRES_PORT=5432 \ POSTGRES_DB=mostovik \ POSTGRES_USER=postgres \ POSTGRES_PASSWORD=postgres \ POSTGRES_SSLMODE=disable \ REDIS_HOST=10.10.0.110 \ REDIS_CACHE_URL=redis://10.10.0.110:6379/1 \ CELERY_BROKER_URL=redis://10.10.0.110:6379/0 \ CELERY_RESULT_BACKEND=redis://10.10.0.110:6379/0 \ PORT=8000 \ GUNICORN_WORKERS=4 \ GUNICORN_TIMEOUT=60 \ CELERY_LOG_LEVEL=INFO \ CELERY_WORKER_CONCURRENCY=2 \ CHECKO_API_KEY=pRiEnJuD1tclsLCb \ ZAKUPKI_TOKEN=019c03d7-e1f6-7091-b296-8c88b4c585dd \ COLLECTSTATIC_ON_MIGRATE=0 \ BACKUP_ENCRYPTION_KEY=a2tra2tra2tra2tra2tra2tra2tra2tra2tra2s \ BACKUP_KEY_ID=default \ BACKUP_EXPORT_DIRECTORY=/app/media/backups \ STATE_CORP_EXCHANGE_URL= \ STATE_CORP_EXCHANGE_TOKEN= \ STATE_CORP_EXCHANGE_KEY_ID=state-corp-shared-token \ STATE_CORP_EXCHANGE_TIMEOUT_SECONDS=60 USER appuser FROM ${GOLDEN_WEB_IMAGE} AS celery-deps-base USER root # Playwright/Chromium runtime dependencies. # hadolint ignore=DL3008 RUN apt-get update \ && apt-get install -y --no-install-recommends \ libnss3 \ libnspr4 \ libatk1.0-0 \ libatk-bridge2.0-0 \ libcups2 \ libdrm2 \ libdbus-1-3 \ libxkbcommon0 \ libxcomposite1 \ libxdamage1 \ libxfixes3 \ libxrandr2 \ libgbm1 \ libasound2 \ libpango-1.0-0 \ libcairo2 \ libatspi2.0-0 \ && rm -rf /var/lib/apt/lists/* ENV PLAYWRIGHT_BROWSERS_PATH=/app/.playwright RUN python -m playwright install chromium \ && chown -R appuser:appgroup /app/.playwright USER appuser FROM ${GOLDEN_WEB_IMAGE} AS runtime-web WORKDIR /app USER root COPY src/ ./src/ COPY docker/scripts/ ./docker/scripts/ RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \ && chmod +x /app/docker/scripts/*.sh \ && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts USER appuser EXPOSE 8000 CMD ["/app/docker/scripts/start-web.sh"] FROM ${GOLDEN_CELERY_IMAGE} AS runtime-celery WORKDIR /app USER root COPY src/ ./src/ COPY docker/scripts/ ./docker/scripts/ RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \ && chmod +x /app/docker/scripts/*.sh \ && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts USER appuser CMD ["/app/docker/scripts/start-celery-worker.sh"]