73 lines
2.4 KiB
Docker
73 lines
2.4 KiB
Docker
# build stage — fetches and builds Honcho from source
|
|
FROM python:3.13-slim-bookworm AS honcho-builder
|
|
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends git && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv
|
|
|
|
ARG HONCHO_REPO=https://github.com/plastic-labs/honcho
|
|
ARG HONCHO_REF=main
|
|
RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app
|
|
|
|
WORKDIR /app
|
|
|
|
ENV UV_COMPILE_BYTECODE=1
|
|
ENV UV_LINK_MODE=copy
|
|
ENV UV_PYTHON=/usr/local/bin/python3.13
|
|
|
|
RUN uv sync --frozen
|
|
|
|
# build stage — builds OpenConcho SPA
|
|
FROM node:22-bookworm AS openconcho-builder
|
|
|
|
ENV PNPM_HOME=/pnpm
|
|
ENV PATH=$PNPM_HOME:$PATH
|
|
RUN corepack enable && corepack prepare pnpm@latest --activate
|
|
|
|
WORKDIR /app
|
|
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
|
|
|
|
ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665
|
|
RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \
|
|
git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \
|
|
git -C /app checkout ${OPENCONCHO_SHA}
|
|
|
|
RUN pnpm install --frozen-lockfile
|
|
RUN pnpm --filter @openconcho/web build
|
|
|
|
# runtime stage — nginx + Honcho FastAPI
|
|
FROM python:3.13-slim-bookworm
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends nginx && \
|
|
rm -rf /var/log/nginx/* && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Honcho
|
|
COPY --from=honcho-builder /app /app
|
|
WORKDIR /app
|
|
ENV PATH="/app/.venv/bin:$PATH"
|
|
ENV HOME=/app
|
|
COPY config.toml /app/config.toml
|
|
|
|
# OpenConcho SPA
|
|
COPY --from=openconcho-builder /app/packages/web/dist /usr/share/nginx/html
|
|
|
|
# nginx config (proxies /v3/, /v2/ to Honcho on localhost:8000)
|
|
COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf
|
|
RUN rm -f /etc/nginx/sites-enabled/default
|
|
|
|
RUN groupadd --system app && \
|
|
useradd --system --gid app --create-home app && \
|
|
chown -R app:app /app /usr/share/nginx/html && \
|
|
# nginx runtime dirs need to exist for non-root master? Actually master is root, just ensure /var/lib/nginx exists
|
|
mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \
|
|
chown -R root:root /var/lib/nginx && \
|
|
chmod 755 /var/lib/nginx
|
|
|
|
EXPOSE 80
|
|
|
|
# nginx runs as root (needed for port 80 + runtime dirs), Honcho runs as app user
|
|
CMD ["sh", "-c", "nginx && exec su -s /bin/sh app -c 'fastapi run --host 127.0.0.1 --port 8000 src/main.py'"]
|