github.com/pypiserver
1
0
Fork 1
mirror of https://github.com/pypiserver/pypiserver synced 2024-11-09 16:45:51 +01:00
Code Releases Wiki Activity
50941e5087
pypiserver/Dockerfile

86 lines
2.7 KiB
Docker
Raw Normal View History

Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
FROM python:3.8-alpine3.12 as base
Use python 3.6 for the Dockerfile (#284) * Use python 3.6 for the Dockerfile * Dockerfile: use explicit Alpine version * Empty commit to trigger a new CI build
2019-12-24 06:36:32 +01:00
# Copy the requirements & code and install them
# Do this in a separate image in a separate directory
# to not have all the build stuff in the final image
Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
FROM base AS builder_gosu
ENV GOSU_VERSION 1.12
RUN apk add --no-cache --virtual .build-deps \
ca-certificates \
dpkg \
gnupg \
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
&& wget -O /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch} \
&& wget -O /usr/local/bin/gosu.asc https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc \
# verify the signature
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& command -v gpgconf && gpgconf --kill all || true \
&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
# check installation
&& gosu --version \
&& gosu nobody true \
&& apk del --no-cache \
.build-deps \
&& rm -rf /var/cache/apk/* \
&& rm -rf /tmp/*
FROM base AS builder_dependencies
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
WORKDIR /code
Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
COPY docker/docker-requirements.txt .
# Install requirements
Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
RUN apk add --no-cache --virtual .build-deps \
build-base \
libffi-dev \
&& mkdir /install \
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
&& python -m pip install \
--no-warn-script-location \
--prefix=/install \
--requirement docker-requirements.txt
# Install pypiserver
# - do this separately from deps so that when developing, every change does not
# require reinstalling deps
COPY pypiserver pypiserver
COPY setup.cfg .
COPY setup.py .
Feature/markdown conversion (#503) * feat: markdown conversion logo and badges * feat: markdown conversion fix logo path * feat: markdown table changes * feat: markdown table alignment * feat: markdown check toc * feat: markdown toc additions * feat: markdown quickstart section * feat: dependabot more details section in quick start * feat: dependabot correct bold * feat: markdown client side config, pip * feat: markdown typo in title * feat: markdown typo in configuring pip * feat: markdown apache like authentication section an initial cut to view the markdown in github * feat: markdown typo in markdown link * feat: markdown remove trailing colon * feat: markdown typo in shell markdown * feat: markdown standardize on 4 space indent in shell code block * feat: markdown complete markdown for section up to alternate installation methods * feat: markdown add more of the contents to test with * feat: markdown contents * feat: markdown contents * feat: markdown contents * feat: markdown dquote> dquote> recipes * feat: markdown dquote> dquote> recipes * feat: markdown dquote> dquote> up to licensing * feat: markdown dquote> dquote> contents * Update README.md Missing exclamation mark * Update README.md missing link * Update README.md remove duplicated text * Update README.md bold differences it Table of contents * Update README.md additional bold changes in table of contents * Update README.md broken link * Update README.md typo in link fix * Update README.md change code block to text as shell highlighting was showing some items in red * Update README.md code block shell to text * Update README.md correct pypi-server update section * feat: markdown dquote> dquote> link back to TOC title * Update README.md change link to TOC title * Update README.md link test * Update README.md link update * Update README.md link update * Update README.md link update * feat: markdown links * Update README.md change the level of indent for uploading packages remotely * Update README.md add link to python-pam * feat: markdown apache link to TOC not working. * Update README.md grammar * Update README.md typo bold * feat: markdown undo bolded text in TOC and titles as linking does not work * feat: markdown remove bold from TOC * feat: feature more link issues * feat: markdown fixing broken links * feat: markdown change text slightly as markdown only links to plain text * feat: markdown typo * feat: markdown more link typos * Update README.md typo in link * Update README.md link will not work with braces in the titles * feat: markdown run mdformat and apply changes, :) lint! * feat: markdown - check via mdformat - remove old check script - update test-requirements.txt * feat: markdown correct the errors in the mdformat run command * feat: markdown for testing remove all the actual jobs * feat: markdown re-run mdformat * feat: markdown put the jobs back in after testing the mdformat cmd for passing and failing via workflow dispatch * feat: markdown remove references to README.md * feat: markdown change action to workflow dispatch for testing * feat: markdown - update docker igore - alter unit test to look for version number after md changes * feat: markdown black linting * feat: markdown update comments * feat: markdown update bumpver to look at md rather than rst file * feat: markdown replace workflow dispatch with pull request to get ready for the final PR * feat: markdown-delete-original delete the original rst file * feat: markdown-delete-original change ci to workflow dispatch for testing * feat: markdown-delete-original revert workflow dispatch * feat: markdown-badge-links set the links back to the original URLs. * feat: markdown-badge-links fix brackets * feat: markdown update the version and date * feat: markdown conversion markdown changes to conform to mdformat tooling.
2023-08-15 11:16:30 +02:00
COPY README.md .
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
RUN python -m pip install --no-warn-script-location --prefix=/install .
Use python 3.6 for the Dockerfile (#284) * Use python 3.6 for the Dockerfile * Dockerfile: use explicit Alpine version * Empty commit to trigger a new CI build
2019-12-24 06:36:32 +01:00
FROM base
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
WORKDIR /data
Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
# Copy the libraries installed via pip
COPY --from=builder_dependencies /install /usr/local
COPY --from=builder_gosu /usr/local/bin/gosu /usr/local/bin/gosu
Docker improvements (#365) * Docker improvements This addresses much of what was brought up in #359. Specifically, it: - Significantly improves testing for the Docker image, adding a `docker/test_docker.py` file using the regular pytest machinery to set up and run docker images for testing - Hopefully addresses a variety of permissions issues, by being explicit about what access pypiserver needs and asking for it, only erroring if that access is not available - Requires RX permissions on `/data` (R to read files, X to list files and to be able to cd into the directory. This is important since `/data` is the `WORKDIR`) - Requires RWX permissions on `/data/packages`, so that we can list packages, write packages, and read packages. - When running in the default configuration (as root on Linux or as the pypiserver-named rootish user on Mac), with no volumes mounted, these requirements are all satisfied - Volume mounts still must be readable by the pypiserver user (UID 9898) in order for the container to run. However, we now error early if this is not the case, and direct users to a useful issue. - If the container is run as a non-root, non-pypiserver user (e.g. because someone ran `docker run --user=<user_id>`, we try to run pypiserver as that user). Provided that user has access to the necessary directories, it should run fine. - Fixes issues with running help and similar commands - Updates the Docker image to use `PYPISERVER_PORT` for port specification, while still falling back to `PORT` for backwards compatibility - Moves some docker-related things into a `/docker` directory - Adds a `Makefile` for building a test fixture package sdist and wheel, so that test code can call `make mypkg` and not need to worry about it potentially building multiple times The only issue #359 raises that's not addressed here is the one of running pypiserver in the Docker container using some non-default server for performance. I would like to do some benchmarking before deciding on what to do there.
2021-02-06 18:28:15 +01:00
COPY docker/entrypoint.sh /entrypoint.sh
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
COPY docker/gunicorn.conf.py /data
Adds Dockerfile with a compose example.
2015-10-26 23:58:03 +01:00
FIX: only chown /data/packages in entrypoint @stephen-dexda pointed out in #341 that our update in #330 changed the `chown` operation to apply to the entire `/data` directory, rather than just `/data/packages`. For anyone who was previously relying on a workflow like mounting a read-only secrets directory into `/data` to host authentication information, this broke their workflow. This fix sets `entrypoint.sh` to only `chown` `/data/packages`, which should ensure that the permissions issues resolved by #330 (e.g. #309) remain fixed, while also fixing the issue in #341.
2020-10-06 03:13:16 +02:00
# Use a consistent user and group ID so that linux users
# can create a corresponding system user and set permissions
# if desired.
fix docker entrypoint script, improve docker build speed/caching (#344) Co-authored-by: Pelle Koster <pelle.koster@nginfra.nl>
2020-10-10 15:12:06 +02:00
RUN apk add bash \
&& rm -rf /var/cache/apk/* \
&& rm -rf /tmp/* \
&& addgroup -S -g 9898 pypiserver \
&& adduser -S -u 9898 -G pypiserver pypiserver --home /data\
Made the image smaller Fixed bcrypt Added requirements.txt
2019-01-30 09:20:58 +01:00
&& mkdir -p /data/packages \
Docker improvements (#365) * Docker improvements This addresses much of what was brought up in #359. Specifically, it: - Significantly improves testing for the Docker image, adding a `docker/test_docker.py` file using the regular pytest machinery to set up and run docker images for testing - Hopefully addresses a variety of permissions issues, by being explicit about what access pypiserver needs and asking for it, only erroring if that access is not available - Requires RX permissions on `/data` (R to read files, X to list files and to be able to cd into the directory. This is important since `/data` is the `WORKDIR`) - Requires RWX permissions on `/data/packages`, so that we can list packages, write packages, and read packages. - When running in the default configuration (as root on Linux or as the pypiserver-named rootish user on Mac), with no volumes mounted, these requirements are all satisfied - Volume mounts still must be readable by the pypiserver user (UID 9898) in order for the container to run. However, we now error early if this is not the case, and direct users to a useful issue. - If the container is run as a non-root, non-pypiserver user (e.g. because someone ran `docker run --user=<user_id>`, we try to run pypiserver as that user). Provided that user has access to the necessary directories, it should run fine. - Fixes issues with running help and similar commands - Updates the Docker image to use `PYPISERVER_PORT` for port specification, while still falling back to `PORT` for backwards compatibility - Moves some docker-related things into a `/docker` directory - Adds a `Makefile` for building a test fixture package sdist and wheel, so that test code can call `make mypkg` and not need to worry about it potentially building multiple times The only issue #359 raises that's not addressed here is the one of running pypiserver in the Docker container using some non-default server for performance. I would like to do some benchmarking before deciding on what to do there.
2021-02-06 18:28:15 +01:00
&& chmod +x /entrypoint.sh
Made the image smaller Fixed bcrypt Added requirements.txt
2019-01-30 09:20:58 +01:00
Use python 3.6 for the Dockerfile (#284) * Use python 3.6 for the Dockerfile * Dockerfile: use explicit Alpine version * Empty commit to trigger a new CI build
2019-12-24 06:36:32 +01:00
VOLUME /data/packages
Docker improvements (#365) * Docker improvements This addresses much of what was brought up in #359. Specifically, it: - Significantly improves testing for the Docker image, adding a `docker/test_docker.py` file using the regular pytest machinery to set up and run docker images for testing - Hopefully addresses a variety of permissions issues, by being explicit about what access pypiserver needs and asking for it, only erroring if that access is not available - Requires RX permissions on `/data` (R to read files, X to list files and to be able to cd into the directory. This is important since `/data` is the `WORKDIR`) - Requires RWX permissions on `/data/packages`, so that we can list packages, write packages, and read packages. - When running in the default configuration (as root on Linux or as the pypiserver-named rootish user on Mac), with no volumes mounted, these requirements are all satisfied - Volume mounts still must be readable by the pypiserver user (UID 9898) in order for the container to run. However, we now error early if this is not the case, and direct users to a useful issue. - If the container is run as a non-root, non-pypiserver user (e.g. because someone ran `docker run --user=<user_id>`, we try to run pypiserver as that user). Provided that user has access to the necessary directories, it should run fine. - Fixes issues with running help and similar commands - Updates the Docker image to use `PYPISERVER_PORT` for port specification, while still falling back to `PORT` for backwards compatibility - Moves some docker-related things into a `/docker` directory - Adds a `Makefile` for building a test fixture package sdist and wheel, so that test code can call `make mypkg` and not need to worry about it potentially building multiple times The only issue #359 raises that's not addressed here is the one of running pypiserver in the Docker container using some non-default server for performance. I would like to do some benchmarking before deciding on what to do there.
2021-02-06 18:28:15 +01:00
ENV PYPISERVER_PORT=8080
# PORT is deprecated. Please use PYPISERVER_PORT instead
ENV PORT=$PYPISERVER_PORT
Gunicorn/gevent docker, log fixes, cache busting (#371) Updates the Docker configuration to use the gunicorn server with gevent workers by default. Adds `waitress` to the docker container, so that if no server is specified, we will fall back to that rather than `wsgiref`. Making this happen brought a few other issues to light, which are also addressed here. - Docker log output not immediately being flushed to stdout (#358): resolved by setting the `PYTHONUNBUFFERED` env var to `t` in the docker container - When the WSGIRef server is selected, its access logs are written directly to stderr, rather than going through the logging machinery: resolved by adding a new `WsgiHandler` class and passing in to bottle's `run()` method when running the wsgi server. This required a new `ServerCheck` class to determine whether the wsgi server is selected when the `auto` option is used - When using `gunicorn` along with the watchdog cache, package uplaods were not being picked up by the watcher. Updated the `add_package` and `remove_package` methods on the `CachingFileBackend` to bust the cache
2021-02-08 00:04:06 +01:00
# Flush logs immediately to stdout
ENV PYTHONUNBUFFERED=t
Docker improvements (#365) * Docker improvements This addresses much of what was brought up in #359. Specifically, it: - Significantly improves testing for the Docker image, adding a `docker/test_docker.py` file using the regular pytest machinery to set up and run docker images for testing - Hopefully addresses a variety of permissions issues, by being explicit about what access pypiserver needs and asking for it, only erroring if that access is not available - Requires RX permissions on `/data` (R to read files, X to list files and to be able to cd into the directory. This is important since `/data` is the `WORKDIR`) - Requires RWX permissions on `/data/packages`, so that we can list packages, write packages, and read packages. - When running in the default configuration (as root on Linux or as the pypiserver-named rootish user on Mac), with no volumes mounted, these requirements are all satisfied - Volume mounts still must be readable by the pypiserver user (UID 9898) in order for the container to run. However, we now error early if this is not the case, and direct users to a useful issue. - If the container is run as a non-root, non-pypiserver user (e.g. because someone ran `docker run --user=<user_id>`, we try to run pypiserver as that user). Provided that user has access to the necessary directories, it should run fine. - Fixes issues with running help and similar commands - Updates the Docker image to use `PYPISERVER_PORT` for port specification, while still falling back to `PORT` for backwards compatibility - Moves some docker-related things into a `/docker` directory - Adds a `Makefile` for building a test fixture package sdist and wheel, so that test code can call `make mypkg` and not need to worry about it potentially building multiple times The only issue #359 raises that's not addressed here is the one of running pypiserver in the Docker container using some non-default server for performance. I would like to do some benchmarking before deciding on what to do there.
2021-02-06 18:28:15 +01:00
EXPOSE $PYPISERVER_PORT
Update Dockerfile. Update docker base images. (#330) Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
2020-10-04 00:00:47 +02:00
ENTRYPOINT ["/entrypoint.sh"]
Copy Permalink