-
-
Notifications
You must be signed in to change notification settings - Fork 107
/
Dockerfile
112 lines (93 loc) · 4.25 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
FROM weblate/dev:2024.45.6 AS build
ARG TARGETARCH
ENV WEBLATE_VERSION=5.8.3
ENV WEBLATE_EXTRAS=all,MySQL,zxcvbn
SHELL ["/bin/bash", "-o", "pipefail", "-x", "-c"]
COPY --link requirements.txt /app/src/
# Install dependencies
# hadolint ignore=DL3008,DL3013,SC2046,DL3003
RUN --mount=type=cache,target=/.uv-cache \
export UV_CACHE_DIR=/.uv-cache UV_LINK_MODE=copy \
&& uv venv /app/venv \
&& . /app/venv/bin/activate \
&& case "$WEBLATE_VERSION" in \
*+* ) \
uv pip install \
--compile-bytecode \
-r /app/src/requirements.txt \
"https://github.com/translate/translate/archive/master.zip" \
"https://github.com/WeblateOrg/language-data/archive/main.zip" \
"https://github.com/WeblateOrg/weblate/archive/$WEBLATE_DOCKER_GIT_REVISION.zip#egg=Weblate[$WEBLATE_EXTRAS]" \
;; \
* ) \
uv pip install \
--compile-bytecode \
-r /app/src/requirements.txt \
"Weblate[$WEBLATE_EXTRAS]==$WEBLATE_VERSION" \
;; \
esac \
&& uv cache prune --ci
RUN /app/venv/bin/python -c 'from phply.phpparse import make_parser; make_parser()'
RUN ln -s /app/venv/share/weblate/examples/ /app/
FROM weblate/base:2024.45.6 AS final
ENV WEBLATE_VERSION=5.8.3
LABEL name="Weblate"
LABEL version=$WEBLATE_VERSION
LABEL maintainer="Michal Čihař <[email protected]>"
LABEL org.opencontainers.image.url="https://weblate.org/"
LABEL org.opencontainers.image.documentation="https://docs.weblate.org/en/latest/admin/install/docker.html"
LABEL org.opencontainers.image.source="https://github.com/WeblateOrg/docker"
LABEL org.opencontainers.image.version=$WEBLATE_VERSION
LABEL org.opencontainers.image.author="Michal Čihař <[email protected]>"
LABEL org.opencontainers.image.vendor="Weblate"
LABEL org.opencontainers.image.title="Weblate"
LABEL org.opencontainers.image.description="A web-based continuous localization system with tight version control integration"
LABEL org.opencontainers.image.licenses="GPL-3.0-or-later"
# Increased start period for migrations run
HEALTHCHECK --interval=30s --timeout=3s --start-period=5m CMD /app/bin/health_check
# Use Docker specific settings
ENV DJANGO_SETTINGS_MODULE=weblate.settings_docker
# Copy built environment
COPY --from=build /app /app
# Configuration for Weblate, nginx and supervisor
COPY --link etc /etc/
# Fix permissions and adjust files to be able to edit them as user on start
# - localtime is needed for setting system timezone based on environment
# - timezone is removed to avoid dpkg handling localtime updates
# - we generate nginx configuration based on environment
# - autorize passwd edition so we can fix weblate uid on startup
# - log, run and home directories
# - disable su for non root to avoid privilege escapation by chaging /etc/passwd
RUN rm -f /etc/localtime /etc/timezone \
&& ln -s /tmp/localtime /etc/localtime \
&& cp /usr/share/zoneinfo/Etc/UTC /tmp/localtime \
&& mkdir /tmp/nginx \
&& chgrp -R 0 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home/weblate /tmp/localtime /tmp/nginx /etc/supervisor/conf.d \
&& chmod -R 770 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home /home/weblate /tmp/localtime /tmp/nginx /etc/supervisor/conf.d \
&& rm -f /etc/nginx/sites-available/default \
&& ln -s /tmp/nginx/weblate-site.conf /etc/nginx/sites-available/default \
&& rm -f /var/log/nginx/access.log /var/log/nginx/error.log \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& chmod 664 /etc/passwd /etc/group \
&& sed -i '/pam_rootok.so/a auth requisite pam_deny.so' /etc/pam.d/su
# Customize Python:
# - Search path for custom modules
RUN \
echo "/app/data/python" > "/app/venv/lib/python${PYVERSION}/site-packages/weblate-docker.pth" && \
mkdir -p /app/data/python/customize && \
touch /app/data/python/customize/__init__.py && \
touch /app/data/python/customize/models.py && \
chown -R weblate:weblate /app/data/python
# Entrypoint
COPY --link --chmod=0755 start health_check /app/bin/
EXPOSE 8080
VOLUME /app/data
VOLUME /app/cache
VOLUME /tmp
VOLUME /run
# Numerical value is needed for OpenShift S2I, see
# https://docs.openshift.com/container-platform/latest/openshift_images/create-images.html
USER 1000
ENTRYPOINT ["/app/bin/start"]
CMD ["runserver"]