1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
ARG PYTHONVERSION=3.13
ARG DEBIANVERSION=trixie
# Builder
# *******
FROM ghcr.io/astral-sh/uv:python$PYTHONVERSION-$DEBIANVERSION-slim AS builder
# install git for setuptools scm
RUN apt-get update -y && \
apt-get install \
git \
make \
cargo \
cmake \
g++ \
-y --no-install-recommends && \
rm -rf /var/lib/apt/lists/*
WORKDIR /build
ENV UV_PROJECT_ENVIRONMENT=/venv
ENV PATH="/venv/bin:$PATH"
RUN uv venv $UV_PROJECT_ENVIRONMENT
COPY pyproject.toml uv.lock README.md .
ARG SLIDGE_USE_LOCKFILE=
RUN [ -z "$SLIDGE_USE_LOCKFILE" ] && rm uv.lock || true
# Install dependencies in /venv. Version is unused at this point.
RUN SETUPTOOLS_SCM_PRETEND_VERSION_FOR_matridge=0 \
uv sync --no-dev --no-install-project
ARG SLIDGE_PRERELEASE
RUN [ ! -z "$SLIDGE_PRERELEASE" ] && uv pip install slidge --upgrade --prerelease allow || true
COPY matridge matridge
# Need .git/ to be mounted for setuptools-scm to determine the version.
RUN --mount=source=.git,target=/build/.git,type=bind \
uv pip install -e .
# CI container
# ************
FROM builder AS ci
# We won't use this venv in CI, but this populates the uv cache in the container,
# minimizing (or even nulling) downloads.
RUN --mount=source=.git,target=/build/.git,type=bind \
uv sync --all-groups --no-install-project
ENV UV_PROJECT_ENVIRONMENT="/woodpecker/src/codeberg.org/slidge/matridge/.venv"
ENV UV_LINK_MODE=copy
ENV PATH="$UV_PROJECT_ENVIRONMENT/bin:$PATH"
# Dev container
# *************
FROM builder AS dev
# copy "localhost" certs from the prosody slidge dev container, so
COPY --from=codeberg.org/slidge/prosody-slidge-dev:latest \
/etc/prosody/certs/localhost.crt \
/usr/local/share/ca-certificates/
RUN update-ca-certificates
RUN apt-get update -y \
&& apt-get install -y --no-install-recommends \
libmagic1 \
media-types \
shared-mime-info \
&& rm -rf /var/lib/apt/lists/*
RUN uv pip install watchdog[watchmedo]
COPY --from=ci /venv /venv
ENTRYPOINT ["watchmedo", "auto-restart", \
"--pattern", "*.py", \
"--directory", "/build/matridge", \
"--recursive", \
"matridge", "--", \
"--jid", "slidge.localhost", \
"--secret", "secret", \
"--debug", \
"--upload-service", "upload.localhost", \
"--admins", "test@localhost", \
"--dev-mode"]
# Prod container
# **************
FROM docker.io/python:$PYTHONVERSION-slim-$DEBIANVERSION AS matridge
ARG PYTHONVERSION
ENV PYTHONUNBUFFERED=1
ENV PATH="/venv/bin:$PATH"
STOPSIGNAL SIGINT
WORKDIR /var/lib/slidge
# libmagic1: to guess mime type from files
# media-types: to determine file name suffix based on file type
RUN apt-get update -y \
&& apt-get install -y --no-install-recommends \
libmagic1 \
media-types \
shared-mime-info \
&& rm -rf /var/lib/apt/lists/*
RUN addgroup --system --gid 10000 slidge
RUN adduser --system --uid 10000 --ingroup slidge --home /var/lib/slidge slidge
USER slidge
COPY --from=builder /venv /venv
COPY --from=builder /build/matridge /venv/lib/python$PYTHONVERSION/site-packages/matridge
ENTRYPOINT ["matridge"]
|
