[PMSH] Docker multi stage build
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I8935d7d1b4b3ff28f5b2fe183e9553d1ee8828ad
Issue-ID: DCAEGEN2-2292
diff --git a/components/pm-subscription-handler/Dockerfile b/components/pm-subscription-handler/Dockerfile
index a30c348..f154544 100644
--- a/components/pm-subscription-handler/Dockerfile
+++ b/components/pm-subscription-handler/Dockerfile
@@ -17,40 +17,51 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=====================================================
-FROM python:3.8.2-alpine3.11
+FROM python:3.8.2-alpine3.11 as build
MAINTAINER lego@est.tech
+RUN set -eux; \
+ apk add \
+ build-base \
+ python3-dev \
+ postgresql-dev
+
+COPY setup.py ./
+COPY requirements.txt ./
+RUN pip install --prefix /opt -r requirements.txt --no-cache-dir
+
+# Second stage
+FROM python:3.8.2-alpine3.11
+
+COPY --from=build /opt /opt
+
ARG user=onap
ARG group=onap
-WORKDIR /app
-
# set PATH & PYTHONPATH vars
-ENV PATH=/usr/local/lib/python3.8/bin:$PATH:./bin \
- PYTHONPATH=/usr/local/lib/python3.8/site-packages:./mod:./:$PYTHONPATH:./bin \
- REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
+ENV APPDIR="/opt/app/pmsh" \
+ LD_LIBRARY_PATH=/opt/lib:/opt/lib64 \
+ PYTHONPATH=${APPDIR}/mod:/opt/lib/python3.8/site-packages \
+ PATH=$PATH:${APPDIR}/bin \
LOGS_PATH="/var/log/ONAP/dcaegen2/services/pmsh" \
- LOGGER_CONFIG=/opt/app/pmsh/log_config.yaml
+ LOGGER_CONFIG="/opt/app/pmsh/log_config.yaml"
- # add non root user & group
-RUN addgroup --system $user && adduser --ingroup $user --system $user && \
- # create and chown the LOGS_PATH
- apk add build-base libffi-dev postgresql-dev && \
- mkdir -p $LOGS_PATH && \
- chown -R $user:$group $LOGS_PATH
+WORKDIR $APPDIR
+RUN mkdir -p $APPDIR
-COPY setup.py ./
-COPY requirements.txt ./
-COPY ./pmsh_service ./bin/
-COPY log_config.yaml /opt/app/pmsh/
+RUN set -eux; \
+ apk add --no-cache postgresql-libs nano
- # run the pip install
-RUN pip install --upgrade pip && \
- pip install -r requirements.txt && \
- pip install -e . && \
- # change own & perms on entrypoint
- chown -R $user:$group . && \
- chmod 500 ./bin/*.py
+COPY ./pmsh_service ./bin
+COPY log_config.yaml ./
-# run the app
-ENTRYPOINT ["python", "./bin/pmsh_service_main.py"]
\ No newline at end of file
+# Create a group and user
+RUN addgroup -S $group && adduser -S -D -h /home/$user $user $group && \
+ mkdir -p ${LOGS_PATH} && \
+ chown -R $user:$group ${LOGS_PATH} && \
+ chown -R $user:$group ${APPDIR}
+
+# Tell docker that all future commands should be run as the onap user
+USER $user
+
+ENTRYPOINT ["python", "/opt/app/pmsh/bin/pmsh_service_main.py"]
\ No newline at end of file