From 8e3fc28fc562376f1b16871748805214708a116c Mon Sep 17 00:00:00 2001 From: Sweetbread Date: Wed, 4 Feb 2026 15:51:14 +0300 Subject: [PATCH] Update docker image --- .gitea/workflows/docker-build.yml | 7 +++++ Dockerfile | 45 ++++++++++++++++++++++--------- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/.gitea/workflows/docker-build.yml b/.gitea/workflows/docker-build.yml index d80d497..cb665d2 100644 --- a/.gitea/workflows/docker-build.yml +++ b/.gitea/workflows/docker-build.yml @@ -11,6 +11,12 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: 'Docker Tags' + id: tags + uses: cssnr/docker-tags-action@v2 + with: + images: 'g.lair.moe/${{ vars.DOCKER_USERNAME }}/lair.moe' + - name: Login to Docker Registry uses: docker/login-action@v2 with: @@ -27,5 +33,6 @@ jobs: context: . push: ${{ github.event_name == 'push' }} tags: g.lair.moe/${{ vars.DOCKER_USERNAME }}/lair.moe:latest + labels: ${{ steps.tags.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 583d00b..3456e50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,46 @@ -FROM node:18-alpine as sass +FROM node:18-alpine AS sass-builder -RUN NODE_OPTIONS=--dns-result-order=ipv4first npm install -g sass +RUN NODE_OPTIONS=--dns-result-order=ipv4first npm install -g sass@latest --omit=dev --no-fund --no-audit WORKDIR /build COPY ./blueprints ./blueprints + RUN sass ./blueprints:./blueprints \ --no-source-map \ - --style=compressed - + --style=compressed \ + --quiet FROM python:3.11-slim +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + libmagic1 \ + && rm -rf /var/lib/apt/lists/* + WORKDIR /app -COPY . . -COPY --from=sass /build/blueprints/ ./blueprints/ - -RUN apt update && apt upgrade -RUN apt install libmagic1 -y +COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt -ENV FLASK_ENV=production -ENV PYTHONUNBUFFERED=1 +COPY . . -CMD ["gunicorn", "app:app", "-b", "0.0.0.0:80", "--workers", "4"] +COPY --from=sass-builder /build/blueprints/ ./blueprints/ + +RUN useradd -m -u 1001 appuser && \ + chown -R appuser:appuser /app + +USER appuser + +ENV FLASK_ENV=production \ + PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 + +CMD ["gunicorn", "app:app", \ + "-b", "0.0.0.0:80", \ + "--workers", "4", \ + "--worker-class", "sync", \ + "--worker-tmp-dir", "/dev/shm", \ + "--access-logfile", "-", \ + "--error-logfile", "-", \ + "--log-level", "info"]