diff --git a/.dockerignore b/.dockerignore index f4b11987..c36a60b5 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,22 @@ +.dockerignore +.env .git .github +.gitignore +.isort.cfg +.readthedocs.yaml +.travis.yml +.venv +.vscode +assets +CHANGELOG.md +CONTRIBUTORS +docker-compose.* +Dockerfile +docs +LICENSE +Makefile +MANIFEST.in +README.md +SECURITY.md +tox.ini diff --git a/Dockerfile b/Dockerfile index fca70c20..f14ff055 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,12 @@ -FROM python:3.7-alpine +FROM python:3.10-alpine +ENV PORT="8000" \ + # Keeps Python from generating .pyc files in the container + PYTHONDONTWRITEBYTECODE=1 \ + # Turns off buffering for easier container logging + PYTHONUNBUFFERED=1 + +# ihatemoney configuration ENV DEBUG="False" \ ACTIVATE_ADMIN_DASHBOARD="False" \ ACTIVATE_DEMO_PROJECT="True" \ @@ -21,13 +28,30 @@ ENV DEBUG="False" \ ENABLE_CAPTCHA="False" \ LEGAL_LINK="False" -RUN mkdir -p /etc/ihatemoney &&\ - pip install --no-cache-dir gunicorn pymysql; - ADD . /src -RUN pip install --no-cache-dir -e /src +RUN echo "**** install build dependencies ****" &&\ + apk add --no-cache --virtual=build-dependencies \ + gcc \ + musl-dev \ + postgresql-dev &&\ + echo "**** install runtime packages ****" && \ + apk add --no-cache \ + shadow \ + postgresql-libs && \ + echo "**** create runtime folder ****" && \ + mkdir -p /etc/ihatemoney &&\ + echo "**** install pip packages ****" && \ + pip install --no-cache-dir \ + gunicorn && \ + pip install --no-cache-dir -e /src[database] && \ + echo "**** create user abc:abc ****" && \ + useradd -u 1000 -U -d /src abc && \ + echo "**** cleanup ****" && \ + apk del --purge build-dependencies &&\ + rm -rf \ + /tmp/* VOLUME /database -EXPOSE 8000 +EXPOSE ${PORT} ENTRYPOINT ["/src/conf/entrypoint.sh"] diff --git a/README.md b/README.md index de689b24..15452913 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![GitHub Actions Status](https://github.com/spiral-project/ihatemoney/actions/workflows/test-docs.yml/badge.svg)](https://github.com/spiral-project/ihatemoney/actions/workflows/test-docs.yml) [![Translation status from Weblate](https://hosted.weblate.org/widgets/i-hate-money/-/i-hate-money/svg-badge.svg)](https://hosted.weblate.org/engage/i-hate-money/?utm_source=widget) [![Donate](https://img.shields.io/liberapay/receives/IHateMoney.svg?logo=liberapay)](https://liberapay.com/IHateMoney/donate) -[![Docker image](https://img.shields.io/badge/-Docker%20image-black?logo=docker)](https://hub.docker.com/r/ihatemoney/ihatemoney/general) +[![Docker image](https://img.shields.io/badge/-Docker%20image-black?logo=docker)](https://hub.docker.com/r/ihatemoney/ihatemoney) *I hate money* is a web application made to ease shared budget management. It keeps track of who bought what, when, and for whom; and diff --git a/conf/entrypoint.sh b/conf/entrypoint.sh index be1e2806..4d48f86c 100755 --- a/conf/entrypoint.sh +++ b/conf/entrypoint.sh @@ -3,7 +3,7 @@ # Fail the whole script on the first failure. set -e -cat < /etc/ihatemoney/ihatemoney.cfg +cat </etc/ihatemoney/ihatemoney.cfg DEBUG = $DEBUG ACTIVATE_ADMIN_DASHBOARD = $ACTIVATE_ADMIN_DASHBOARD ACTIVATE_DEMO_PROJECT = $ACTIVATE_DEMO_PROJECT @@ -26,8 +26,24 @@ ENABLE_CAPTCHA = $ENABLE_CAPTCHA LEGAL_LINK = "$LEGAL_LINK" EOF +PUID=${PUID:-0} +PGID=${PGID:-0} + +echo " +User uid: $PUID +User gid: $PGID +" + # Start gunicorn without forking -exec gunicorn ihatemoney.wsgi:application \ - -b 0.0.0.0:8000 \ +cmd="exec gunicorn ihatemoney.wsgi:application \ + -b 0.0.0.0:$PORT \ --log-syslog \ - "$@" + $@" + +if [ "$PGID" -ne 0 -a "$PUID" -ne 0 ]; then + groupmod -o -g "$PGID" abc + usermod -o -u "$PUID" abc + cmd="su - abc -c '$cmd'" +fi + +eval "$cmd" diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 818c3b16..afb65ba4 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -4,10 +4,8 @@ version: "3.9" services: ihatemoney: build: . - ports: - - "8000:8000" sut: image: alpine - command: wget --spider ihatemoney:8000 + command: sh -c 'wget -qO- ihatemoney:8000/healthcheck | grep "OK"' depends_on: - ihatemoney diff --git a/docker-compose.yml b/docker-compose.yml index 0de37efc..2890847a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ version: "3.9" services: ihatemoney: - build: . + image: ihatemoney/ihatemoney:latest environment: - DEBUG=False - ACTIVATE_ADMIN_DASHBOARD=False @@ -26,5 +26,8 @@ services: - SQLALCHEMY_TRACK_MODIFICATIONS=False - ENABLE_CAPTCHA=False - LEGAL_LINK= + - PORT=8000 + - PUID=0 + - PGID=0 ports: - "8000:8000" diff --git a/ihatemoney/web.py b/ihatemoney/web.py index f09cb8ae..547d031e 100644 --- a/ihatemoney/web.py +++ b/ihatemoney/web.py @@ -155,6 +155,11 @@ def pull_project(endpoint, values): raise Redirect303(url_for(".authenticate", project_id=project_id)) +@main.route("/healthcheck", methods=["GET"]) +def health(): + return "OK" + + @main.route("/admin", methods=["GET", "POST"]) def admin(): """Admin authentication. diff --git a/setup.cfg b/setup.cfg index ef52832a..f14d141f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -45,6 +45,10 @@ install_requires = python-dateutil [options.extras_require] +database = + psycopg2-binary>=2.9,<3 + PyMySQL>=0.9,<1.1 + dev = black>=19.10b0 ; python_version >= '3.6' flake8>=3.7.9 @@ -53,8 +57,6 @@ dev = pytest>=6.2.5 tox>=3.14.6 zest.releaser>=6.20.1 - psycopg2-binary>=2.9,<3 - PyMySQL>=0.9,<1.1 doc = Sphinx==4.3.0 diff --git a/tox.ini b/tox.ini index f7817ef3..5fbb9b30 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,7 @@ commands = py.test --pyargs ihatemoney.tests deps = - -e.[dev] + -e.[database,dev] # To be sure we are importing ihatemoney pkg from pip-installed version changedir = /tmp