Merge pull request #177 from ropable/master

Switch to Alpine Dockerfile, bump dependencies

.github/dependabot.yml

@@ -4,9 +4,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    target-branch: "master"
   - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
     directory: "/"
     schedule:
       interval: "weekly"
+    target-branch: "master"

.github/workflows/run-tests.yml

@@ -33,7 +33,7 @@ jobs:
         uses: actions/setup-python@v5
         id: setup-python
         with:
-          python-version: '3.11'
+          python-version: '3.12'
       #----------------------------------------------
       # Install & configure Poetry
       #----------------------------------------------

Dockerfile

@@ -1,36 +1,41 @@
 # syntax=docker/dockerfile:1
 # Prepare the base environment.
-FROM python:3.11.9-slim AS builder_base_ibms
+FROM python:3.12.6-alpine AS builder_base_ibms
 LABEL [email protected]
 LABEL org.opencontainers.image.source=https://github.com/dbca-wa/ibms
 
-RUN apt-get update -y \
-  && apt-get upgrade -y \
-  && apt-get install -y python3-dev libpq-dev gcc \
-  && rm -rf /var/lib/apt/lists/* \
-  && pip install --root-user-action=ignore --upgrade pip
+# Install system requirements to build Python packages.
+RUN apk add --no-cache \
+  gcc \
+  libressl-dev \
+  musl-dev \
+  libffi-dev
+# Create a non-root user to run the application.
+ARG UID=10001
+ARG GID=10001
+RUN addgroup -g ${GID} appuser \
+  && adduser -H -D -u ${UID} -G appuser appuser
 
 # Install Python libs using Poetry.
 FROM builder_base_ibms AS python_libs_ibms
 WORKDIR /app
-ARG POETRY_VERSION=1.8.3
-RUN pip install --root-user-action=ignore poetry=="${POETRY_VERSION}"
 COPY poetry.lock pyproject.toml ./
-RUN poetry config virtualenvs.create false \
+ARG POETRY_VERSION=1.8.3
+RUN pip install --no-cache-dir --root-user-action=ignore poetry==${POETRY_VERSION} \
+  && poetry config virtualenvs.create false \
   && poetry install --no-interaction --no-ansi --only main
-
-# Create a non-root user.
-ARG UID=10001
-ARG GID=10001
-RUN groupadd -g "${GID}" appuser \
-  && useradd --no-create-home --no-log-init --uid "${UID}" --gid "${GID}" appuser
+# Remove system libraries, no longer required.
+RUN apk del \
+  gcc \
+  libressl-dev \
+  musl-dev \
+  libffi-dev
 
 # Install the project.
-FROM python_libs_ibms
+FROM python_libs_ibms AS project_ibms
 COPY manage.py gunicorn.py ./
 COPY ibms_project ./ibms_project
 RUN python manage.py collectstatic --noinput
-
 USER ${UID}
 EXPOSE 8080
 CMD ["gunicorn", "ibms_project.wsgi", "--config", "gunicorn.py"]

Dockerfile.debian

@@ -0,0 +1,36 @@
+# syntax=docker/dockerfile:1
+# Prepare the base environment.
+FROM python:3.12.4-slim AS builder_base_ibms
+LABEL [email protected]
+LABEL org.opencontainers.image.source=https://github.com/dbca-wa/ibms
+
+RUN apt-get update -y \
+  && apt-get upgrade -y \
+  && apt-get install -y python3-dev libpq-dev gcc \
+  && rm -rf /var/lib/apt/lists/* \
+  && pip install --root-user-action=ignore --upgrade pip
+
+# Install Python libs using Poetry.
+FROM builder_base_ibms AS python_libs_ibms
+WORKDIR /app
+ARG POETRY_VERSION=1.8.3
+RUN pip install --no-cache-dir --root-user-action=ignore poetry==${POETRY_VERSION}
+COPY poetry.lock pyproject.toml ./
+RUN poetry config virtualenvs.create false \
+  && poetry install --no-interaction --no-ansi --only main
+
+# Create a non-root user.
+ARG UID=10001
+ARG GID=10001
+RUN groupadd -g ${GID} appuser \
+  && useradd --no-create-home --no-log-init --uid ${UID} --gid ${GID} appuser
+
+# Install the project.
+FROM python_libs_ibms
+COPY manage.py gunicorn.py ./
+COPY ibms_project ./ibms_project
+RUN python manage.py collectstatic --noinput
+
+USER ${UID}
+EXPOSE 8080
+CMD ["gunicorn", "ibms_project.wsgi", "--config", "gunicorn.py"]

kustomize/overlays/prod/kustomization.yaml

@@ -20,4 +20,4 @@ patches:
   - path: service_patch.yaml
 images:
   - name: ghcr.io/dbca-wa/ibms
-    newTag: 2.8.9
+    newTag: 2.8.10