diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7daf44a..d74a725 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,6 +14,7 @@ jobs: tag: - 3.11-basic - 3.11-docworker + - 3.11-docworker-lambda env: PUBLIC_IMAGE_PREFIX: 'datastewardshipwizard' diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index ca7edea..388968f 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -23,6 +23,7 @@ jobs: tag: - 3.11-basic - 3.11-docworker + - 3.11-docworker-lambda env: IMAGE_BASE_NAME: 'localhost:5000/test/python-base' diff --git a/3.11-basic/Dockerfile b/3.11-basic/Dockerfile index 7f75bcd..e5ac18b 100644 --- a/3.11-basic/Dockerfile +++ b/3.11-basic/Dockerfile @@ -2,7 +2,6 @@ FROM alpine:3.19.1 ARG TARGETARCH -# Python COPY ./scripts/alpine/clean /bin/clean ENV PIP_NO_COMPILE=1 \ diff --git a/3.11-docworker-lambda/Dockerfile b/3.11-docworker-lambda/Dockerfile new file mode 100644 index 0000000..9e00214 --- /dev/null +++ b/3.11-docworker-lambda/Dockerfile @@ -0,0 +1,42 @@ +FROM public.ecr.aws/lambda/python:3.11 as python-lambda + +FROM public.ecr.aws/lambda/provided:al2023 + +ARG TARGETARCH + +COPY --from=python-lambda /var/runtime /var/runtime + +# Enviroment variables (Pandoc, PIP, OpenSSL) +ENV XDG_DATA_HOME=/ \ + LUA_PATH="/pandoc/filters/?.lua;/usr/share/lua/common/?.lua;;" \ + PIP_NO_COMPILE=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + PIP_CACHE_DIR=/pip-cache \ + PIPENV_VENV_IN_PROJECT=1 \ + TEMP=/tmp \ + SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + +# RPM Packages + Update fonts + Setup user + Cleanup +# https://docs.aws.amazon.com/linux/al2023/release-notes/all-packages-AL2023.3.html +RUN mkdir "$PIP_CACHE_DIR" && chmod a+rwx "$PIP_CACHE_DIR" \ + && dnf install -y \ + python3.11 python3.11-devel python3.11-wheel python3.11-setuptools python3.11-pip \ + libpq-devel libffi-devel openssl openssl-devel gettext ca-certificates \ + pango cairo cairo-gobject gettext gdk-pixbuf2 zopfli \ + xz xz-lzma-compat tar gzip zip unzip lua lua-devel \ + fontconfig freetype google-droid-fonts-all google-noto-emoji-color-fonts google-noto-emoji-fonts \ + cabextract xorg-x11-font-utils \ + && rpm -i https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm \ + && fc-cache -f \ + && ln -s /usr/bin/python3.11 /usr/bin/python \ + && ln -s /usr/bin/pip3.11 /usr/bin/pip \ + && pip install awslambdaric boto3 s3transfer \ + && dnf clean all \ + && rm -rf $PIP_CACHE_DIR/* + +# Pandoc +RUN curl -L -o /tmp/pandoc.tar.gz -O "https://github.com/jgm/pandoc/releases/download/3.1.13/pandoc-3.1.13-linux-${TARGETARCH}.tar.gz" \ + && tar xvzf /tmp/pandoc.tar.gz -C /tmp \ + && mv /tmp/pandoc*/bin/pandoc /usr/local/bin/pandoc \ + && rm -rf /tmp/* \ + && mkdir -p /pandoc/templates /pandoc/filters/pandocker diff --git a/3.11-docworker/Dockerfile b/3.11-docworker/Dockerfile index 2ddd5f9..c4088ff 100644 --- a/3.11-docworker/Dockerfile +++ b/3.11-docworker/Dockerfile @@ -4,6 +4,7 @@ ARG TARGETARCH COPY ./scripts/alpine/clean /bin/clean +# Enviroment variables (Pandoc, PIP, OpenSSL) ENV PIP_NO_COMPILE=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 \ PIP_CACHE_DIR=/pip-cache \ @@ -12,32 +13,32 @@ ENV PIP_NO_COMPILE=1 \ ENV=/etc/profile \ CLEAN="/var/cache/apk/:/tmp/" \ RAWEXEC="monit crond supervise sshd" \ - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \ + XDG_DATA_HOME=/ \ + LUA_PATH="/pandoc/filters/?.lua;/usr/share/lua/common/?.lua;;" +# Alpine Packages + Update fonts + Setup user + Cleanup RUN chmod +x /bin/clean \ - && mkdir "$PIP_CACHE_DIR" && chmod a+rwx "$PIP_CACHE_DIR" \ - && apk add -u python3 python3-dev py3-wheel py3-setuptools py3-pip libpq-dev libffi-dev openssl-dev gettext \ - && apk add -u cairo cairo-gobject pango gdk-pixbuf py3-lxml py3-pillow msttcorefonts-installer fontconfig zopfli \ - && apk add -u lua lua-dev lua-penlight zip \ - && apk add -u openssl ca-certificates \ - && apk add -u dbus fontconfig freetype ttf-dejavu ttf-droid ttf-freefont ttf-liberation font-noto-emoji \ - && dbus-uuidgen > /var/lib/dbus/machine-id && apk del dbus \ - && rm -rf /var/cache/apk/* /tmp/* \ - && wget -O /bin/wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.3/wait-for && chmod a+x /bin/wait-for \ - && update-ms-fonts \ - && fc-cache -f \ - && addgroup -g 10001 user \ - && adduser -u 10000 -S -s /bin/sh -G user user \ - && echo "user:password" | chpasswd 2>/dev/null \ - && clean + && mkdir "$PIP_CACHE_DIR" && chmod a+rwx "$PIP_CACHE_DIR" \ + && apk add -u \ + python3 python3-dev py3-wheel py3-setuptools py3-pip \ + libpq-dev libffi-dev openssl openssl-dev gettext ca-certificates \ + pango cairo cairo-gobject gdk-pixbuf dbus zopfli \ + xz tar gzip zip unzip lua lua-dev \ + fontconfig freetype msttcorefonts-installer font-droid font-noto-emoji \ + && dbus-uuidgen > /var/lib/dbus/machine-id && apk del dbus \ + && update-ms-fonts \ + && fc-cache -f \ + && addgroup -g 10001 user \ + && adduser -u 10000 -S -s /bin/sh -G user user \ + && echo "user:password" | chpasswd 2>/dev/null \ + && rm -rf /var/cache/apk/* /tmp/* $PIP_CACHE_DIR/* \ + && clean # Pandoc -ENV XDG_DATA_HOME=/ \ - LUA_PATH="/pandoc/filters/?.lua;/usr/share/lua/common/?.lua;;" - -RUN wget -O /tmp/pandoc.tar.gz "https://github.com/jgm/pandoc/releases/download/3.1.9/pandoc-3.1.9-linux-${TARGETARCH}.tar.gz" \ - && tar -xvzf /tmp/pandoc.tar.gz -C /tmp && mv /tmp/pandoc*/bin/pandoc /usr/local/bin/pandoc \ - && mkdir -p /pandoc/templates \ - && mkdir -p /pandoc/filters/pandocker \ - && chown -R user:user /pandoc \ - && clean +RUN wget -O /tmp/pandoc.tar.gz "https://github.com/jgm/pandoc/releases/download/3.1.13/pandoc-3.1.13-linux-${TARGETARCH}.tar.gz" \ + && tar -xvzf /tmp/pandoc.tar.gz -C /tmp && mv /tmp/pandoc*/bin/pandoc /usr/local/bin/pandoc \ + && rm -rf /tmp/* \ + && mkdir -p /pandoc/templates /pandoc/filters/pandocker \ + && chown -R user:user /pandoc \ + && clean