-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
99 lines (83 loc) · 4.4 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# syntax=docker/dockerfile:1.2
#################################################
#
# We need base python dependencies on both the builder and python images, so
# create base image with those installed to save installing them twice.
#
# hadolint ignore=DL3006
FROM ghcr.io/opensafely-core/base-action:22.04 as base
# Add deadsnakes PPA for installing new Python versions
# ensure fully working base python3.11 installation
# see: https://gist.github.com/tiran/2dec9e03c6f901814f6d1e8dad09528e
# use space efficient utility from base image
RUN --mount=type=cache,target=/var/cache/apt \
echo "deb https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu jammy main" > /etc/apt/sources.list.d/deadsnakes-ppa.list &&\
/usr/lib/apt/apt-helper download-file 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xf23c5a6cf475977595c89f51ba6932366a755776' /etc/apt/trusted.gpg.d/deadsnakes.asc
# stata needs libpng16, install python dependencies, and imagemagick
# edit imagemagick policy to allow eps conversion, which is disabled by default
COPY packages.txt /root/packages.txt
RUN --mount=type=cache,target=/var/cache/apt \
/root/docker-apt-install.sh /root/packages.txt &&\
sed -i -z 's#<!-- disable ghostscript.*</policymap>#</policymap>#g' /etc/ImageMagick-6/policy.xml
# set PYTHONUSERBASE for installing user packages
ENV PYTHONUSERBASE=/usr/local
##################################################
#
# Build image
#
# Ok, now we have local base image with python and our system dependencies on.
# We'll use this as the base for our builder image, where we'll build and
# install any python packages needed.
#
# We use a separate, disposable build image to avoid carrying the build
# dependencies into the production image.
FROM base as builder
# Install any system build dependencies
COPY build-dependencies.txt /tmp/build-dependencies.txt
RUN --mount=type=cache,target=/var/cache/apt \
/root/docker-apt-install.sh /tmp/build-dependencies.txt
# Install python packages
# The cache mount means a) /root/.cache is not in the image, and b) it's preserved
# between docker builds locally, for faster dev rebuild.
COPY python-requirements.txt /tmp/python-requirements.txt
# DL3042: using cache mount instead
# DL3013: we always want latest pip/setuptools/wheel, at least for now
# Install with the --user option so we can copy dependencies in the final image
#
# Note that we can't use a venv here because stata gets itself confused
# Using a venv runs into the same error seen here with embedded python in swift
# https://discuss.python.org/t/fatal-python-error-init-fs-encoding-failed-to-get-the-python-codec-of-the-filesystem-encoding/3173/11
# hadolint ignore=DL3042,DL3013
RUN --mount=type=cache,target=/root/.cache \
python3.11 -m pip install -U --user pip setuptools wheel && \
python3.11 -m pip install --user --require-hashes --requirement /tmp/python-requirements.txt
##################################################
FROM base as stata-prod
# copy site-packages files over from builder image to get the installed python dependencies.
# These will have root:root ownership, but are readable by all.
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
# Some static metadata for this specific image, as defined by:
# https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys
# The org.opensafely.action label is used by the jobrunner to indicate this is
# an approved action image to run.
LABEL org.opencontainers.image.title="stata-mp" \
org.opencontainers.image.description="Stata action for opensafely.org" \
org.opencontainers.image.source="https://github.com/opensafely-core/stata-docker" \
org.opensafely.action="stata-mp"
ENV STATA_SITE=/usr/local/ado
RUN mkdir -p /usr/local/stata /workspace $STATA_SITE && \
chmod 777 $STATA_SITE && \
ln -s /tmp/stata.lic /usr/local/stata/stata.lic
WORKDIR /workspace
COPY bin/ /usr/local/stata
COPY stata-wrapper.sh /usr/local/bin/stata
COPY stata-wrapper.sh /usr/local/bin/stata-mp
COPY libraries/* $STATA_SITE/
COPY python_scripts/ /python_scripts
COPY script-wrapper.sh /usr/local/bin/script-wrapper.sh
ENV ACTION_EXEC="/usr/local/bin/script-wrapper.sh"
ENV INTERACTIVE_EXEC="/usr/local/bin/stata"
# tag with build info as the very last step, as it will never be cached
ARG BUILD_DATE
ARG VERSION
LABEL org.opencontainers.image.created=$BUILD_DATE org.opencontainers.image.revision=$VERSION