-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathDockerfile
More file actions
80 lines (60 loc) · 2.99 KB
/
Copy pathDockerfile
File metadata and controls
80 lines (60 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Dockerfile for running dlt pipelines
# Dockerfile is based heavily on the example uv dockerfile:
# https://github.com/astral-sh/uv-docker-example
# Use a Python image with uv pre-installed
FROM ghcr.io/astral-sh/uv:python3.13-trixie-slim
ARG QSV_VERSION="20.1.0"
ARG XML_FILE_SPLITTER_VERSION="v0.1.2"
# Set environment variable to noninteractive to prevent prompts during apt operations
ENV DEBIAN_FRONTEND=noninteractive
# add tini and git
RUN apt-get update -y && apt-get install -y --no-install-recommends tini git ca-certificates wget unzip && rm -rf /var/lib/apt/lists/*
WORKDIR /tmp
# download and install the xml_file_splitter and qsv binaries, and copy them to /usr/local/bin
RUN wget https://github.com/ialarmedalien/xml_file_splitter/releases/download/${XML_FILE_SPLITTER_VERSION}/xml_file_splitter-aarch64-unknown-linux-gnu.tar.gz && \
tar -xvf xml_file_splitter-aarch64-unknown-linux-gnu.tar.gz && \
mv xml_file_splitter-aarch64-unknown-linux-gnu/xml_file_splitter /usr/local/bin/ && \
# qsv release -- only need the `qsv` binary from it
wget https://github.com/dathere/qsv/releases/download/${QSV_VERSION}/qsv-${QSV_VERSION}-aarch64-unknown-linux-gnu.zip && \
unzip qsv-${QSV_VERSION}-aarch64-unknown-linux-gnu.zip -d /tmp/qsv && \
mv /tmp/qsv/qsv /usr/local/bin/ && \
rm -rf /tmp/*
# Setup a non-root user
RUN groupadd --system --gid 999 nonroot \
&& useradd --system --gid 999 --uid 999 --create-home nonroot
# Enable bytecode compilation
ENV UV_COMPILE_BYTECODE=1
# Copy from the cache instead of linking since it's a mounted volume
ENV UV_LINK_MODE=copy
# Omit development dependencies
# ENV UV_NO_DEV=1
ENV UV_NO_SYNC=1
# Ensure installed tools can be executed out of the box
ENV UV_TOOL_BIN_DIR=/usr/local/bin
# Install the project into `/app`
WORKDIR /app
# Install the project's dependencies using the lockfile and settings
RUN --mount=type=cache,target=/root/.cache/uv \
--mount=type=bind,source=uv.lock,target=uv.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
uv sync --locked --no-install-project --no-editable
# Then, add the rest of the project source code and install it
# Installing separately from its dependencies allows optimal layer caching
COPY --chown=nonroot:nonroot .dlt /app/.dlt
COPY --chown=nonroot:nonroot docs /app/docs
COPY --chown=nonroot:nonroot scripts /app/scripts
COPY --chown=nonroot:nonroot src /app/src
COPY --chown=nonroot:nonroot tests /app/tests
COPY --chown=nonroot:nonroot README.md /app/README.md
COPY --chown=nonroot:nonroot pyproject.toml /app/pyproject.toml
COPY --chown=nonroot:nonroot uv.lock /app/uv.lock
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --locked --no-editable
# Place executables in the environment at the front of the path
ENV PATH="/app/.venv/bin:$PATH"
RUN chmod +x ./scripts/entrypoint.sh
# make sure that the nonroot user owns the app directory
RUN chown nonroot:nonroot /app
# Use the non-root user to run our application
USER nonroot
ENTRYPOINT ["./scripts/entrypoint.sh"]