-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile.signinproxy-example
35 lines (30 loc) · 1.33 KB
/
Dockerfile.signinproxy-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Multi-stage build for signinproxy
# docker build . -f Dockerfile.signinproxy-example
# Go build image
FROM golang:1.21.2-bookworm AS go_builder
COPY . /go/src/github.com/evanj/googlesignin
WORKDIR /go/src/github.com/evanj/googlesignin
RUN go build -o /go/bin/signinproxy -v ./signinproxy
# Download pip: Debian's default Python 3 does not include pip
# This ensures we use a recent version
FROM golang:1.21.2-bookworm AS pip_downloader
RUN curl --location https://github.com/pypa/pip/archive/23.2.1.tar.gz | tar -xvzf - --directory=/
# Download Python dependencies
# We save about ~13 MiB in image size by NOT creating a virtualenv
FROM gcr.io/distroless/python3-debian12:latest AS py_dependencies
COPY --from=pip_downloader /pip-23.2.1 /pip
COPY signinproxy/example/requirements.txt /
ENV PYTHONPATH=/pip/src
RUN ["python3", "-m", "pip", "install", "-r", "/requirements.txt", "--target=/app"]
# Runtime image
FROM gcr.io/distroless/python3-debian12:latest
COPY --from=go_builder /go/bin/signinproxy /
COPY --from=py_dependencies /app /app
COPY signinproxy/example/*.py /app
WORKDIR /app
# --preload: Slightly more efficient if it needs to restart workers, which happens at times
ENTRYPOINT ["/signinproxy", "python3", "-m", "gunicorn.app.wsgiapp", \
"example:app", "--preload", "--workers=1", "--threads=8"]
ENV PORT=8080
EXPOSE 8080
USER nobody