fix: adjust docker configuration to be compatible with images generated by github actions, fix health checks with respect to app base directory, create additional docker compose configs for development

Author: Pascal Debus

.dockerignore

@@ -1,6 +1,19 @@
 .git
 .gitignore
+.github
 __pycache__
 *.pyc
 .env
-*.log
+*.log
+.vscode
+.idea
+*.md
+README.md
+docker-compose.yml
+*.png
+*.jpg
+*.jpeg
+node_modules
+.pytest_cache
+.coverage
+htmlcov

.github/workflows/docker-publish.yml

@@ -1,4 +1,3 @@
-
 name: Build and publish Docker image to GHCR
 
 on:
@@ -10,7 +9,6 @@ on:
       - 'docker-compose.yml'
       - 'nginx.conf'
       - 'requirements.txt'
-      - 'requirements_docker.txt'
   release:
     types: [published]
 
@@ -44,6 +42,10 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Build and push Docker image
         id: push

Dockerfile

@@ -2,36 +2,42 @@ FROM pytorch/pytorch:2.7.0-cuda11.8-cudnn9-runtime
 
 LABEL maintainer="Pascal Debus" \
       description="QML Playground" \
-      version="1.0"
+      version="1.0" \
+      org.opencontainers.image.source="https://github.com/fraunhofer-aisec/qml-playground"
 
 # Set working directory inside the container
 WORKDIR /app
 
-# Install curl and dependencies
+# Install curl and dependencies in one layer
 RUN apt-get update && \
-    apt-get install -y curl && \
+    apt-get install -y --no-install-recommends curl && \
+    apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Copy requirements and install (skip torch)
+# Copy requirements first for better layer caching
 COPY requirements.txt /app/requirements.txt
-RUN pip install --no-cache-dir $(grep -v "torch" /app/requirements.txt)
 
-# Copy the app code from ./app in host into /app in container
+# Install Python dependencies (skip torch as it's in base image)
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir $(grep -v "torch" /app/requirements.txt)
+
+# Copy the app code
 COPY app/ /app/
 
 # Create and use non-root user
 RUN groupadd -r appuser && \
-    useradd -r -g appuser appuser && \
+    useradd -r -g appuser -d /app -s /sbin/nologin appuser && \
     chown -R appuser:appuser /app
+
 USER appuser
 
-# Healthcheck
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD curl --fail http://localhost:8050/ || exit 1
+# Healthcheck - Updated to use the correct path
+HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
+    CMD curl --fail http://localhost:8050/qml-playground/ || exit 1
 
 ENV PYTHONPATH="${PYTHONPATH}:/app"
 
 EXPOSE 8050
 
 # Start the Dash app using gunicorn
-CMD ["gunicorn", "app:server", "--bind", "0.0.0.0:8050"]
+CMD ["gunicorn", "app:server", "--bind", "0.0.0.0:8050", "--workers", "1", "--timeout", "120"]

app/app.py

@@ -2,4 +2,8 @@
 from logic import qml_app
 
 logging.basicConfig(encoding='utf-8', level=logging.INFO)
-qml_app.run(host="0.0.0.0")
+
+server = qml_app.server
+
+if __name__ == '__main__':
+    qml_app.run(host="0.0.0.0")

docker-compose.build-test.yml

@@ -0,0 +1,45 @@
+version: '3.8'
+
+services:
+  dash-app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: qml-playground:local-test
+    container_name: dash_app_build_test
+    restart: unless-stopped
+    expose:
+      - "8050"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8050/qml-playground/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    environment:
+      - PYTHONUNBUFFERED=1
+    networks:
+      - dash-build-test-network
+
+  nginx:
+    image: nginx:alpine
+    container_name: dash_nginx_build_test
+    restart: unless-stopped
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      dash-app:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "nginx", "-t"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - dash-build-test-network
+
+networks:
+  dash-build-test-network:
+    driver: bridge

docker-compose.yml

@@ -2,16 +2,17 @@ version: '3.8'
 
 services:
   dash-app:
-    build: .
+    image: ghcr.io/fraunhofer-aisec/qml-playground:latest
     container_name: dash_app
     restart: unless-stopped
     expose:
       - "8050"
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8050/"]
+      test: ["CMD", "curl", "-f", "http://localhost:8050/qml-playground/"]
       interval: 30s
       timeout: 10s
       retries: 3
+      start_period: 40s
     environment:
       - PYTHONUNBUFFERED=1
     networks:

docker_compose.dev.yml

@@ -0,0 +1,8 @@
+version: '3.8'
+services:
+  dash-app:
+    build: .
+    volumes:
+      - ./app:/app
+    environment:
+      - DEBUG=1

nginx.conf

@@ -12,8 +12,14 @@ server {
     proxy_buffers 16 16k;
     proxy_buffer_size 16k;
 
-    location / {
-        proxy_pass http://dash-app:8050;
+    # Root redirect to qml-playground
+    location = / {
+        return 301 /qml-playground/;
+    }
+
+    # Main app location
+    location /qml-playground/ {
+        proxy_pass http://dash-app:8050/qml-playground/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -30,11 +36,16 @@ server {
         proxy_read_timeout 60s;
     }
 
-    #location /assets/ {
-    #    add_header Access-Control-Allow-Origin "*";
-    #    proxy_pass http://dash-app:8050/assets/;
-    #    proxy_set_header Host $host;
-    #}
+    # Handle static assets
+    location /qml-playground/_dash-component-suites/ {
+        proxy_pass http://dash-app:8050/qml-playground/_dash-component-suites/;
+        proxy_set_header Host $host;
+    }
+
+    location /qml-playground/assets/ {
+        proxy_pass http://dash-app:8050/qml-playground/assets/;
+        proxy_set_header Host $host;
+    }
 
     # Gzip compression
     gzip on;