forked from gchq/Bailo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.standalone
More file actions
129 lines (107 loc) · 5.25 KB
/
Dockerfile.standalone
File metadata and controls
129 lines (107 loc) · 5.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# syntax=docker/dockerfile:1
# For running a separate standalone instance of Bailo.
# This is useful when testing cross-instance functionality, such as searching
# for models in another instance.
# Usage
# Run your 1st instance of Bailo the usual way
# docker compose build --parallel
# docker compose up
# Access UI at localhost:8080
# Then run your 2nd instance using this file with
# docker build . -t second-bailo -f Dockerfile.standalone
# docker run --rm -p 4318:8080 --network dev_internal --name second-bailo second-bailo:latest
# Access UI at http://localhost:4318/
FROM python:3.14-bookworm AS sphinx-docs
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt \
rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache && \
apt-get update && \
apt-get install -y --no-install-recommends pandoc
WORKDIR /app/docs
COPY backend/docs .
RUN --mount=type=cache,target=/root/.cache/pip pip install --upgrade bailo -r requirements.txt
RUN make dirhtml
FROM node:24-alpine AS backend
RUN apk add --no-cache libc6-compat && \
apk update
WORKDIR /app
COPY backend/package*.json ./
RUN --mount=type=cache,target=/cache/npm npm ci --cache=/cache/npm
COPY backend .
RUN npm run build
FROM node:24-alpine AS frontend
ENV NEXT_TELEMETRY_DISABLED=1
RUN apk add --no-cache libc6-compat && \
apk update
WORKDIR /app
COPY frontend/package*.json ./
RUN --mount=type=cache,target=/cache/npm npm ci --cache=/cache/npm
COPY frontend .
RUN --mount=type=cache,target=/cache/npm npm install sharp@0.33.5 --cache=/cache/npm
RUN npm run build
FROM ubuntu:noble
ENV DEBIAN_FRONTEND=noninteractive
# Cache packages with run cache, update system packages, install packages
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt \
rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache && \
apt-get update && \
apt-get install -y --no-install-recommends git curl wget gnupg ca-certificates iproute2 nginx supervisor
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt \
curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \
apt-get update && \
apt-get install -y --no-install-recommends nodejs
#ENV MINIO_ROOT_USER=minioadmin
#ENV MINIO_ROOT_PASSWORD=minioadmin
VOLUME minio-data
RUN wget -q https://dl.min.io/server/minio/release/linux-amd64/minio && \
wget -q https://dl.min.io/client/mc/release/linux-amd64/mc && \
install -m755 minio /usr/local/bin/ && \
install -m755 mc /usr/local/bin/
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt \
wget -qO - https://pgp.mongodb.com/server-8.0.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-8.0.gpg && \
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.2 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-8.2.list && \
apt-get update && \
apt-get install -y --no-install-recommends mongodb-org && \
mkdir -m 777 -p /data/db
COPY infrastructure/standalone/nginx.conf /etc/nginx/nginx.conf
RUN wget -q https://github.com/distribution/distribution/releases/download/v3.0.0/registry_3.0.0_linux_amd64.tar.gz && \
tar -xvf registry_3.0.0_linux_amd64.tar.gz registry && \
install -m755 registry /usr/local/bin/
ENV REGISTRY_HTTP_TLS_CERTIFICATE=/app/backend/certs/cert.pem \
REGISTRY_HTTP_TLS_KEY=/app/backend/certs/key.pem \
REGISTRY_STORAGE_S3_ACCESSKEY=minioadmin \
REGISTRY_STORAGE_S3_SECRETKEY=minioadmin \
REGISTRY_AUTH=token \
REGISTRY_AUTH_TOKEN_REALM=http://localhost:3001/api/v1/registry_auth \
REGISTRY_AUTH_TOKEN_SERVICE=RegistryAuth \
REGISTRY_AUTH_TOKEN_ISSUER=RegistryIssuer \
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/app/backend/certs/cert.pem
COPY infrastructure/standalone/registry.conf /registry.conf
RUN wget -q https://github.com/tweedegolf/mailcrab/releases/download/v1.6.4/mailcrab-linux-x86-64-gnu-v1.6.4 && \
install -m755 mailcrab-linux-x86-64-gnu-v1.6.4 /usr/local/bin/mailcrab
# Backend
WORKDIR /app/backend
COPY backend/package*.json ./
COPY backend/certs/san.cnf ./
RUN --mount=type=cache,target=/cache/npm npm ci --omit=dev --cache=/cache/npm
RUN mkdir -p certs && openssl genrsa -out certs/key.pem 2048 && \
openssl req -new -x509 -key certs/key.pem -out certs/cert.pem -config ./san.cnf -extensions 'v3_req' -days 360
COPY --from=sphinx-docs /app/docs/python-docs python-docs
COPY --from=backend /app/config config
COPY --from=backend /app/dist .
COPY infrastructure/standalone/local.cjs config/local.cjs
ENV NODE_ENV=production
# Frontend
WORKDIR /app/frontend
COPY --from=frontend /app/next.config.mjs .
COPY --from=frontend /app/package.json .
COPY --from=frontend /app/.next/standalone ./
COPY --from=frontend /app/.next/static ./.next/static
COPY --from=frontend /app/public ./public
ENV NEXT_TELEMETRY_DISABLED=1 \
HOSTNAME=0.0.0.0
COPY infrastructure/standalone/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
WORKDIR /
EXPOSE 8080 9000 27017
ENTRYPOINT ["/usr/bin/supervisord"]