feat: docker file for app and static

added static images creation
and docker-compose example

Author: Kl0ven

.dockerignore

@@ -24,3 +24,16 @@ sonar-project.properties
 
 # Ignore current.py file to allow symbolic link creation during docker build
 orange/settings/current.py
+
+assets/
+.venv/
+.env
+.github/
+.pre-commit-config.yaml
+.pytest_cache/
+Dockerfile
+LICENSE
+__pycache__/
+dict/
+docker/
+commitlint.config.js

.github/workflows/semver_build_publish.yml

@@ -49,20 +49,26 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-      - name: Build
+      - name: Build app
         run: docker build . -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ needs.semver.outputs.version }}
+      - name: Build Static
+        run: docker build . --target static -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}-static:${{ needs.semver.outputs.version }}
       - name: Tag using channel
         run: |
           CHANNEL=${{ needs.semver.outputs.new_release_channel }}
           docker build . -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${CHANNEL:-'latest'}
+          docker build . --target static -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}-static:${CHANNEL:-'latest'}
       - name: Login to Docker Hub
         run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
       - name: Push image
-        run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ needs.semver.outputs.version }}
+        run: |
+          docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ needs.semver.outputs.version }}
+          docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}-static:${{ needs.semver.outputs.version }}
       - name: Push image on channel tag
         run: |
           CHANNEL=${{ needs.semver.outputs.new_release_channel }}
           docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${CHANNEL:-'latest'}
+          docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}-static:${CHANNEL:-'latest'}
 
       - name: Docker Hub Description
         uses: peter-evans/dockerhub-description@v3

.gitignore

@@ -57,3 +57,5 @@ celerybeat-schedule*
 # idea
 tmp/*
 .idea/*
+
+assets/*

Dockerfile

@@ -1,43 +1,54 @@
 # base image
-FROM python:3.10.8-slim as python-base
+FROM python:3.10.8-alpine as python-base
 
-ENV PYTHONUNBUFFERED=1 \
+ENV PYTHONFAULTHANDLER=1 \
+    PYTHONHASHSEED=random \
+    PYTHONUNBUFFERED=1 \
     PYTHONDONTWRITEBYTECODE=1 \
-    PIP_NO_CACHE_DIR=off \
-    PIP_DISABLE_PIP_VERSION_CHECK=on \
-    PIP_DEFAULT_TIMEOUT=100 \
-    POETRY_HOME="/opt/poetry" \
-    POETRY_VIRTUALENVS_IN_PROJECT=true \
-    POETRY_NO_INTERACTION=1 \
-    APP_PATH="/app" \
-    VENV_PATH="/app/.venv"
-
-# prepend poetry and venv to path
-ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
-
+    VENV_PATH="/app/venv" \
+    APP_PATH="/app"
+# prepend venv to path
+ENV PATH="$VENV_PATH/bin:$PATH"
 WORKDIR $APP_PATH
 
 
 # Build
 FROM python-base as builder-base
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+
+ENV PIP_DEFAULT_TIMEOUT=100 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PIP_NO_CACHE_DIR=1
 
 # get poetry
-# hadolint ignore=DL3008
-RUN apt-get update \
-    && apt-get --no-install-recommends install -y curl \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* \
+RUN apk update \
+    && apk add --update --no-cache curl==7.87.0-r1 \
     && curl -sSL https://install.python-poetry.org | python -
 
-ENV PATH="${PATH}:/root/.poetry/bin"
+RUN python -m venv "$VENV_PATH"
+
+ENV PATH="${PATH}:/root/.local/bin"
 
 
 COPY pyproject.toml poetry.lock ./
 
-# install deps
-RUN poetry install --only main --no-root
+RUN poetry export -f requirements.txt | "$VENV_PATH/bin/pip" install -r /dev/stdin
+
+COPY . .
+
+RUN poetry build && "$VENV_PATH/bin/pip" install dist/*.whl \
+    && rm -rf dist/
+
+
+# Static base
+FROM builder-base as static-base
+
+RUN python manage.py collectstatic
+
+# Static
+FROM nginx:mainline-alpine as static
+COPY --from=static-base /app/assets /usr/share/nginx/html
 
 # Prod
 FROM python-base as production

controller/settings.py

@@ -28,6 +28,10 @@
 TESTING = sys.argv[1:2] == ["test"] or os.getenv("TESTING")
 ALLOWED_HOSTS = ["*"]
 
+STATIC_URL = os.getenv("STATIC_URL", "/assets/static/")
+MEDIA_URL = os.getenv("MEDIA_URL", "/assets/media/")
+STATIC_ROOT = os.path.join(BASE_DIR, "assets/static")
+MEDIA_ROOT = os.path.join(BASE_DIR, "assets/media")
 
 # Application definition
 
@@ -151,12 +155,6 @@
 
 USE_TZ = True
 
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/4.1/howto/static-files/
-
-STATIC_URL = "static/"
-
 # Default primary key field type
 # https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field
 

docker/docker-compose.example.yaml

@@ -0,0 +1,61 @@
+version: "3"
+
+services:
+  postgres:
+    image: postgres:latest
+    environment:
+      - POSTGRES_DB=sentry
+      - POSTGRES_USER=sentry
+      - POSTGRES_PASSWORD=sentry
+    ports:
+      - 5432:5432
+    volumes:
+      - "controllerdata:/var/lib/postgresql/data"
+
+  redis:
+    image: 'bitnami/redis:latest'
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+    ports:
+      - 6379:6379
+
+  static:
+    image: spklabs/sentry-dynamic-sampling-controller-static:latest
+    ports:
+      - 8081:80
+  app:
+    image: spklabs/sentry-dynamic-sampling-controller:latest
+    depends_on:
+      - postgres
+      - redis
+      - static
+    ports:
+      - 8080:8000
+    environment:
+      - ENV=debug
+      - SECRET_KEY="very_secret"
+      - POSTGRES_DB=sentry
+      - POSTGRES_USER=sentry
+      - POSTGRES_PASSWORD=sentry
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - APP_CACHE_TIMEOUT=600
+      - CACHE_REDIS_URL=redis://redis:6379
+      - CACHE_TIMEOUT=120
+      - DEFAULT_SAMPLE_RATE=0.1
+      - DEFAULT_WSGI_IGNORE_PATHS="/health,/healthz,/health/,/healthz/"
+      - MAX_BUMP_TIME_SEC=6000
+      # oidc
+      - OIDC_RP_CLIENT_ID=$OIDC_RP_CLIENT_ID
+      - OIDC_RP_CLIENT_SECRET=$OIDC_RP_CLIENT_SECRET
+      - OIDC_OP_AUTHORIZATION_ENDPOINT=$OIDC_OP_AUTHORIZATION_ENDPOINT
+      - OIDC_OP_TOKEN_ENDPOINT=$OIDC_OP_TOKEN_ENDPOINT
+      - OIDC_OP_USER_ENDPOINT=$OIDC_OP_USER_ENDPOINT
+      - LOGIN_REDIRECT_URL=$LOGIN_REDIRECT_URL
+      - LOGOUT_REDIRECT_URL=$LOGOUT_REDIRECT_URL
+      - OIDC_OP_JWKS_ENDPOINT=$OIDC_OP_JWKS_ENDPOINT
+      - OIDC_RP_SIGN_ALGO=RS256
+      - STATIC_URL=http://localhost:8081/static
+
+volumes:
+  controllerdata: