changed dockerfile distrib to alpine

fed1337 · fed1337 · commit 70b7a34a1d51 · 2025-12-14T14:22:09.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,75 +1,60 @@
-FROM python:3.10-slim-bookworm AS builder
+FROM python:3.10-alpine3.22 AS builder
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+COPY --from=ghcr.io/astral-sh/uv:0.9 /uv /uvx /bin/
 
-# Install build dependencies
-RUN apt update && apt upgrade -y && apt install -y --no-install-recommends \
+RUN apk add --update --no-cache --virtual build-dependencies \
     curl \
+    bash \
     git \
-    build-essential \
-    libldap2-dev \
-    libsasl2-dev && \
-    rm -rf /var/lib/apt/lists/*
-
-# Install nodejs 18 with npm
-RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
-    apt update && \
-    apt install -y --no-install-recommends nodejs && \
-    rm -rf /var/lib/apt/lists/*
-
-# Download the latest uv installer
-ADD https://astral.sh/uv/install.sh /uv-installer.sh
-
-# Run the installer then remove it
-RUN sh /uv-installer.sh && rm /uv-installer.sh
+    tar \
+    musl-dev \
+    gcc \
+    openssl-dev \
+    libffi-dev \
+    cyrus-sasl-dev \
+    openldap-dev \
+    npm
 
 # Ensure the installed uv binary is on the `PATH`
 ENV PATH="/root/.local/bin/:$PATH"
 
-# Copy dependency files & set workdir
 WORKDIR /opt/lemur
 COPY . .
 
-# Install Python dependencies with uv
-RUN uv sync --frozen
+RUN uv sync --frozen --compile-bytecode
+
+RUN curl -sSL https://github.com/caddyserver/caddy/releases/download/v2.10.2/caddy_2.10.2_linux_amd64.tar.gz | tar xz -C /usr/bin
 
 RUN npm install \
     && npm run build_static \
     && node_modules/.bin/gulp package --urlContextPath="" \
-    && rm -rf node_modules bower_components .tmp
+    && rm -rf node_modules bower_components .tmp \
+    && apk del build-dependencies
 
 
-FROM python:3.10-slim-bookworm AS runtime
+FROM python:3.10-alpine3.22 AS runtime
 
-ENV PATH="/opt/lemur/.venv/bin:${PATH}" \
-    PYTHONUNBUFFERED=1 \
-    PYTHONDONTWRITEBYTECODE=1
+ENV uid=1337
+ENV gid=1337
+ENV user=lemur
+ENV group=lemur
 
-RUN apt update && apt upgrade -y && apt install -y --no-install-recommends \
-    debian-keyring debian-archive-keyring apt-transport-https curl libldap-2.5-0 make gnupg && \
-    rm -rf /var/lib/apt/lists/*
+ENV PATH="/opt/lemur/.venv/bin:${PATH}" \
+    PYTHONUNBUFFERED=1
 
-RUN curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg && \
-    curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt | tee /etc/apt/sources.list.d/caddy-stable.list && \
-    chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg && \
-    chmod o+r /etc/apt/sources.list.d/caddy-stable.list && \
-    apt update && apt install caddy && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --update --no-cache curl libldap bash openssl
 
-# Create lemur user
-RUN useradd --create-home --shell /bin/bash lemur
+RUN addgroup -S ${group} -g ${gid} && \
+    adduser -D -S ${user} -G ${group} -u ${uid} && \
+    apk add --no-cache --update curl
 
-# Copy built project
-COPY --from=builder --chown=lemur:lemur /opt/lemur /opt/lemur
+COPY --from=builder --chown=${uid}:${gid} /opt/lemur /opt/lemur
+COPY --from=builder --chown=${uid}:${gid} /usr/bin/caddy /usr/bin/caddy
 
-# Ensure entrypoint is executable
 RUN chmod +x /opt/lemur/docker/entrypoint.sh
 
-# Switch to the user
 USER lemur
 
-# Expose port
 EXPOSE 80
 
-# Default command
 ENTRYPOINT ["/opt/lemur/docker/entrypoint.sh"]
diff --git a/compose.yml b/compose.yml
@@ -6,7 +6,7 @@ services:
       POSTGRES_USER: lemur
       POSTGRES_PASSWORD: lemur
       POSTGRES_HOST: postgres
-    network_mode: host
+#    network_mode: host
     ports:
       - "5432:5432"
     volumes:
@@ -41,8 +41,11 @@ services:
       LOG_FILE: "/opt/lemur/lemur.log"
       SQLALCHEMY_DATABASE_URI: "postgresql://lemur:lemur@postgres:5432/lemur"
       LEMUR_CONF: "/opt/lemur/lemur.conf.py"
-      LEMUR_INIT: "1"
-      LEMUR_PASSWORD: "lemur"
+#      LEMUR_INIT: "1"
+#      LEMUR_PASSWORD: "lemur"
+    volumes:
+      - ./lemur.conf.py:/opt/lemur/lemur.conf.py
+      - ./lemur.log:/opt/lemur/lemur.log
     ports:
       - "80:80"
     healthcheck:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -1,25 +1,25 @@
 #!/usr/bin/env bash
 set -e
 
+source /opt/lemur/.venv/bin/activate
+
 echo "[supervisor] Starting Lemur container..."
 
-cd /opt/lemur
+cd /opt/lemur/lemur
 
 if [[ "$LEMUR_INIT" == "1" ]]; then
     echo "[supervisor] Running Lemur Bootstrap"
-    .venv/bin/lemur db init
-    .venv/bin/lemur db migrate
-    .venv/bin/lemur init -p "$LEMUR_PASSWORD"
+    lemur init -p "$LEMUR_PASSWORD"
+else
+  echo "[supervisor] Running database migrations..."
+  lemur db upgrade || {
+      echo "[db] Migration failed; refusing to start app."
+      exit 1
+  }
 fi
 
-echo "[supervisor] Running database migrations..."
-.venv/bin/lemur db upgrade || {
-    echo "[db] Migration failed; refusing to start app."
-    exit 1
-}
-
 echo "[supervisor] Starting Lemur server..."
-.venv/bin/lemur start -w 4 -b 0.0.0.0:8000 &
+lemur start -w 2 -b 0.0.0.0:8000 &
 LEMUR_PID=$!
 
 trap 'echo "[supervisor] Caught stop signal"; kill "$LEMUR_PID" "$CADDY_PID" 2>/dev/null || true' SIGTERM SIGINT
