refactor dockerfile to install dependencies with pdm and dockerfile to allowlist

Moves adduser statements to beginning of base image

Author: khakers

.dockerignore

@@ -1,159 +1,14 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
+# Ignore everything
+*
+# Ignore the IDE, these are not duplicate and not having this makes the build context potentially *very* large
+**
+!/cogs
+!/core
+!/plugins
+!/src
+!*.py
+!LICENSE
+!pdm.lock
+!pyproject.toml
+!README.md
 
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-pip-wheel-metadata/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-.hypothesis/
-.pytest_cache/
-.ruff_cache/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-.python-version
-
-# celery beat schedule file
-celerybeat-schedule
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-venv2/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
-
-# PyCharm
-.idea/
-
-# MacOS
-.DS_Store
-
-# VS Code
-.vscode/
-
-# Node
-package-lock.json
-node_modules/
-
-# Modmail
-config.json
-plugins/
-!plugins/registry.json
-!plugins/@local/
-temp/
-test.py
-
-# Other stuff
-.env.example
-.gitignore
-.dockerignore
-.github/
-app.json
-Procfile
-pyproject.toml
-*.md
-.*.json
-Dockerfile
-docker-compose.yml
-LICENSE
-PRIVACY.md
-
-# Docs
-docs/
-
-.pdm-python

Dockerfile

@@ -7,19 +7,28 @@ RUN apk update && apk add git \
 FROM base as python-deps
 
 RUN apk add --virtual build-deps build-base gcc libffi-dev
-COPY requirements.txt /
-RUN pip install --prefix=/inst -U -r /requirements.txt
+
+#Install pdm
+RUN pip install -U pip setuptools wheel
+RUN pip install pdm
+
+COPY  pyproject.toml pdm.lock README.md /modmail/
+
+WORKDIR /modmail
+RUN pdm sync --prod --no-editable --fail-fast
 
 FROM base as runtime
 
+RUN adduser --disabled-password modmail
+USER modmail
+
+
 ENV USING_DOCKER yes
-COPY --from=python-deps /inst /usr/local
+COPY --chown=modmail:modmail --from=python-deps /modmail /modmail
 
-COPY . /modmail
+COPY --chown=modmail:modmail . /modmail
 WORKDIR /modmail
 
+ENV PATH="/modmail/.venv/bin:${PATH}"
 CMD ["python", "bot.py"]
 
-RUN adduser --disabled-password --gecos '' app && \
-    chown -R app /modmail
-USER app

dev.docker-compose.yml

@@ -11,7 +11,6 @@ services:
       - mongo
   mongo:
     image: mongo:7
-    restart: always
     volumes:
       - mongodb:/data/db
     ports:

pyproject.toml

@@ -75,6 +75,7 @@ dependencies = [
     "cffi~=1.15.0",
     "strenum",
     "discord-py~=2.3.0",
+    "setuptools>=69.0.3",
 ]
 requires-python = ">=3.10"
 readme = "README.md"