Merge branch 'main' of https://github.com/pythoninthegrass/mvp

Author: pythoninthegrass

{{cookiecutter.project_slug}}/Dockerfile

@@ -1,153 +1,88 @@
-# syntax=docker/dockerfile:1.7.0
+# syntax=docker/dockerfile:1.7.1
 
-# full semver just for python base image
-ARG PYTHON_VERSION=3.11.11
+ARG PYTHON_VERSION=3.12.10
 
-FROM python:${PYTHON_VERSION}-slim-bullseye AS builder
+FROM python:${PYTHON_VERSION}-slim-bookworm as builder
 
-# avoid stuck build due to user prompt
 ARG DEBIAN_FRONTEND=noninteractive
 
-# update apt-get repos and install dependencies
-RUN apt-get -qq update \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get -qq update \
     && apt-get -qq install --no-install-recommends -y \
+    build-essential \
+    ca-certificates \
     curl \
     gcc \
-    libpq-dev \
     python3-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# pip env vars
-ENV PIP_NO_CACHE_DIR=off
-ENV PIP_DISABLE_PIP_VERSION_CHECK=on
-ENV PIP_DEFAULT_TIMEOUT=100
+# venv
+ARG UV_PROJECT_ENVIRONMENT="/opt/venv"
+ENV VENV="${UV_PROJECT_ENVIRONMENT}"
+ENV PATH="$VENV/bin:$PATH"
 
-# poetry env vars
-ENV POETRY_HOME="/opt/poetry"
-ENV POETRY_VERSION=1.8.5
-ENV POETRY_VIRTUALENVS_IN_PROJECT=true
-ENV POETRY_NO_INTERACTION=1
+# uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
-# path
-ENV VENV="/opt/venv"
-ENV PATH="$POETRY_HOME/bin:$VENV/bin:$PATH"
+ARG WORKDIR="/app"
+WORKDIR $WORKDIR
 
-# create app directory and set as working directory
-WORKDIR /app
+COPY pyproject.toml .
 
-# copy dependencies
-COPY requirements.txt requirements.txt
+# optimize startup time, don't use hardlinks, set cache for buildkit mount,
+# set uv timeout
+ENV UV_COMPILE_BYTECODE=1
+ENV UV_LINK_MODE=copy
+ENV UV_CACHE_DIR=/opt/uv-cache/
+ENV UV_HTTP_TIMEOUT=90
 
-# install poetry and dependencies
-RUN python -m venv $VENV \
-    && . "${VENV}/bin/activate" \
-    && python -m pip install "poetry==${POETRY_VERSION}" \
-    && python -m pip install -r requirements.txt
+RUN --mount=type=cache,target=/opt/uv-cache,sharing=locked \
+    uv venv $UV_PROJECT_ENVIRONMENT \
+    && uv pip install -r pyproject.toml
 
-FROM python:${PYTHON_VERSION}-slim-bullseye AS dev
+FROM python:${PYTHON_VERSION}-slim-bookworm as deps
 
-# setup path
-ENV VENV="/opt/venv"
-ENV PATH="${VENV}/bin:${VENV}/lib/python${PYTHON_VERSION}/site-packages:/usr/local/bin:${HOME}/.local/bin:/bin:/usr/bin:/usr/share/doc:$PATH"
-
-# standardise on locale, don't generate .pyc, enable tracebacks on seg faults
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONFAULTHANDLER 1
-
-# workers per core
-# https://github.com/tiangolo/uvicorn-gunicorn-fastapi-docker/blob/master/README.md#web_concurrency
-ENV WEB_CONCURRENCY=2
-
-# avoid stuck build due to user prompt
 ARG DEBIAN_FRONTEND=noninteractive
 
-# install dependencies
-RUN apt-get -qq update \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get -qq update \
     && apt-get -qq install --no-install-recommends -y \
-    bat \
-    curl \
-    dpkg \
-    git \
-    iputils-ping \
-    lsof \
-    make \
-    p7zip \
-    perl \
-    shellcheck \
-    sudo \
-    tldr \
-    tree \
+        libgomp1 \
     && rm -rf /var/lib/apt/lists/*
 
-# setup standard non-root user for use downstream
+FROM deps as runner
+
+ARG WORKDIR="/app"
+WORKDIR $WORKDIR
+
 ARG USER_NAME=appuser
 ARG USER_UID=1000
 ARG USER_GID=$USER_UID
 
 RUN groupadd --gid $USER_GID $USER_NAME \
-    && useradd --uid $USER_UID --gid $USER_GID -m $USER_NAME
-
-RUN echo "$USER_NAME ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER_NAME \
-    && chmod 0440 /etc/sudoers.d/$USER_NAME
+    && useradd --uid $USER_UID --gid $USER_GID -m $USER_NAME \
+    && chown -R $USER_NAME:$USER_NAME /app
 
-# copy virtual environment from builder stage
-COPY --from=builder --chown=${USER_NAME}:${USER_GROUP} $VENV $VENV
-
-# qol: tooling
-RUN <<EOF
-#!/usr/bin/env bash
-# fzf
-git clone --depth 1 https://github.com/junegunn/fzf.git ~/.fzf
-yes | ~/.fzf/install
-EOF
-
-# switch to non-root user
-USER $USER_NAME
+ARG VENV="/opt/venv"
+ENV PATH=$VENV/bin:$HOME/.local/bin:$PATH
 
-# qol: .bashrc
-RUN tee -a "$HOME/.bashrc" <<"EOF"
+COPY --from=builder \
+    --chown=$USER_NAME:$USER_NAME "$VENV" "$VENV"
 
-# shared history
-HISTFILE=/var/tmp/.bash_history
-HISTFILESIZE=100
-HISTSIZE=100
+COPY --chown=$USER_NAME:$USER_NAME ./app/ ${WORKDIR}/
 
-stty -ixon
-
-# fzf
-[ -f ~/.fzf.bash ] && . ~/.fzf.bash
-
-# asdf
-# https://asdf-vm.com/guide/getting-started.html
-export ASDF_DIR="$HOME/.asdf"
-[[ -f "${ASDF_DIR}/asdf.sh" ]] && . "${ASDF_DIR}/asdf.sh"
-
-# homebrew
-export BREW_PREFIX="/home/linuxbrew/.linuxbrew/bin"
-[[ -f "${BREW_PREFIX}/brew" ]] && eval "$(${BREW_PREFIX}/brew shellenv)"
-
-# aliases
-alias ..='cd ../'
-alias ...='cd ../../'
-alias ll='ls -la --color=auto'
-
-EOF
-
-FROM dev AS runner
-
-# change working directory
-WORKDIR /app
+# standardise on locale, don't generate .pyc, enable tracebacks on seg faults
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONFAULTHANDLER 1
 
-# $PATH
-ENV PATH=$VENV_PATH/bin:$HOME/.local/bin:$PATH
+USER $USER_NAME
 
-# port needed by app
 EXPOSE 8000
 
-# run container indefinitely
 CMD ["sleep", "infinity"]
-
-# metadata
-LABEL org.opencontainers.image.title="python-class"
+# CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
+# CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]

{{cookiecutter.project_slug}}/docker-bake.hcl

@@ -0,0 +1,67 @@
+// Variables with defaults that can be overridden
+variable "REGISTRY" {
+  default = "ghcr.io"
+}
+
+variable "IMAGE_NAME" {
+  default = "mvp"
+}
+
+variable "TAG" {
+  default = "latest"
+}
+
+// Base target with shared configuration
+target "docker-metadata-action" {
+  tags = [
+    "${REGISTRY}/${IMAGE_NAME}:${TAG}",
+    "${REGISTRY}/${IMAGE_NAME}:latest",
+  ]
+}
+
+// Default target that extends the base
+target "build" {
+  inherits = ["docker-metadata-action"]
+  context = "."
+  dockerfile = "Dockerfile"
+  // Platform will be set from GitHub Actions
+  // cache-from and cache-to will also be set from GitHub Actions
+  args = {
+    PYTHON_VERSION = "3.12.10"
+    // Additional build args can be defined here
+  }
+  // Output image will be pushed if push=true is set in GitHub Actions
+}
+
+// Group target to build both platforms
+group "default" {
+  targets = ["build"]
+}
+
+// Optional specific targets for each platform if needed
+target "amd64" {
+  inherits = ["build"]
+  platforms = ["linux/amd64"]
+  cache-from = ["type=gha,scope=linux/amd64"]
+  cache-to = ["type=gha,mode=max,scope=linux/amd64"]
+}
+
+target "arm64" {
+  inherits = ["build"]
+  platforms = ["linux/arm64"]
+  cache-from = ["type=gha,scope=linux/arm64"]
+  cache-to = ["type=gha,mode=max,scope=linux/arm64"]
+  // Optional arm64-specific args
+  args = {
+    PYTHON_VERSION = "3.12.10"
+    OPENBLAS_NUM_THREADS = "1"
+    MKL_NUM_THREADS = "1"
+    NUMEXPR_NUM_THREADS = "1"
+  }
+}
+
+// Matrix build target if you prefer to use it directly in bake
+target "multi-platform" {
+  inherits = ["build"]
+  platforms = ["linux/amd64", "linux/arm64"]
+}

{{cookiecutter.project_slug}}/taskfiles/docker.yml

@@ -115,3 +115,73 @@ tasks:
     cmds:
       - docker system prune --all --force
       - docker builder prune --all --force
+
+  create-builder:
+    desc: "Create a local docker buildx builder"
+    cmds:
+      - |
+        docker buildx create \
+          --name multi-platform \
+          --node multi-platform \
+          --platform linux/arm64/v8,linux/amd64 \
+          --driver=docker-container \
+          --use \
+          --bootstrap
+    status:
+      - docker buildx inspect multi-platform > /dev/null 2>&1
+
+  validate:
+    desc: Validate the docker-bake.hcl file
+    vars:
+      BAKE_OUTPUT:
+        sh: docker buildx bake --file docker-bake.hcl --print 2>&1 || true
+      VALIDATION_ERROR:
+        sh: echo "{{.BAKE_OUTPUT}}" | grep -q "ERROR:" && echo "true" || echo "false"
+    preconditions:
+      - sh: "test {{.VALIDATION_ERROR}} = false"
+        msg: |
+          Docker bake file is invalid. Error details:
+          {{.BAKE_OUTPUT}}
+    cmds:
+      - cmd: echo "Docker bake file is valid"
+        silent: true
+
+  buildx:
+    desc: "Build using docker buildx bake"
+    summary: |
+      Build using docker buildx bake with the specified target.
+
+      AVAILABLE TARGETS
+        - build (default): Builds the main image
+        - amd64: Builds specifically for AMD64 platform
+        - arm64: Builds specifically for ARM64 platform
+        - multi-platform: Builds for both AMD64 and ARM64 platforms
+
+      USAGE
+        task docker:buildx
+        task docker:buildx -- amd64
+        task docker:buildx -- arm64
+        task docker:buildx -- multi-platform
+    deps:
+      - validate
+      - create-builder
+    cmds:
+      - |
+        if [ -z "{{.CLI_ARGS}}" ]; then
+          TARGET="build"
+        else
+          case "{{.CLI_ARGS}}" in
+            build|amd64|arm64|multi-platform)
+              TARGET="{{.CLI_ARGS}}"
+              ;;
+            *)
+              echo "Error: Invalid target '{{.CLI_ARGS}}'"
+              echo "Valid targets are: build, amd64, arm64, multi-platform"
+              exit 1
+              ;;
+          esac
+        fi
+
+        docker buildx bake \
+          --file docker-bake.hcl \
+          $TARGET