Merge pull request #410 from ropable/master

Alpine Dockerfile, tweak HealthCheckMiddleware, bump dependencies.

.github/dependabot.yml

@@ -6,8 +6,6 @@ updates:
       interval: "weekly"
     target-branch: "master"
   - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
     directory: "/"
     schedule:
       interval: "weekly"

Dockerfile

@@ -1,36 +1,52 @@
 # syntax=docker/dockerfile:1
 # Prepare the base environment.
-FROM python:3.12.4-slim AS builder_base_prs
+FROM python:3.12.6-alpine AS builder_base
 LABEL [email protected]
 LABEL org.opencontainers.image.source=https://github.com/dbca-wa/prs
 
-RUN apt-get update -y \
-  && apt-get upgrade -y \
-  && apt-get install -y libmagic-dev gcc binutils gdal-bin proj-bin python3-dev libpq-dev gzip curl \
-  && rm -rf /var/lib/apt/lists/* \
-  && pip install --root-user-action=ignore --upgrade pip
+# Install system requirements to build Python packages.
+RUN apk add --no-cache \
+  gcc \
+  libressl-dev \
+  musl-dev \
+  libffi-dev
+# Create a non-root user to run the application.
+ARG UID=10001
+ARG GID=10001
+RUN addgroup -g ${GID} appuser \
+  && adduser -H -D -u ${UID} -G appuser appuser
 
 # Install Python libs using Poetry.
-FROM builder_base_prs AS python_libs_prs
+FROM builder_base AS python_libs_prs
+# Add system dependencies required to use GDAL
+# Ref: https://stackoverflow.com/a/59040511/14508
+RUN apk add --no-cache \
+  gdal \
+  geos \
+  proj \
+  binutils \
+  libmagic \
+  && ln -s /usr/lib/libproj.so.25 /usr/lib/libproj.so \
+  && ln -s /usr/lib/libgdal.so.35 /usr/lib/libgdal.so \
+  && ln -s /usr/lib/libgeos_c.so.1 /usr/lib/libgeos_c.so
 WORKDIR /app
-ARG POETRY_VERSION=1.8.3
-RUN pip install --root-user-action=ignore poetry=="${POETRY_VERSION}"
 COPY poetry.lock pyproject.toml ./
-RUN poetry config virtualenvs.create false \
+ARG POETRY_VERSION=1.8.3
+RUN pip install --no-cache-dir --root-user-action=ignore poetry==${POETRY_VERSION} \
+  && poetry config virtualenvs.create false \
   && poetry install --no-interaction --no-ansi --only main
-
-# Create a non-root user.
-ARG UID=10001
-ARG GID=10001
-RUN groupadd -g "${GID}" appuser \
-  && useradd --no-create-home --no-log-init --uid "${UID}" --gid "${GID}" appuser
+# Remove system libraries, no longer required.
+RUN apk del \
+  gcc \
+  libressl-dev \
+  musl-dev \
+  libffi-dev
 
 # Install the project.
-FROM python_libs_prs
+FROM python_libs_prs AS project_prs
 COPY gunicorn.py manage.py ./
 COPY prs2 ./prs2
 RUN python manage.py collectstatic --noinput
-
 USER ${UID}
 EXPOSE 8080
 CMD ["gunicorn", "prs2.wsgi", "--config", "gunicorn.py"]

Dockerfile.debian

@@ -0,0 +1,36 @@
+# syntax=docker/dockerfile:1
+# Prepare the base environment.
+FROM python:3.12.4-slim AS builder_base_prs
+LABEL [email protected]
+LABEL org.opencontainers.image.source=https://github.com/dbca-wa/prs
+
+RUN apt-get update -y \
+  && apt-get upgrade -y \
+  && apt-get install -y libmagic-dev gcc binutils gdal-bin proj-bin python3-dev libpq-dev gzip curl \
+  && rm -rf /var/lib/apt/lists/* \
+  && pip install --root-user-action=ignore --upgrade pip
+
+# Install Python libs using Poetry.
+FROM builder_base_prs AS python_libs_prs
+WORKDIR /app
+ARG POETRY_VERSION=1.8.3
+RUN pip install --root-user-action=ignore poetry==${POETRY_VERSION}
+COPY poetry.lock pyproject.toml ./
+RUN poetry config virtualenvs.create false \
+  && poetry install --no-interaction --no-ansi --only main
+
+# Create a non-root user.
+ARG UID=10001
+ARG GID=10001
+RUN groupadd -g ${GID} appuser \
+  && useradd --no-create-home --no-log-init --uid ${UID} --gid ${GID} appuser
+
+# Install the project.
+FROM python_libs_prs
+COPY gunicorn.py manage.py ./
+COPY prs2 ./prs2
+RUN python manage.py collectstatic --noinput
+
+USER ${UID}
+EXPOSE 8080
+CMD ["gunicorn", "prs2.wsgi", "--config", "gunicorn.py"]

README.md

@@ -3,7 +3,7 @@
 This project is the Department of Biodiversity, Conservation and Attractions
 [Planning Referral System](https://prs.dbca.wa.gov.au/) corporate application.
 
-# Installation
+## Installation
 
 The recommended way to set up this project for development is using
 [Poetry](https://python-poetry.org/docs/) to install and manage a virtual Python
@@ -23,9 +23,9 @@ Manage new or updating project dependencies with Poetry also, like so:
 
     poetry add newpackage==1.0
 
-# Environment variables
+## Environment variables
 
-This project uses **django-confy** to set environment variables (in a `.env` file).
+This project uses **python-dotenv** to set environment variables (in a `.env` file).
 The following variables are required for the project to run:
 
     DATABASE_URL="postgis://USER:PASSWORD@HOST:5432/DATABASE_NAME"
@@ -53,7 +53,7 @@ Variables below may also need to be defined in production (context-dependent):
     SLIP_PASSWORD="slip_password"
     SLIP_ESRI_FS_URL="https://wfs.slip.url.au/endpoint"
 
-# Media uploads
+## Media uploads
 
 By default, PRS assumes that user-uploaded media will be saved to Azure blob
 storage. To use local storage, set the environment variable `LOCAL_MEDIA_STORAGE=True`
@@ -65,7 +65,7 @@ Credentials for Azure should be defined in the following environment variables:
     AZURE_ACCOUNT_KEY=key
     AZURE_CONTAINER=container_name
 
-# Running
+## Running
 
 Use `runserver` to run a local copy of the application:
 
@@ -85,7 +85,7 @@ should contain the broker URL value. Reference:
 
 <https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html#broker-redis>
 
-# Testing
+## Testing
 
 Run unit tests as follows:
 
@@ -100,13 +100,13 @@ To obtain coverage reports:
     coverage run --source='.' manage.py test --keepdb -v2 --settings prs2.test-settings
     coverage report -m
 
-# Docker image
+## Docker image
 
 To build a new Docker image from the `Dockerfile`:
 
     docker image build -t ghcr.io/dbca-wa/prs .
 
-# Pre-commit hooks
+## Pre-commit hooks
 
 This project includes the following pre-commit hooks:
 

kustomize/overlays/prod/kustomization.yaml

@@ -26,4 +26,4 @@ patches:
   - path: typesense_service_patch.yaml
 images:
   - name: ghcr.io/dbca-wa/prs
-    newTag: 2.5.56
+    newTag: 2.5.57