-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
38 lines (27 loc) · 1.24 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# this is our first build stage, it will not persist in the final image
FROM python:3.7.7 as intermediate
LABEL maintainer="[email protected]"
# Install OS dependencies
# for PyHive
RUN apt-get update && apt-get install -y --no-install-recommends libsasl2-modules libsasl2-dev python3-pip
# Install Python dependencies
# add credentials on build
ARG SSH_PRIVATE_KEY
RUN mkdir /root/.ssh/ && echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
# make sure your domain is accepted
RUN touch /root/.ssh/known_hosts && ssh-keyscan github.com >> /root/.ssh/known_hosts
# install requirements (both Git and PyPI)
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
# 2nd stage, this is MUST to prevent from leaking private key
# ref: https://vsupalov.com/build-docker-image-clone-private-repo-ssh-key/
FROM python:3.7.7
LABEL maintainer="[email protected]"
# copy the repository from the previous image
# for libsasl2
COPY --from=intermediate /usr/lib/x86_64-linux-gnu/sasl2 /usr/lib/x86_64-linux-gnu/sasl2
# for site-packages like PyYaml
COPY --from=intermediate /usr/local/lib/python3.7/site-packages /usr/local/lib/python3.7/site-packages
COPY . /opt/my_python_app
WORKDIR /opt/my_python_app
CMD ./run.sh