Merge pull request #289 from AKSW/feature/smallerDockerBaseImage

Make the docker image smaller

Author: splattater

.github/workflows/build.yml

@@ -134,7 +134,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           push: ${{ github.event_name != 'pull_request' }}
-          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}

Dockerfile

@@ -1,47 +1,75 @@
-FROM python:3
+FROM python:3-alpine as builder
 
-MAINTAINER Norman Radtke <radtke@informatik.uni-leipzig.de>
-MAINTAINER Natanael Arndt <arndt@informatik.uni-leipzig.de>
-ENV SSH_AUTH_SOCK /var/run/ssh-agent.sock
+LABEL org.opencontainers.image.title="Quit Store" \
+      org.opencontainers.image.authors="Norman Radtke <radtke@informatik.uni-leipzig.de>, Natanael Arndt <arndt@informatik.uni-leipzig.de>" \
+      org.opencontainers.image.source="https://github.com/AKSW/QuitStore/"
 
-RUN apt-get update && apt-get -y install \
+RUN apk --no-cache add \
     git \
-    cmake \
+    gcc \
+    musl-dev \
+    libgit2-dev \
     libffi-dev \
-    libssl-dev \
-    libssh2-1-dev \
-    && rm -rf /var/lib/apt/lists/*
+    libressl-dev \
+    libssh2-dev \
+    python3-dev \
+    openssl-dev \
+    cargo \
+    curl
 
-RUN useradd -md /usr/src/app quit
+RUN adduser -u 1000 -h /usr/src/app -S quit
 USER quit
 WORKDIR /usr/src/app
 
-COPY quit/ /usr/src/app/quit
-COPY scripts/install-libgit2.sh /
+ENV PATH="/usr/src/app/.local/bin:$PATH"
+ENV POETRY_VERSION=1.1.12
 
-USER root
-# Install libgit2
-RUN pip install --no-deps --only-binary :all: pygit2 \
-    || /install-libgit2.sh
+# In contrast to `pip install --prefer-binary poetry` the install script installs poetry in a
+# venv in ~/.local/share/pypoetry/ which can be left behind when copying the files from the build stage
+RUN curl -sSL https://install.python-poetry.org \
+        | python - --version "${POETRY_VERSION}"
 
 COPY poetry.lock pyproject.toml /usr/src/app/
 
-RUN poetry export -f requirements.txt | pip install --no-cache-dir -r /dev/stdin \
-    && ln -s /usr/src/app/quit/run.py /usr/local/bin/quit
+RUN poetry export -f requirements.txt > requirements.txt
+RUN rm ./.local/bin/poetry
 
-COPY docker/config.ttl /etc/quit/
+USER root
+RUN pip install --prefer-binary --no-cache-dir -r requirements.txt
 
-ENV QUIT_CONFIGFILE="/etc/quit/config.ttl"
+RUN ln -s $( python -c "import site; print(site.getsitepackages()[0])" ) /usr/local/python-site-packages
+
+USER quit
+
+# Set default git user
+RUN git config --global user.name QuitStore && git config --global user.email quitstore@example.org
+
+FROM python:3-alpine
 
+RUN adduser -u 1000 -h /usr/src/app -S quit
+WORKDIR /usr/src/app
+
+RUN apk --no-cache add \
+     libgit2 \
+     libssh2
+
+RUN ln -s $( python -c "import site; print(site.getsitepackages()[0])" ) /usr/local/python-site-packages
+COPY --from=builder /usr/local/python-site-packages /usr/local/python-site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+COPY --from=builder /usr/src/app/.gitconfig .
 RUN mkdir /data && chown quit /data
 
+COPY quit/ /usr/src/app/quit
+COPY docker/config.ttl /etc/quit/
+
 USER quit
 
+ENV PATH="/usr/src/app/.local/bin:${PATH}"
+ENV SSH_AUTH_SOCK="/var/run/ssh-agent.sock"
+ENV QUIT_CONFIGFILE="/etc/quit/config.ttl"
+
 VOLUME /data
 VOLUME /etc/quit
 EXPOSE 8080
 
-# Set default git user
-RUN git config --global user.name QuitStore && git config --global user.email quitstore@example.org
-
 CMD uwsgi --http 0.0.0.0:8080 -w quit.run -b 40960 --pyargv "-vv"

README.md

@@ -205,27 +205,27 @@ You can access them with your browser at the following paths.
 
 ## Docker
 
-We also provide a [Docker image for the Quit Store](https://hub.docker.com/r/aksw/quitstore/) on the public docker hub.
-The Image will expose port 8080 by default.
-An existing repository can be linked to the volume `/data`.
-The default configuration is located in `/etc/quit/config.ttl`, which can also be overwritten using a respective volume or by setting the `QUIT_CONFIGFILE` environment variable.
+We provide a Docker image for the Quit Store on the [public docker hub](https://hub.docker.com/r/aksw/quitstore/) as well as on the [github docker registry](https://github.com/AKSW/QuitStore/pkgs/container/quitstore).
+The image exposes port 8080 by default.
+The default user within the image is the user `quit` with the user id `1000`.
+For this user a git configuration with `user.name QuitStore` and `user.email quitstore@example.org` is preset.
+Without any further configuration, a git repository is initialized within the container in the `/data` directory (owned by the default user `quit`).
 
-Further options which can be set are:
+To store the data on the host a local directory or volume is required to store the git repository.
+An host directory or volume can be linked to the directory `/data`.
+Make sure the quit process running with the user id `1000` within the docker container has write access to this directory.
 
-* `QUIT_TARGETDIR` - the target repository directory on which quit should run
-* `QUIT_CONFIGFILE` - the path to the config.ttl (default: `/etc/quit/config.ttl`)
-* `QUIT_LOGFILE` - the path where quit should create its logfile
-* `QUIT_BASEPATH` - the HTTP base path where quit will be served
-* `QUIT_OAUTH_CLIENT_ID` - the GitHub OAuth client id (for OAuth see also the [github docu](https://developer.github.com/apps/building-oauth-apps/authorization-options-for-oauth-apps/))
-* `QUIT_OAUTH_SECRET` - the GitHub OAuth secret
+Alternatively the user id within the container can be set using the [`docker run --user $UID …` option](https://docs.docker.com/engine/reference/commandline/run/).
+In this case you have to make sure a `user.name` a `user.email` is configure using `git config` within the repository (`.git/config`) or a git config file is mounted to `/.gitconfig` (to `/usr/src/app/.gitconfig` if you are running it with user id `1000`).
+
+Example setup with the default user:
 
-You need a local directory where you want to store the git repository.
-In the example below `mkdir /store/repo`.
-Make sure the quit process in the docker container has write access to this directory by executing:
 ```
+mkdir /store/repo
 sudo chown 1000 /store/repo
 sudo chmod u+w /store/repo
 ```
+
 To run the image execute the following command (maybe you have to replace `docker` with `sudo docker`):
 
 ```
@@ -240,6 +240,17 @@ docker run -d --name containername -p 8080:8080 -v /store/repo:/data aksw/quitst
 
 Now you should be able to access the quit web interface under `http://localhost:8080` and the SPARQL 1.1 interface under `http://localhost:8080/sparql`.
 
+The default configuration is located in `/etc/quit/config.ttl`, which can also be overwritten using a respective volume or by setting the `QUIT_CONFIGFILE` environment variable.
+
+Further options which can be set are:
+
+* `QUIT_TARGETDIR` - the target repository directory on which quit should run
+* `QUIT_CONFIGFILE` - the path to the config.ttl (default: `/etc/quit/config.ttl`)
+* `QUIT_LOGFILE` - the path where quit should create its logfile
+* `QUIT_BASEPATH` - the HTTP base path where quit will be served
+* `QUIT_OAUTH_CLIENT_ID` - the GitHub OAuth client id (for OAuth see also the [github docu](https://developer.github.com/apps/building-oauth-apps/authorization-options-for-oauth-apps/))
+* `QUIT_OAUTH_SECRET` - the GitHub OAuth secret
+
 ## Run the Tests
 
 You need to have the quitstore installed from source, see section [Installation from Source](#installation-from-source).

requirements.txt.windows.patch

@@ -0,0 +1,11 @@
+diff --git a/requirements.txt b/requirements.txt
+index fccdc79..f465b85 100644
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -5,6 +5,3 @@ pygit2>=1.1.0
+ sortedcontainers
+ uritools
+ git+https://github.com/RDFLib/rdflib-jsonld@master
+-
+-uwsgi
+-pylava