-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
142 lines (109 loc) · 4.22 KB
/
Dockerfile
File metadata and controls
142 lines (109 loc) · 4.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# syntax=docker/dockerfile:1
# Define custom function directory
ARG FUNCTION_DIR="/app"
ARG PYTHON_VERSION=3.9
FROM python:${PYTHON_VERSION} as build-image
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
# Include global args in this stage of the build
ARG FUNCTION_DIR
ARG LAMBDA_NAME
ENV LAMBDA_ROOT_DIR="lambdas"
ENV AWS_DEFAULT_REGION="us-east-1"
ENV LAMBDA_NAME=${LAMBDA_NAME}
ENV PYTHONPATH=${FUNCTION_DIR}:${FUNCTION_DIR}/shared:${FUNCTION_DIR}/${LAMBDA_ROOT_DIR}
# Echo the values of the arguments
RUN echo "LAMBDA_NAME: ${LAMBDA_NAME}"
WORKDIR ${FUNCTION_DIR}
# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
# Leverage a bind mount to requirements.txt to avoid having to copy them into
# into this layer.
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=bind,source=requirements.txt,target=${FUNCTION_DIR}/requirements.txt \
python -m pip install -r requirements.txt
RUN mkdir -p ${FUNCTION_DIR}/shared && mkdir -p ${FUNCTION_DIR}/${LAMBDAROOT}/${LAMBDA_NAME}
COPY shared ${FUNCTION_DIR}/shared
COPY ${LAMBDA_ROOT_DIR}/${LAMBDA_NAME} ${FUNCTION_DIR}/${LAMBDA_ROOT_DIR}/${LAMBDA_NAME}
####################################################
# Production image
####################################################
FROM python:${PYTHON_VERSION}-slim as prod
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
RUN pip install awslambdaric
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/go/dockerfile-user-best-practices/
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
# Switch to the non-privileged user to run the application.
USER appuser
ARG FUNCTION_DIR
ARG LAMBDA_NAME
WORKDIR ${FUNCTION_DIR}
COPY --chown=appuser --from=build-image ${FUNCTION_DIR} ${FUNCTION_DIR}
# Add the installed packages to the PYTHONPATH
ENV PYTHONPATH=${FUNCTION_DIR}:${FUNCTION_DIR}/shared:${FUNCTION_DIR}/lambdas
ENV LAMBDA_NAME=${LAMBDA_NAME}
WORKDIR lambdas/${LAMBDA_NAME}
ENTRYPOINT ["python", "-m", "awslambdaric"]
CMD ["main.handler"]
####################################################
# DEV image
####################################################
FROM python:${PYTHON_VERSION}-slim as dev
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
RUN pip install awslambdaric
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/go/dockerfile-user-best-practices/
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/app" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
# Switch to the non-privileged user to run the application.
ARG FUNCTION_DIR
ARG LAMBDA_NAME
COPY --chown=appuser:appuser --from=build-image ${FUNCTION_DIR} ${FUNCTION_DIR}
WORKDIR ${FUNCTION_DIR}
COPY aws-lambda-rie-arm64 aws-lambda-rie-x86_64 ./
RUN chown -R appuser:appuser aws-lambda-rie* && chmod -R 1777 aws-lambda-rie*
# Add the installed packages to the PYTHONPATH
ENV PYTHONPATH=${FUNCTION_DIR}:${FUNCTION_DIR}/shared:${FUNCTION_DIR}/lambdas:${FUNCTION_DIR}/lambdas/${LAMBDA_NAME}
ENV LAMBDA_NAME=${LAMBDA_NAME}
RUN <<EOF
set -eu
ARCH=`uname -m`
if [ "$ARCH" == "x86_64" ]; then
echo "x86_64"
cp aws-lambda-rie /usr/local/bin/aws-lambda-rie
else
echo "aarch64"
cp aws-lambda-rie-arm64 /usr/local/bin/aws-lambda-rie
fi
EOF
USER appuser
WORKDIR ${FUNCTION_DIR}/lambdas/${LAMBDA_NAME}
ENTRYPOINT [ "/usr/local/bin/aws-lambda-rie", "python", "-m", "awslambdaric" ]
CMD ["main.handler"]