Skip to content

Commit

Permalink
check if test flaky
Browse files Browse the repository at this point in the history
  • Loading branch information
EliMoshkovich committed Dec 12, 2024
1 parent f445199 commit 8fccb53
Showing 1 changed file with 75 additions and 62 deletions.
137 changes: 75 additions & 62 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,136 +1,148 @@
# OPA BUILD STAGE -----------------------------------
# Build OPA from source or download precompiled binary
# build opa from source or download precompiled binary
# ---------------------------------------------------
FROM golang:bullseye AS opa_build

COPY custom* /custom
COPY factdb* /factdb

# Build OPA binary if custom_opa.tar.gz is provided
RUN if [ -f /custom/custom_opa.tar.gz ]; \
then \
cd /custom && \
tar xzf custom_opa.tar.gz && \
go build -ldflags="-extldflags=-static" -o /opa && \
rm -rf /custom; \
rm -rf /custom ; \
else \
case $(uname -m) in \
x86_64) curl -L -o /opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64_static ;; \
aarch64) curl -L -o /opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static ;; \
*) echo "Unknown architecture." && exit 1 ;; \
esac; \
x86_64) \
curl -L -o /opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64_static ; \
;; \
aarch64) \
curl -L -o /opa https://openpolicyagent.org/downloads/latest/opa_linux_arm64_static ; \
;; \
*) \
echo "Unknown architecture." ; \
exit 1 ; \
;; \
esac ; \
fi

# Build or copy factdb binary
RUN if [ -f /factdb/factdb.tar.gz ]; \
then \
cd /factdb && \
tar xzf factdb.tar.gz && \
go build -ldflags="-extldflags=-static" -o /bin/factdb ./cmd/factstore_server && \
rm -rf /factdb; \
rm -rf /factdb ; \
else \
case $(uname -m) in \
x86_64) \
if [ -f /factdb/factstore_server-linux-amd64 ]; then \
cp /factdb/factstore_server-linux-amd64 /bin/factdb; \
else \
echo "factstore_server-linux-amd64 not found."; \
echo "factstore_server-linux-amd64 not found." ; \
if [ "$ALLOW_MISSING_FACTSTORE" = "false" ]; then \
echo "Missing Factstore is not allowed, exiting..."; \
exit 1; \
echo "Missing Factstore is not allowed, exiting..."; exit 1; \
else \
echo "Missing Factstore is allowed, continuing..."; \
touch /bin/factdb; \
fi; \
touch /bin/factdb ; \
fi \
fi \
;; \
aarch64) \
if [ -f /factdb/factstore_server-linux-arm64 ]; then \
cp /factdb/factstore_server-linux-arm64 /bin/factdb; \
else \
echo "factstore_server-linux-arm64 not found."; \
echo "factstore_server-linux-arm64 not found." ; \
if [ "$ALLOW_MISSING_FACTSTORE" = "false" ]; then \
echo "Missing Factstore is not allowed, exiting..."; \
exit 1; \
echo "Missing Factstore is not allowed, exiting..."; exit 1; \
else \
echo "Missing Factstore is allowed, continuing..."; \
touch /bin/factdb; \
fi; \
touch /bin/factdb ; \
fi \
fi \
;; \
*) \
echo "Unknown architecture."; \
exit 1; \
echo "Unknown architecture." ; \
exit 1 ; \
;; \
esac; \
esac ; \
fi


# MAIN IMAGE ----------------------------------------
# Main image setup (optimized)
# most of the time only this image should be built
# ---------------------------------------------------
FROM python:3.10-alpine

WORKDIR /app

# Create necessary user and group in a single step
RUN addgroup -S permit -g 1001 && \
adduser -S -s /bin/bash -u 1000 -G permit -h /home/permit permit
RUN addgroup -S permit -g 1001
RUN adduser -S -s /bin/bash -u 1000 -G permit -h /home/permit permit

# Create backup directory with permissions
RUN mkdir -p /app/backup && chmod 777 /app/backup
# create backup directory
RUN mkdir -p /app/backup && chmod -R 777 /app/backup

# Install necessary libraries in a single RUN command
# install linux libraries necessary to compile some python packages
RUN apk update && \
apk add --no-cache bash build-base libffi-dev libressl-dev musl-dev zlib-dev gcompat

# Copy OPA and factdb binaries from the build stage
# Copy custom opa binary
RUN mkdir /app/bin
RUN chown -R permit:permit /app/bin
COPY --from=opa_build --chmod=755 /opa /app/bin/opa
COPY --from=opa_build --chmod=755 /bin/factdb /app/bin/factdb

# Environment variables for OPA and FactDB
ENV OPAL_INLINE_OPA_EXEC_PATH="/app/bin/opa"

COPY --from=opa_build --chmod=755 /bin/factdb /app/bin/factdb
ENV PDP_FACTDB_BINARY_PATH="/app/bin/factdb"

# Copy required scripts
COPY scripts /scripts
# bash is needed for ./start/sh script
COPY scripts ./

# Set permissions and ownership for the application
RUN mkdir -p /config && chown -R permit:permit /config
RUN chmod +x /scripts/wait-for-it.sh && \
chmod +x /scripts/start.sh
RUN mkdir -p /config
RUN chown -R permit:permit /config

# Ensure the `permit` user has the correct permissions for home directory and binaries
RUN chown -R permit:permit /home/permit /app /usr/local/bin /scripts
# copy wait-for-it (use only for development! e.g: docker compose)
COPY scripts/wait-for-it.sh /usr/wait-for-it.sh
RUN chmod +x /usr/wait-for-it.sh

# Switch to permit user
# copy startup script
COPY ./scripts/start.sh ./start.sh
RUN chmod +x ./start.sh

RUN chown -R permit:permit /home/permit
RUN chown -R permit:permit /usr/
USER permit

# Copy Kong routes and Gunicorn config
# copy Kong route-to-resource translation table
COPY kong_routes.json /config/kong_routes.json
COPY ./scripts/gunicorn_conf.py ./gunicorn_conf.py

USER root
# copy gunicorn_config
COPY ./scripts/gunicorn_conf.py ./gunicorn_conf.py

# Install python dependencies in one command to optimize layer size
# install python dependencies
COPY ./requirements.txt ./requirements.txt
RUN pip install -r requirements.txt && \
python -m pip uninstall -y pip setuptools && \
rm -r /usr/local/lib/python3.10/ensurepip

USER permit
RUN pip install -r requirements.txt
RUN python -m pip uninstall -y pip setuptools
RUN rm -r /usr/local/lib/python3.10/ensurepip

# Copy the application code
COPY ./horizon /app/horizon
# copy app code
COPY ./horizon ./horizon

# Version file for the application
# copy version file
COPY ./permit_pdp_version /app/permit_pdp_version

# Set the PATH to ensure the local binary paths are used
ENV PATH="/app/bin:/home/permit/.local/bin:$PATH"
# Make sure scripts in .local are usable:
ENV PATH="/:/app/bin:/home/permit/.local/bin:$PATH"
# uvicorn config ------------------------------------

# WARNING: do not change the number of workers on the opal client!
# only one worker is currently supported for the client.

# Uvicorn configuration
# number of uvicorn workers
ENV UVICORN_NUM_WORKERS=1
# uvicorn asgi app
ENV UVICORN_ASGI_APP="horizon.main:app"
# uvicorn port
ENV UVICORN_PORT=7000

# opal configuration --------------------------------
Expand All @@ -153,9 +165,10 @@ ENV PDP_FACTDB_BINARY_PATH="/app/bin/factdb"
# This is a default PUBLIC (not secret) key,
# and it is here as a safety measure on purpose.
ENV OPAL_AUTH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDe2iQ+/E01P2W5/EZwD5NpRiSQ8/r/k18pFnym+vWCSNMWpd9UVpgOUWfA9CAX4oEo5G6RfVVId/epPH/qVSL87uh5PakkLZ3E+PWVnYtbzuFPs/lHZ9HhSqNtOQ3WcPDTcY/ST2jyib2z0sURYDMInSc1jnYKqPQ6YuREdoaNdPHwaTFN1tEKhQ1GyyhL5EDK97qU1ejvcYjpGm+EeE2sjauHYn2iVXa2UA9fC+FAKUwKqNcwRTf3VBLQTE6EHGWbxVzXv1Feo8lPZgL7Yu/UPgp7ivCZhZCROGDdagAfK9sveYjkKiWCLNUSpado/E5Vb+/1EVdAYj6fCzk45AdQzA9vwZefP0sVg7EuZ8VQvlz7cU9m+XYIeWqduN4Qodu87rtBYtSEAsru/8YDCXBDWlLJfuZb0p/klbte3TayKnQNSWD+tNYSJHrtA/3ZewP+tGDmtgLeB38NLy1xEsgd31v6ISOSCTHNS8ku9yWQXttv0/xRnuITr8a3TCLuqtUrNOhCx+nKLmYF2cyjYeQjOWWpn/Z6VkZvOa35jhG1ETI8IwE+t5zXqrf2s505mh18LwA1DhC8L/wHk8ZG7bnUe56QwxEo32myUBN8nHdu7XmPCVP8MWQNLh406QRAysishWhXVs/+0PbgfBJ/FxKP8BXW9zqzeIG+7b/yk8tRHQ=="
# 7000 sidecar port
# 8181 opa port
EXPOSE 7000 8181
# expose sidecar port
EXPOSE 7000
# expose opa directly
EXPOSE 8181

# Run the application using the startup script
CMD ["/scripts/start.sh"]
# run gunicorn
CMD ["/app/start.sh"]

0 comments on commit 8fccb53

Please sign in to comment.