Update docker-compose and other docker files

.dockerignore

@@ -2,10 +2,22 @@
 *.yml
 **/*.pyc
 **/__pypackages__
+**/__pycache__
 **/node_modules
 **/npm-debug.log
 **/venv
+**/.venv
 docs-old/
 docs/
-frontend/
 logs/
+
+# Generated frontend #
+frontend/node_modules/
+frontend/build/
+frontend/public/static/
+frontend/assets/styles/
+frontend/package-lock.json
+frontend/.env
+frontend/.eslintcache
+frontend/coverage/
+

Dockerfile

@@ -1,50 +1,50 @@
-ARG ALPINE_IMG_TAG=3.17
+ARG DEBIAN_IMG_TAG=slim-bookworm
 ARG PYTHON_IMG_TAG=3.10
 
-FROM docker.io/python:${PYTHON_IMG_TAG}-alpine${ALPINE_IMG_TAG} as base
+FROM docker.io/python:${PYTHON_IMG_TAG}-${DEBIAN_IMG_TAG} as base
 ARG APP_VERSION=0.1.0
-ARG DOCKERFILE_VERSION=0.4.0
+ARG DOCKERFILE_VERSION=0.5.0
 ARG ALPINE_IMG_TAG
 ARG PYTHON_IMG_TAG
 ARG [email protected]
 LABEL org.hotosm.tasks.app-version="${APP_VERSION}" \
-      org.hotosm.tasks.alpine-img-tag="${ALPINE_IMG_TAG}" \
+      org.hotosm.tasks.debian-img-tag="${DEBIAN_IMG_TAG}" \
       org.hotosm.tasks.python-img-tag="${PYTHON_IMG_TAG}" \
       org.hotosm.tasks.dockerfile-version="${DOCKERFILE_VERSION}" \
       org.hotosm.tasks.maintainer="${MAINTAINER}" \
       org.hotosm.tasks.api-port="5000"
 # Fix timezone (do not change - see issue #3638)
 ENV TZ UTC
+# Add non-root user, permissions, init log dir
+RUN useradd --uid 9000 --create-home --home /home/appuser --shell /bin/false appuser
+
 
 
 
 FROM base as extract-deps
+RUN pip install --no-cache-dir --upgrade pip
 WORKDIR /opt/python
 COPY pyproject.toml pdm.lock README.md /opt/python/
-RUN pip install --no-cache-dir --upgrade pip \
-    && pip install --no-cache-dir pdm==2.5.3
+RUN pip install --no-cache-dir pdm==2.7.4
 RUN pdm export --prod --without-hashes > requirements.txt
 
 
 
 FROM base as build
+RUN pip install --no-cache-dir --upgrade pip
 WORKDIR /opt/python
 # Setup backend build-time dependencies
-RUN apk update && \
-    apk add \
-        postgresql-dev \
-        gcc \
-        g++ \
+RUN apt-get update
+RUN apt-get install --no-install-recommends -y build-essential
+RUN apt-get install --no-install-recommends -y \
+        postgresql-server-dev-15 \
         python3-dev \
-        musl-dev \
         libffi-dev \
-        geos-dev \
-        proj-util \
-        proj-dev \
-        make
+        libgeos-dev
 # Setup backend Python dependencies
 COPY --from=extract-deps \
     /opt/python/requirements.txt /opt/python/
+USER appuser:appuser
 RUN pip install --user --no-warn-script-location \
     --no-cache-dir -r /opt/python/requirements.txt
 
@@ -61,36 +61,44 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
     SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 # Setup backend runtime dependencies
-RUN apk update && \
-    apk add --no-cache \
-        postgresql-libs geos proj-util
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+        postgresql-client libgeos3.11.1 proj-bin && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
 COPY --from=build \
-    /root/.local \
+    /home/appuser/.local \
     /home/appuser/.local
+USER appuser:appuser
 COPY backend backend/
 COPY migrations migrations/
 COPY scripts/world scripts/world/
 COPY scripts/database scripts/database/
 COPY manage.py .
-# Add non-root user, permissions, init log dir
-RUN adduser -D -u 900 -h /home/appuser -s /bin/false appuser \
-    && chown -R appuser:appuser /usr/src /home/appuser
 
 
 
 FROM runtime as debug
-RUN pip install --no-warn-script-location \
+RUN pip install --user --no-warn-script-location \
     --no-cache-dir debugpy==1.6.7
-USER appuser
+EXPOSE 5678/tcp
 CMD ["python", "-m", "debugpy", "--wait-for-client", "--listen", "0.0.0.0:5678", \
     "-m", "gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
     "--reload", "--log-level", "error"]
 
 
 
 FROM runtime as prod
+USER root
+# Get the necessary bits for the health check
+RUN apt-get update && \
+	apt-get install -y curl && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/*
 # Pre-compile packages to .pyc (init speed gains)
 RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
-USER appuser
+RUN python -m compileall .
+EXPOSE 8000/tcp
+HEALTHCHECK --interval=60s --start-period=15s CMD ["curl", "-f", "http://localhost:8000/api/v2/system/heartbeat/", "||", "exit", "1"]
+USER appuser:appuser
 CMD ["gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
     "--workers", "1", "--log-level", "error"]

Makefile

@@ -10,7 +10,7 @@ ifndef DOCKER_COMPOSE_VERSION
 endif
 
 build:
-	docker-compose build --no-cache app
+	docker-compose build --no-cache backend frontend
 
 up:
 	docker network inspect tm-web >/dev/null 2>&1 || \
@@ -24,21 +24,21 @@ list:
 	docker-compose ps
 
 refresh-frontend:
-	docker-compose exec app sh -c "cd frontend && npm run build"
+	docker-compose exec frontend sh -c "cd frontend && npm run build"
 
 refresh-translatables:
-	docker-compose exec app sh -c "cd frontend && yarn build-locales"
+	docker-compose exec frontend sh -c "cd frontend && yarn build-locales"
 
 refresh-translations:
-	docker-compose exec app sh -c "tx pull -af"
+	docker-compose exec frontend sh -c "tx pull -af"
 
 tests:test-frontend test-backend
 
 test-frontend:
-	docker-compose exec app sh -c "cd /usr/src/app/frontend && CI=true npm test"
+	docker-compose exec frontend sh -c "cd /usr/src/app/frontend && CI=true npm test"
 
 test-backend:
-	docker-compose exec app sh -c "python -m unittest discover tests/backend"
+	docker-compose exec backend sh -c "python -m unittest discover tests/backend"
 
 fetch:
 ifndef PRNUMBER

docker-compose.override.yml

@@ -26,5 +26,5 @@ services:
     volumes:
       - ".:/usr/src/app"
     labels:
-      - traefik.http.routers.frontend.rule=Host(`localhost`)
+      - traefik.http.routers.frontend.rule=Host(`localhost`) || Host(`127.0.0.1`)
       - traefik.http.services.frontend.loadbalancer.server.port=80

docker-compose.yml

@@ -18,7 +18,7 @@ services:
     container_name: backend
     restart: always
     labels:
-      - traefik.http.routers.backend.rule=Host(`localhost`) && PathPrefix(`/api/`)
+      - traefik.http.routers.backend.rule=(Host(`127.0.0.1`) || Host(`localhost`)) && PathPrefix(`/api/`)
       - traefik.http.services.backend.loadbalancer.server.port=5000
 
   migration:
@@ -33,19 +33,19 @@ services:
     networks:
       - tm-web
     labels:
-      - traefik.http.routers.frontend.rule=Host(`localhost`)
-      - traefik.http.services.frontend.loadbalancer.server.port=80
+      - traefik.http.routers.frontend.rule=Host(`127.0.0.1`) || Host(`localhost`)
+      - traefik.http.services.frontend.loadbalancer.server.port=3000
 
   postgresql:
-    image: mdillon/postgis:11
+    image: postgis/postgis:14-3.3
     container_name: postgresql
     restart: always
     env_file: ${ENV_FILE:-tasking-manager.env}
     networks:
       - tm-web
 
   traefik:
-    image: traefik:v2.3
+    image: traefik:v2.10
     restart: always
     ports:
       - "80:80"
@@ -59,4 +59,4 @@ services:
 
 networks:
   tm-web:
-    external: true
+    external: false

scripts/docker/Dockerfile.backend

@@ -1,50 +1,50 @@
-ARG ALPINE_IMG_TAG=3.17
+ARG DEBIAN_IMG_TAG=slim-bookworm
 ARG PYTHON_IMG_TAG=3.10
 
-FROM docker.io/python:${PYTHON_IMG_TAG}-alpine${ALPINE_IMG_TAG} as base
+FROM docker.io/python:${PYTHON_IMG_TAG}-${DEBIAN_IMG_TAG} as base
 ARG APP_VERSION=0.1.0
-ARG DOCKERFILE_VERSION=0.4.0
+ARG DOCKERFILE_VERSION=0.5.0
 ARG ALPINE_IMG_TAG
 ARG PYTHON_IMG_TAG
 ARG [email protected]
 LABEL org.hotosm.tasks.app-version="${APP_VERSION}" \
-      org.hotosm.tasks.alpine-img-tag="${ALPINE_IMG_TAG}" \
+      org.hotosm.tasks.debian-img-tag="${DEBIAN_IMG_TAG}" \
       org.hotosm.tasks.python-img-tag="${PYTHON_IMG_TAG}" \
       org.hotosm.tasks.dockerfile-version="${DOCKERFILE_VERSION}" \
       org.hotosm.tasks.maintainer="${MAINTAINER}" \
       org.hotosm.tasks.api-port="5000"
 # Fix timezone (do not change - see issue #3638)
 ENV TZ UTC
+# Add non-root user, permissions, init log dir
+RUN useradd --uid 9000 --create-home --home /home/appuser --shell /bin/false appuser
+
 
 
 
 FROM base as extract-deps
+RUN pip install --no-cache-dir --upgrade pip
 WORKDIR /opt/python
 COPY pyproject.toml pdm.lock README.md /opt/python/
-RUN pip install --no-cache-dir --upgrade pip \
-    && pip install --no-cache-dir pdm==2.5.3
+RUN pip install --no-cache-dir pdm==2.7.4
 RUN pdm export --prod --without-hashes > requirements.txt
 
 
 
 FROM base as build
+RUN pip install --no-cache-dir --upgrade pip
 WORKDIR /opt/python
 # Setup backend build-time dependencies
-RUN apk update && \
-    apk add \
-        postgresql-dev \
-        gcc \
-        g++ \
+RUN apt-get update
+RUN apt-get install --no-install-recommends -y build-essential
+RUN apt-get install --no-install-recommends -y \
+        postgresql-server-dev-15 \
         python3-dev \
-        musl-dev \
         libffi-dev \
-        geos-dev \
-        proj-util \
-        proj-dev \
-        make
+        libgeos-dev
 # Setup backend Python dependencies
 COPY --from=extract-deps \
     /opt/python/requirements.txt /opt/python/
+USER appuser:appuser
 RUN pip install --user --no-warn-script-location \
     --no-cache-dir -r /opt/python/requirements.txt
 
@@ -61,27 +61,25 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
     SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 # Setup backend runtime dependencies
-RUN apk update && \
-    apk add --no-cache \
-        postgresql-libs geos proj-util
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+        postgresql-client libgeos3.11.1 proj-bin && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
 COPY --from=build \
-    /root/.local \
+    /home/appuser/.local \
     /home/appuser/.local
+USER appuser:appuser
 COPY backend backend/
 COPY migrations migrations/
 COPY scripts/world scripts/world/
 COPY scripts/database scripts/database/
 COPY manage.py .
-# Add non-root user, permissions, init log dir
-RUN adduser -D -u 900 -h /home/appuser -s /bin/false appuser \
-    && chown -R appuser:appuser /usr/src /home/appuser
 
 
 
 FROM runtime as debug
-RUN pip install --no-warn-script-location \
+RUN pip install --user --no-warn-script-location \
     --no-cache-dir debugpy==1.6.7
-USER appuser
 CMD ["python", "-m", "debugpy", "--wait-for-client", "--listen", "0.0.0.0:5678", \
     "-m", "gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
     "--reload", "--log-level", "error"]
@@ -90,7 +88,9 @@ CMD ["python", "-m", "debugpy", "--wait-for-client", "--listen", "0.0.0.0:5678",
 
 FROM runtime as prod
 # Pre-compile packages to .pyc (init speed gains)
+USER root
 RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
-USER appuser
+RUN python -m compileall .
+USER appuser:appuser
 CMD ["gunicorn", "-c", "python:backend.gunicorn", "manage:application", \
     "--workers", "1", "--log-level", "error"]

scripts/docker/Dockerfile.frontend_development

@@ -4,25 +4,22 @@ RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
 
 # Get the Tasking Manager
-ARG branch=master
+ARG branch=develop
 RUN git clone --depth=1 git://github.com/hotosm/tasking-manager.git \
 	--branch $branch /usr/src/app
 
 RUN rm -rf backend/ migrations/
 
-FROM tiangolo/node-frontend:10 as build
+FROM node:16 as build
 
 WORKDIR /usr/src/app
 
-COPY --from=base /usr/src/app/frontend /usr/src/app
+COPY tasking-manager.env ..
+COPY frontend .
 
 ## SETUP
 RUN npm install
 
-ARG TM_APP_API_URL=http://localhost/api
-ARG TM_IMPORT_MAX_FILESIZE=1000000
-ARG TM_MAX_AOI_AREA=5000
-
 # SERVE
 CMD ["npm", "start"]
 

scripts/docker/tasking-manager/Dockerfile

@@ -1,5 +1,5 @@
 ARG PYTHON_IMG_TAG=3.10
-FROM python:${PYTHON_IMG_TAG}-bullseye
+FROM python:${PYTHON_IMG_TAG}-bookworm
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
@@ -10,7 +10,7 @@ ENV PATH="/usr/src/app/__pypackages__/${PYTHON_IMG_TAG}/bin:$PATH" \
 # INSTALLATION
 
 # Add repository for node
-RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
 
 # Install dependencies
 RUN apt-get update \