Add docker-compose and entrypoint

2025-05-20 19:39:23 +02:00 · 2022-08-10 11:11:36 -05:00 · 2022-08-10 11:11:36 -05:00 · 640b8cdf1e
commit 640b8cdf1e
parent edf54a88a7
2 changed files with 91 additions and 0 deletions
--- a/src/app/docker_entrypoint.py
+++ b/src/app/docker_entrypoint.py
@ -0,0 +1,56 @@
 #! /usr/bin/env python
 """
 This is a Docker entrypoint that configures the container to run
 as the same uid of the user on the host container, rather than
 the Docker default of root. Aside from following security best
 practices, this makes it so that any files created by the Docker
 container are also owned by the same user on the host system.
 """
 import sys
 import os
 import pwd
 import subprocess  # nosec
 HOST_UID = os.stat("/app").st_uid
 HOST_USER = "james"
 def does_username_exist(username):
    try:
        pwd.getpwnam(username)
        return True
    except KeyError:
        return False
 def does_uid_exist(uid):
    try:
        pwd.getpwuid(uid)
        return True
    except KeyError:
        return False
 if __name__ == "__main__":
    if HOST_UID != os.geteuid():
        if not does_uid_exist(HOST_UID):
            username = HOST_USER
            while does_username_exist(username):
                username += "0"
            home_dir = "/home/%s" % username
            subprocess.check_call(
                [  # nosec
                    "useradd",
                    "-d",
                    home_dir,
                    "-m",
                    username,
                    "-u",
                    str(HOST_UID),
                ]
            )
        os.environ["HOME"] = "/home/%s" % pwd.getpwuid(HOST_UID).pw_name
        os.setuid(HOST_UID)
    os.execvp(sys.argv[1], sys.argv[1:])  # nosec
--- a/src/docker-compose.yml
+++ b/src/docker-compose.yml
@ -0,0 +1,35 @@
 version: "3.0"
 services:
  app:
    build: .
    volumes:
      - ./app:/app
    links:
      - db
    working_dir: /app
    entrypoint: python /app/docker_entrypoint.py
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 5
    environment:
      # Ensure stdout and stderr are sent straight to the terminal without buffering
      - PYTHONUNBUFFERED=yup
      # In case we'd like to know
      - RUNNING_IN_DOCKER=yup
      # How to connect to Postgre container
      - DATABASE_URL=postgres://user:feedabee@db/app
      # Run in development mode on our local
      - DJANGO_SETTINGS_MODULE=app.settings.dev
    stdin_open: true
    tty: true
    ports:
      - "8000:8000"
    command: "python"
  db:
    image: postgres:latest
    environment:
      - POSTGRES_DB=app
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=feedabee