diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 1521c8b..0000000 --- a/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -dist diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index f16b0b8..0000000 --- a/Dockerfile +++ /dev/null @@ -1,89 +0,0 @@ -# -# Attempts are made to follow the guidelines at -# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ -# - -FROM library/ubuntu:16.04 - -# If there are security updates for any of the packages we install, -# bump the date in this environment variable to invalidate the Docker -# build cache and force installation of the new packages. Otherwise, -# Docker's image/layer cache may prevent the security update from -# being retrieved. -ENV SECURITY_UPDATES="2017-15-01" - -# Tell apt/dpkg/debconf that we're non-interactive so it won't write -# annoying warnings as it installs the software we ask for. Making -# this an `ARG` sets it in the environment for the duration of the -# _build_ only - preventing this from having any effect on a container -# running this image (which shouldn't really be installing more -# software but who knows...). -ARG DEBIAN_FRONTEND=noninteractive - -# We'll do an upgrade because the base Ubuntu image isn't guaranteed -# to include the latest security updates. This is counter to best -# practice recommendations but security updates are important. -RUN apt-get --quiet update && \ - apt-get --quiet install -y unattended-upgrades && \ - unattended-upgrade --minimal_upgrade_steps && \ -rm -rf /var/lib/apt/lists/* - -# libffi-dev should probably be a build-dep for python-nacl and python-openssl -# but isn't for some reason. Also, versioneer depends on the git cli to -# compute the source version. -RUN apt-get --quiet update && apt-get --quiet install -y \ - libffi-dev \ - python-virtualenv \ - git \ -&& rm -rf /var/lib/apt/lists/* - -# Source repositories seem to be disabled on the Xenial image now. Enable -# them so we can actually get some build deps. -RUN sed -i -e 's/^# deb-src/deb-src/' /etc/apt/sources.list - -# magic-wormhole depends on these and pip wants to build them both from -# source. -RUN apt-get --quiet update && apt-get --quiet build-dep -y \ - python-openssl \ - python-nacl \ -&& rm -rf /var/lib/apt/lists/* - -# Create a virtualenv into which to install magicwormhole in to. -RUN virtualenv /app/env - -# Get a newer version of pip. The version in the virtualenv installed from -# Ubuntu might not be very recent, depending on when the build happens. -RUN /app/env/bin/pip install --upgrade pip - -# Create a less privileged account to actually use to run the server. -ENV WORMHOLE_USER_NAME="wormhole" - -# Force the allocated user to uid 1000 because we hard-code 1000 below. -RUN adduser --uid 1000 --disabled-password --gecos "" "${WORMHOLE_USER_NAME}" - -# Facilitate network connections to the application. The rendezvous server -# listens on 4000 by default. -EXPOSE 4000 - -# Put the source somewhere pip will be able to see it. -ADD . /magic-wormhole - -# Get the app we want to run! -WORKDIR /magic-wormhole -RUN /app/env/bin/pip install . - -# Run the application with this working directory. -WORKDIR /app/run - -# And give it to the user the application will run as. -RUN chown ${WORMHOLE_USER_NAME} /app/run - -# Switch to a non-root user. -USER 1000 - -# This makes starting a server succinct. -ENTRYPOINT ["/app/env/bin/wormhole-server", "start", "--no-daemon"] - -# By default, start up a pretty reasonable server. This can easily be -# overridden by another command which will get added to the entrypoint. -CMD ["--rendezvous", "tcp:4000"]