Skip to content

Commit

Permalink
chore(sys): switch to using debian instead of alpine due to incompati…
Browse files Browse the repository at this point in the history
…bility for running onnx models
  • Loading branch information
sneko committed Mar 27, 2024
1 parent 9da70dd commit dda8d9f
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 31 deletions.
47 changes: 17 additions & 30 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,13 @@
# The `APP_HOST` variable defaults onto what Next.js server uses in a Docker environment

ARG NODE_VERSION=18.19.0
ARG RUBY_VERSION=3.2.2-r1
ARG PIP_VERSION=23.3.1-r0
ARG RUBY_VERSION=1:3.1
ARG PIP_VERSION=23.0.1+dfsg-1
ARG PRISMA_VERSION=4.16.2
ARG APP_HOST=172.17.0.2
ARG PORT=3000

# Note: the pandoc package version naming is completely different than the official repository so as of now
# we are not specifying a fixed version (ref: https://pkgs.alpinelinux.org/package/edge/community/x86_64/pandoc-cli)

FROM node:${NODE_VERSION}-alpine
FROM node:${NODE_VERSION}-slim

ARG RUBY_VERSION
ARG PIP_VERSION
Expand All @@ -21,27 +18,18 @@ ARG PORT

USER root

RUN apk add \
# This is for the code we manage
"build-base" \
"libffi-dev" \
"libcurl" \
# Install necessary dependencies
RUN apt-get update && apt-get install -y \
"chromium" \
"curl" \
"git" \
"pandoc-cli" \
"pandoc" \
"python3-pip=${PIP_VERSION}" \
"python3-venv" \
"ruby-dev=${RUBY_VERSION}" \
"py3-pip=${PIP_VERSION}" \
# This is the dependencies needed by chromium
"chromium" \
"libstdc++" \
"harfbuzz" \
"nss" \
"freetype" \
"ttf-freefont" \
"font-noto-emoji" \
"wqy-zenhei"

ENV CHROME_BIN="/usr/bin/chromium-browser"
&& rm -rf /var/lib/apt/lists/*

ENV CHROME_BIN="/usr/bin/chromium"
ENV CHROME_PATH="/usr/lib/chromium/"

ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH="${CHROME_BIN}"
Expand All @@ -51,8 +39,8 @@ ENV CHROMIUM_BIN="${CHROME_BIN}"

# Restrict the permissions

RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
RUN addgroup --system --gid 800 nodejs
RUN adduser --system --home /home/nextjs --uid 800 nextjs

USER nextjs

Expand All @@ -67,17 +55,16 @@ COPY --chown=nextjs:nodejs "src/semgrep/requirements.txt" ./
# Note: we did not specify the `bundler` version from the `Gemfile.lock` so it may adjust it accordingly
# We could have frozen it but it would require to fix the `bundle` version for local development too, which seems overkilled

RUN gem install --user-install bundler

# Docker does not allow injecting command result into an variable environment so doing it manually (ref: https://github.com/moby/moby/issues/29110)
# ENV GEM_HOME="$(ruby -e 'puts Gem.user_dir')"
ENV GEM_HOME="/home/nextjs/.local/share/gem/ruby/3.2.0"
ENV GEM_HOME="/home/nextjs/.local/share/gem/ruby/3.1.0"
ENV PATH="$GEM_HOME/bin:$PATH"

RUN gem install --user-install bundler
RUN bundle --gemfile Gemfile

RUN python3 -m venv ./venv \
&& source ./venv/bin/activate \
&& . ./venv/bin/activate \
&& pip install -r requirements.txt

ENV PATH="/app/venv/bin:$PATH"
Expand Down
2 changes: 1 addition & 1 deletion src/prisma/schema.prisma
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
generator client {
provider = "prisma-client-js"
binaryTargets = ["native", "linux-musl-openssl-3.0.x"]
binaryTargets = ["native", "debian-openssl-1.1.x"]
previewFeatures = ["fullTextSearch", "views"]
}

Expand Down

0 comments on commit dda8d9f

Please sign in to comment.