~mediagoblin/mediagoblin

mediagoblin/Dockerfile-debian-11-sqlite -rw-r--r-- 7.1 KiB
522a61b2Ben Sturmfels Move permissions lines. 3 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# A Dockerfile for MediaGoblin hacking.
#
# IMPORTANT: This Dockerfile is not an officially supported approach to
# deploying MediaGoblin. It is experimental and intended for helping developers
# run the test suite. To deploy MediaGoblin, see:
#
# https://mediagoblin.readthedocs.io/en/master/siteadmin/deploying.html
#
# Most development Docker images are built and run as root. That doesn't work
# here because the `bower` command run within the `make` step, refuses to run as
# root.
#
# To build this Docker image, run:
#
#   docker build -t mediagoblin-debian-11 - < Dockerfile-debian-11-sqlite
#
# The "- < Dockerfile" format advises Docker not to include the current
# directory as build context. Alternatively the following provides build
# context:
#
#   docker build -t mediagoblin-debian-11 -f Dockerfile-debian-11-sqlite .
#
# Before running the image you first need to first assign the "mediagoblin" and
# "user_dev" directories to an artificial group (1024) on the host that is
# mirrored within the image (details below):
#
#   sudo chown --recursive :1024 mediagoblin user_dev
#   find mediagoblin user_dev -type d -exec chmod 775 {} \;
#   find mediagoblin user_dev -type f -exec chmod 664 {} \;
#
# Then you can run the image with the upstream MediaGoblin code:
#
#   docker run --interactive --tty --publish 6543:6543 mediagoblin-debian-11
#
# Or you can run with your local "mediagoblin" and "user_dev" directories
# bind-mounted into the container. This provides automatic code reloading and
# persistence:
#
#   # TODO: Not working.
#   docker run --interactive --tty --publish 6543:6543 --volume ./mediagoblin:/opt/mediagoblin/mediagoblin --volume ./extlib:/opt/mediagoblin/extlib mediagoblin-python3
#
# Alternatively you use docker-compose instead of separate build/run steps:
#
#   sudo chown --recursive :1024 mediagoblin user_dev
#   find mediagoblin user_dev -type d -exec chmod 775 {} \;
#   find mediagoblin user_dev -type f -exec chmod 664 {} \;
#   docker-compose up --build
#
# You can run the test suite with:
#
# docker run --tty mediagoblin-python3 bash -c "bin/python -m pytest ./mediagoblin/tests --boxed"

ARG DEBIAN_FRONTEND=noninteractive

FROM debian:bullseye

# Install bootstrap and configure dependencies. Currently requires virtualenv
# rather than the more modern python3-venv (should be fixed).
RUN apt-get update && apt-get install -y \
automake \
git \
nodejs \
npm \
python3-dev \
virtualenv

# Install make and runtime dependencies.
#
# We explicitly don't use use Debian packages for everything here, so as to
# match closely with the deployment docs which install most depedencies
# from PyPI.
RUN apt-get install -y \
python3-lxml \
python3-pil

# Install test and docs dependencies.
RUN apt-get install -y \
python3-pytest \
python3-pytest-xdist \
python3-snowballstemmer \
python3-sphinx \
python3-sphinxcontrib.devhelp \
python3-sphinxcontrib.qthelp \
python3-sphinxcontrib.websupport \
python3-webtest

# Install audio dependencies.
RUN apt-get install -y \
gstreamer1.0-libav \
gstreamer1.0-plugins-bad \
gstreamer1.0-plugins-base \
gstreamer1.0-plugins-good \
gstreamer1.0-plugins-ugly \
python3-gst-1.0 \
python3-numpy

# Install video dependencies.
RUN apt-get install -y \
gir1.2-gst-plugins-base-1.0 \
gir1.2-gstreamer-1.0 \
gstreamer1.0-tools \
python3-gi

# Install raw image dependencies.
#
# Currently (March 2021), python3-py3exiv2 is only available in Debian Sid, so
# we need to install py3exiv2 from PyPI (later on in this Dockerfile). These are
# the build depedencies for py3exiv2.
RUN apt-get install -y \
libexiv2-dev \
libboost-python-dev

# Install document (PDF-only) dependencies.
# TODO: Check that PDF tests aren't skipped.
RUN apt-get install -y \
poppler-utils

# Install LDAP depedencies.
RUN apt-get install -y python3-ldap

# Install OpenID dependencies.
RUN apt-get install -y python3-openid

# Create working directory.
RUN mkdir /opt/mediagoblin
RUN chown -R www-data:www-data /opt/mediagoblin
WORKDIR /opt/mediagoblin

# Create /var/www because Bower writes some cache files into /var/www during
# make, failing if it doesn't exist.
RUN mkdir --mode=g+w /var/www
RUN chown root:www-data /var/www

# Set up custom group to align with volume permissions for mounted
# "mediagoblin/mediagoblin" and "mediagoblin/user_dev".
#
# The problem here is that the host's UID, GID and mode are used in the
# container, but of course the container's user www-data is running under a
# different UID/GID so can't read or write to the volume. It seems like there
# should be a better approach, but we'll align volume permissions between host
# and container as per
# https://medium.com/@nielssj/docker-volumes-and-file-system-permissions-772c1aee23ca
RUN groupadd --system mediagoblin --gid 1024 && adduser www-data mediagoblin

USER www-data

# Copy upstream MediaGoblin into the image for use in the build process.
#
# This build process is somewhat complicated, because of Bower/NPM, translations
# and Python dependencies, so it's not really feasible just to copy over a
# requirements.txt like many Python Dockerfiles examples do. We need the full
# source.
#
# While it is possible to copy the source from the current directory like this:
#
# COPY --chown=www-data:www-data . /opt/mediagoblin
#
# that approach to lots of confusing problems when your working directory has
# changed from the default - say you've enabled some plugins or switched
# database type. So instead we're doing a git clone. We could potentially use
# `git archive` but this still wouldn't account for the submodules.
#
# TODO: Figure out a docker-only way to do the build and run from our local
# version, so that local changes are immediately available to the running
# container. Not as easy as it sounds. We have this working with docker-compose,
# but still uses upstream MediaGoblin for the build.
RUN git clone --depth=1 git://git.savannah.gnu.org/mediagoblin.git --branch master .
# RUN git clone --depth=1 https://gitlab.com/BenSturmfels/mediagoblin.git --branch master .
RUN git show --oneline --no-patch

RUN ./bootstrap.sh
RUN ./configure
RUN make

# Additional Sphinx dependencies not in Debian.
RUN ./bin/pip install sphinxcontrib-applehelp sphinxcontrib-htmlhelp sphinxcontrib-jsmath

# Install raw image library from PyPI.
RUN ./bin/pip install py3exiv2

# Confirm our packages version for later troubleshooting.
RUN ./bin/python -m pip freeze

# Run the tests.
RUN ./bin/python -m pytest -rs ./mediagoblin/tests --boxed

# Build the documentation.
RUN cd docs && make html

# Only safe if being run on a clean git checkout. Otherwise you may have already
# customised mediagoblin.ini to already install these.
RUN echo '[[mediagoblin.media_types.audio]]' >> mediagoblin.ini
RUN echo '[[mediagoblin.media_types.video]]' >> mediagoblin.ini
RUN echo '[[mediagoblin.media_types.raw_image]]' >> mediagoblin.ini
RUN echo '[[mediagoblin.media_types.pdf]]' >> mediagoblin.ini

# Prepare the SQLite database.
#
# TODO: Should probably be done at runtime.
RUN ./bin/gmg dbupdate
RUN ./bin/gmg adduser --username admin --password a --email admin@example.com
RUN ./bin/gmg makeadmin admin

EXPOSE 6543/tcp

# TODO: Is it possible to have a CMD here that is overriden by docker-compose?
CMD ["./lazyserver.sh", "--server-name=broadcast"]