build: change docker image to ubi gdal image

Refs KER-430
City-of-Helsinki · Jan 30, 2025 · 80410ab · 80410ab
1 parent e735d7e
commit 80410ab
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 27 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,11 @@
 # Dockerfile for Kerrokantasi backend
 # Attemps to provide for both local development and server usage
 
-ARG BUILDER_FROM_IMAGE=python:3.9-bookworm
+FROM helsinki.azurecr.io/ubi9/python-39-gdal AS appbase
 
-FROM ${BUILDER_FROM_IMAGE} AS appbase
+WORKDIR /app
 
-RUN useradd -ms /bin/bash -d /kerrokantasi kerrokantasi
-
-WORKDIR /kerrokantasi
+USER root
 
 # Can be used to inquire about running app
 # eg. by running `echo $APP_NAME`
@@ -20,13 +18,8 @@ ENV STATIC_ROOT /srv/static
 # while in Docker. Maybe the buffer is larger?
 ENV PYTHONUNBUFFERED True
 
-# less & netcat-openbsd are there for in-container manual debugging
-# kerrokantasi needs gdal
-RUN apt-get update && apt-get install -y postgresql-client less netcat-openbsd gettext locales gdal-bin python3-gdal
-
-# we need the Finnish locale built
-RUN sed -i 's/^# *\(fi_FI.UTF-8\)/\1/' /etc/locale.gen
-RUN locale-gen
+# Generate Finnish locale
+RUN localedef -i fi_FI -f UTF-8 fi_FI.UTF-8
 
 RUN pip install --upgrade pip setuptools wheel && \
     pip install --no-cache-dir uwsgi
@@ -51,9 +44,9 @@ RUN mkdir -p /srv/static && python manage.py collectstatic
 # Keep media in its own directory outside home, in case home
 # directory forms some sort of attack route
 # Usually this would be some sort of volume
-RUN mkdir -p /srv/media && chown kerrokantasi:kerrokantasi /srv/media
+RUN mkdir -p /srv/media && chown -R default:0 /srv/media
 
-ENTRYPOINT ["/kerrokantasi/deploy/entrypoint.sh"]
+ENTRYPOINT ["/app/deploy/entrypoint.sh"]
 
 # Both production and dev servers listen on port 8000
 EXPOSE 8000
@@ -63,7 +56,9 @@ FROM appbase AS development
 
 RUN pip install --no-cache-dir -r requirements-dev.txt
 
-USER kerrokantasi
+RUN chown -R default:0 /app
+
+USER default
 
 # And the production image
 FROM appbase AS production
@@ -72,4 +67,4 @@ RUN django-admin compilemessages
 
 ENV DEBUG=False
 
-USER kerrokantasi
+USER default
diff --git a/kerrokantasi/settings/test_settings.py b/kerrokantasi/settings/test_settings.py
@@ -7,3 +7,5 @@
 OIDC_API_TOKEN_AUTH["API_AUTHORIZATION_FIELD"] = ["authorization.permissions.scopes"]
 OIDC_API_TOKEN_AUTH["ISSUER"] = ["http://test.local:8000/openid"]
 OIDC_API_TOKEN_AUTH["REQUIRE_API_SCOPE_FOR_AUTHENTICATION"] = False
+
+MEDIA_ROOT = "/app/test_media"
diff --git a/kerrokantasi/tests/conftest.py b/kerrokantasi/tests/conftest.py
@@ -1,5 +1,3 @@
-import shutil
-
 import pytest
 from pytest_factoryboy import register
 from rest_framework.test import APIClient
@@ -34,15 +32,6 @@ def audit_log_configure(settings):
     settings.AUDIT_LOG = {"ENABLED": True}
 
 
-@pytest.fixture(autouse=True)
-def setup_test_media(settings):
-    """Create folder for test media/file uploads."""
-    settings.MEDIA_ROOT = "test_media"
-    settings.MEDIA_URL = "/media/"
-    yield
-    shutil.rmtree("test_media", ignore_errors=True)
-
-
 @pytest.fixture
 def api_client():
     return APIClient()