build/bookwyrm/bookwyrm-base/Dockerfile

# BookWyrm Base Multi-stage Build
# Production-optimized build targeting ~400MB final image size
# Shared base image for BookWyrm web and worker containers

# Build stage - Install dependencies and prepare optimized source
FROM python:3.11-slim AS builder

# Install build dependencies in a single layer
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    build-essential \
    libpq-dev \
    libffi-dev \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

WORKDIR /app

# Clone source with minimal depth and remove git afterwards to save space
RUN git clone -b production --depth 1 --single-branch \
    https://github.com/bookwyrm-social/bookwyrm.git . \
    && rm -rf .git

# Create virtual environment and install Python dependencies
RUN python3 -m venv /opt/venv \
    && /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools wheel \
    && /opt/venv/bin/pip install --no-cache-dir -r requirements.txt \
    && find /opt/venv -name "*.pyc" -delete \
    && find /opt/venv -name "__pycache__" -type d -exec rm -rf {} + \
    && find /opt/venv -name "*.pyo" -delete

# Remove unnecessary files from source to reduce image size
# Note: .dockerignore will exclude __pycache__, *.pyc, etc. automatically
RUN rm -rf \
    /app/.github \
    /app/docker \
    /app/nginx \
    /app/locale \
    /app/bw-dev \
    /app/bookwyrm/tests \
    /app/bookwyrm/test* \
    /app/*.md \
    /app/LICENSE \
    /app/.gitignore \
    /app/requirements.txt

# Runtime stage - Minimal runtime environment
FROM python:3.11-slim AS runtime

# Set environment variables
ENV TZ=UTC \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PATH="/opt/venv/bin:$PATH" \
    VIRTUAL_ENV="/opt/venv"

# Install only essential runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    libpq5 \
    curl \
    gettext \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean \
    && apt-get autoremove -y

# Create bookwyrm user for security
RUN useradd --create-home --shell /bin/bash --uid 1000 bookwyrm

# Copy virtual environment and optimized source
COPY --from=builder /opt/venv /opt/venv
COPY --from=builder /app /app

# Set working directory and permissions
WORKDIR /app
RUN chown -R bookwyrm:bookwyrm /app \
    && mkdir -p /app/mediafiles /app/static /app/images \
    && chown -R bookwyrm:bookwyrm /app/mediafiles /app/static /app/images

# Default user
USER bookwyrm

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD python manage.py check --deploy || exit 1
add source code and readme 2025-12-24 14:35:17 +01:00			`# BookWyrm Base Multi-stage Build`
			`# Production-optimized build targeting ~400MB final image size`
			`# Shared base image for BookWyrm web and worker containers`

			`# Build stage - Install dependencies and prepare optimized source`
			`FROM python:3.11-slim AS builder`

			`# Install build dependencies in a single layer`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`git \`
			`build-essential \`
			`libpq-dev \`
			`libffi-dev \`
			`libssl-dev \`
			`&& rm -rf /var/lib/apt/lists/* \`
			`&& apt-get clean`

			`WORKDIR /app`

			`# Clone source with minimal depth and remove git afterwards to save space`
			`RUN git clone -b production --depth 1 --single-branch \`
			`https://github.com/bookwyrm-social/bookwyrm.git . \`
			`&& rm -rf .git`

			`# Create virtual environment and install Python dependencies`
			`RUN python3 -m venv /opt/venv \`
			`&& /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools wheel \`
			`&& /opt/venv/bin/pip install --no-cache-dir -r requirements.txt \`
			`&& find /opt/venv -name "*.pyc" -delete \`
			`&& find /opt/venv -name "__pycache__" -type d -exec rm -rf {} + \`
			`&& find /opt/venv -name "*.pyo" -delete`

			`# Remove unnecessary files from source to reduce image size`
			`# Note: .dockerignore will exclude __pycache__, *.pyc, etc. automatically`
			`RUN rm -rf \`
			`/app/.github \`
			`/app/docker \`
			`/app/nginx \`
			`/app/locale \`
			`/app/bw-dev \`
			`/app/bookwyrm/tests \`
			`/app/bookwyrm/test* \`
			`/app/*.md \`
			`/app/LICENSE \`
			`/app/.gitignore \`
			`/app/requirements.txt`

			`# Runtime stage - Minimal runtime environment`
			`FROM python:3.11-slim AS runtime`

			`# Set environment variables`
			`ENV TZ=UTC \`
			`PYTHONUNBUFFERED=1 \`
			`PYTHONDONTWRITEBYTECODE=1 \`
			`PATH="/opt/venv/bin:$PATH" \`
			`VIRTUAL_ENV="/opt/venv"`

			`# Install only essential runtime dependencies`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`libpq5 \`
			`curl \`
			`gettext \`
			`&& rm -rf /var/lib/apt/lists/* \`
			`&& apt-get clean \`
			`&& apt-get autoremove -y`

			`# Create bookwyrm user for security`
			`RUN useradd --create-home --shell /bin/bash --uid 1000 bookwyrm`

			`# Copy virtual environment and optimized source`
			`COPY --from=builder /opt/venv /opt/venv`
			`COPY --from=builder /app /app`

			`# Set working directory and permissions`
			`WORKDIR /app`
			`RUN chown -R bookwyrm:bookwyrm /app \`
			`&& mkdir -p /app/mediafiles /app/static /app/images \`
			`&& chown -R bookwyrm:bookwyrm /app/mediafiles /app/static /app/images`

			`# Default user`
			`USER bookwyrm`

			`# Health check`
			`HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \`
			`CMD python manage.py check --deploy \|\| exit 1`