redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/build/bookwyrm/bookwyrm-base/Dockerfile
+++ b/build/bookwyrm/bookwyrm-base/Dockerfile
@@ -0,0 +1,85 @@
+# BookWyrm Base Multi-stage Build
+# Production-optimized build targeting ~400MB final image size
+# Shared base image for BookWyrm web and worker containers
+
+# Build stage - Install dependencies and prepare optimized source
+FROM python:3.11-slim AS builder
+
+# Install build dependencies in a single layer
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    build-essential \
+    libpq-dev \
+    libffi-dev \
+    libssl-dev \
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get clean
+
+WORKDIR /app
+
+# Clone source with minimal depth and remove git afterwards to save space
+RUN git clone -b production --depth 1 --single-branch \
+    https://github.com/bookwyrm-social/bookwyrm.git . \
+    && rm -rf .git
+
+# Create virtual environment and install Python dependencies
+RUN python3 -m venv /opt/venv \
+    && /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools wheel \
+    && /opt/venv/bin/pip install --no-cache-dir -r requirements.txt \
+    && find /opt/venv -name "*.pyc" -delete \
+    && find /opt/venv -name "__pycache__" -type d -exec rm -rf {} + \
+    && find /opt/venv -name "*.pyo" -delete
+
+# Remove unnecessary files from source to reduce image size
+# Note: .dockerignore will exclude __pycache__, *.pyc, etc. automatically
+RUN rm -rf \
+    /app/.github \
+    /app/docker \
+    /app/nginx \
+    /app/locale \
+    /app/bw-dev \
+    /app/bookwyrm/tests \
+    /app/bookwyrm/test* \
+    /app/*.md \
+    /app/LICENSE \
+    /app/.gitignore \
+    /app/requirements.txt
+
+# Runtime stage - Minimal runtime environment
+FROM python:3.11-slim AS runtime
+
+# Set environment variables
+ENV TZ=UTC \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PATH="/opt/venv/bin:$PATH" \
+    VIRTUAL_ENV="/opt/venv"
+
+# Install only essential runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq5 \
+    curl \
+    gettext \
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get clean \
+    && apt-get autoremove -y
+
+# Create bookwyrm user for security
+RUN useradd --create-home --shell /bin/bash --uid 1000 bookwyrm
+
+# Copy virtual environment and optimized source
+COPY --from=builder /opt/venv /opt/venv
+COPY --from=builder /app /app
+
+# Set working directory and permissions
+WORKDIR /app
+RUN chown -R bookwyrm:bookwyrm /app \
+    && mkdir -p /app/mediafiles /app/static /app/images \
+    && chown -R bookwyrm:bookwyrm /app/mediafiles /app/static /app/images
+
+# Default user
+USER bookwyrm
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD python manage.py check --deploy || exit 1