update with latest build versions, includes custom build for postgres and migrating from v16 to v18

build/piefed/piefed-base/.dockerignore

@@ -0,0 +1,29 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+README*
+
+# Python cache
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache
+.coverage
+htmlcov/
+
+# Environment files
+.env*
+*.env
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Build artifacts
+*.log

build/piefed/piefed-base/Dockerfile

@@ -1,11 +1,8 @@
 # Multi-stage build for smaller final image
-FROM python:3.11-alpine AS builder
+FROM python:3.11-alpine3.21 AS builder
 
-# Use HTTP repositories to avoid SSL issues, then install dependencies
-RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositories \
-    && echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/community" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --no-cache \
+# Install build dependencies
+RUN apk add --no-cache \
         pkgconfig \
         gcc \
         python3-dev \
@@ -19,21 +16,24 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositori
 # Set working directory
 WORKDIR /app
 
-# v1.3.x
-ARG PIEFED_VERSION=main
+# Clone PieFed source
+ARG PIEFED_VERSION=v1.5.1
 RUN git clone https://codeberg.org/rimu/pyfedi.git /app \
     && cd /app \
     && git checkout ${PIEFED_VERSION} \
     && rm -rf .git
 
-# Install Python dependencies to /app/venv
+# Install Python dependencies to /app/venv and clean up cache/bytecode
 RUN python -m venv /app/venv \
     && source /app/venv/bin/activate \
     && pip install --no-cache-dir -r requirements.txt \
-    && pip install --no-cache-dir uwsgi
+    && pip install --no-cache-dir uwsgi \
+    && find /app/venv -name "*.pyc" -delete \
+    && find /app/venv -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true \
+    && find /app -name "*.pyo" -delete 2>/dev/null || true
 
 # Runtime stage - much smaller
-FROM python:3.11-alpine AS runtime
+FROM python:3.11-alpine3.21 AS runtime
 
 # Set environment variables
 ENV TZ=UTC
@@ -41,55 +41,43 @@ ENV PYTHONUNBUFFERED=1
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PATH="/app/venv/bin:$PATH"
 
-# Install only runtime dependencies
-RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositories \
-    && echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/community" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --no-cache \
+# Install only runtime dependencies (no redis server, nginx, dcron, or tesseract - not needed)
+# - redis: using external Redis cluster, only Python client needed
+# - nginx: only needed in web container, installed there
+# - dcron: using Kubernetes CronJobs for scheduling
+# - tesseract: OCR not used by PieFed
+RUN apk add --no-cache \
         ca-certificates \
         curl \
         su-exec \
-        dcron \
         libpq \
         jpeg \
         freetype \
         lcms2 \
         openjpeg \
         tiff \
-        nginx \
         supervisor \
-        redis \
-        bash \
-        tesseract-ocr \
-        tesseract-ocr-data-eng
+        bash
 
-# Create piefed user
+# Create piefed user and set up directories in a single layer
 RUN addgroup -g 1000 piefed \
-    && adduser -u 1000 -G piefed -s /bin/sh -D piefed
+    && adduser -u 1000 -G piefed -s /bin/sh -D piefed \
+    && mkdir -p /app/logs /app/app/static/tmp /app/app/static/media \
+        /var/log/piefed /var/run/piefed \
+    && chown -R piefed:piefed /var/log/piefed /var/run/piefed
 
 # Set working directory
 WORKDIR /app
 
-# Copy application and virtual environment from builder
-COPY --from=builder /app /app
-COPY --from=builder /app/venv /app/venv
+# Copy application and virtual environment from builder (venv is inside /app)
+COPY --from=builder --chown=piefed:piefed /app /app
 
-# Compile translations (matching official Dockerfile)
-RUN source /app/venv/bin/activate && \
-    (pybabel compile -d app/translations || true)
-
-# Set proper permissions - ensure logs directory is writable for dual logging
-RUN chown -R piefed:piefed /app \
-    && mkdir -p /app/logs /app/app/static/tmp /app/app/static/media \
-    && chown -R piefed:piefed /app/logs /app/app/static/tmp /app/app/static/media \
-    && chmod -R 755 /app/logs /app/app/static/tmp /app/app/static/media \
-    && chmod 777 /app/logs
+# Compile translations and set permissions in a single layer
+RUN source /app/venv/bin/activate \
+    && (pybabel compile -d app/translations || true) \
+    && chmod 755 /app/logs /app/app/static/tmp /app/app/static/media
 
 # Copy shared entrypoint utilities
 COPY entrypoint-common.sh /usr/local/bin/entrypoint-common.sh
 COPY entrypoint-init.sh /usr/local/bin/entrypoint-init.sh
-RUN chmod +x /usr/local/bin/entrypoint-common.sh /usr/local/bin/entrypoint-init.sh
-
-# Create directories for logs and runtime
-RUN mkdir -p /var/log/piefed /var/run/piefed \
-    && chown -R piefed:piefed /var/log/piefed /var/run/piefed 
+RUN chmod +x /usr/local/bin/entrypoint-common.sh /usr/local/bin/entrypoint-init.sh 

build/piefed/piefed-base/entrypoint-init.sh

@@ -4,73 +4,11 @@ set -e
 # Database initialization entrypoint for PieFed
 # This script runs as a Kubernetes Job before web/worker pods start
 
-log() {
-    echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
-}
+# Source common functions (wait_for_db, wait_for_redis, log)
+. /usr/local/bin/entrypoint-common.sh
 
 log "Starting PieFed database initialization..."
 
-# Wait for database to be available
-wait_for_db() {
-    log "Waiting for database connection..."
-    until python -c "
-import psycopg2
-import os
-from urllib.parse import urlparse
-
-try:
-    # Parse DATABASE_URL
-    database_url = os.environ.get('DATABASE_URL', '')
-    if not database_url:
-        raise Exception('DATABASE_URL not set')
-    
-    # Parse the URL to extract connection details
-    parsed = urlparse(database_url)
-    conn = psycopg2.connect(
-        host=parsed.hostname,
-        port=parsed.port or 5432,
-        database=parsed.path[1:],  # Remove leading slash
-        user=parsed.username,
-        password=parsed.password
-    )
-    conn.close()
-    print('Database connection successful')
-except Exception as e:
-    print(f'Database connection failed: {e}')
-    exit(1)
-" 2>/dev/null; do
-        log "Database not ready, waiting 2 seconds..."
-        sleep 2
-    done
-    log "Database connection established"
-}
-
-# Wait for Redis to be available  
-wait_for_redis() {
-    log "Waiting for Redis connection..."
-    until python -c "
-import redis
-import os
-
-try:
-    cache_redis_url = os.environ.get('CACHE_REDIS_URL', '')
-    if cache_redis_url:
-        r = redis.from_url(cache_redis_url)
-    else:
-        # Fallback to separate host/port for backwards compatibility
-        r = redis.Redis(host='redis', port=6379, password=os.environ.get('REDIS_PASSWORD', ''))
-    r.ping()
-    print('Redis connection successful')
-except Exception as e:
-    print(f'Redis connection failed: {e}')
-    exit(1)
-" 2>/dev/null; do
-        log "Redis not ready, waiting 2 seconds..."
-        sleep 2
-    done
-    log "Redis connection established"
-}
-
 # Main initialization sequence
 main() {
     # Change to application directory