-
-
Notifications
You must be signed in to change notification settings - Fork 110
Expand file tree
/
Copy pathDockerfile
More file actions
125 lines (105 loc) · 4.9 KB
/
Dockerfile
File metadata and controls
125 lines (105 loc) · 4.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
FROM weblate/dev:2026.11.0@sha256:24ea3d57c68bb737a886f1c606f719839949f7305010840bfc45353e09ae48b2 AS build
ARG TARGETARCH
# renovate: datasource=pypi depName=Weblate versioning=pep440
ENV WEBLATE_VERSION=5.16.2
ENV WEBLATE_EXTRAS=all,MySQL,zxcvbn,saml
SHELL ["/bin/bash", "-o", "pipefail", "-x", "-c"]
COPY --link requirements.txt patches /app/src/
# Install dependencies
# hadolint ignore=DL3008,DL3013,SC2046,DL3003,SC1091
RUN \
--mount=type=tmpfs,target=/tmp \
--mount=type=cache,target=/.uv-cache,sharing=locked \
export UV_CACHE_DIR=/.uv-cache UV_LINK_MODE=copy \
&& uv venv --python "python${PYVERSION}" /app/venv \
&& . /app/venv/bin/activate \
&& uv --version \
&& python --version \
&& case "$WEBLATE_VERSION" in \
*+* ) \
uv pip install \
--compile-bytecode \
--no-binary xmlsec \
--no-binary lxml \
-r /app/src/requirements.txt \
"https://github.com/translate/translate/archive/master.zip" \
"https://github.com/WeblateOrg/language-data/archive/main.zip" \
"https://github.com/WeblateOrg/weblate/archive/$WEBLATE_DOCKER_GIT_REVISION.zip#egg=Weblate[$WEBLATE_EXTRAS]" \
;; \
* ) \
uv pip install \
--compile-bytecode \
--no-binary xmlsec \
--no-binary lxml \
-r /app/src/requirements.txt \
"Weblate[$WEBLATE_EXTRAS]==$WEBLATE_VERSION" \
;; \
esac \
&& rm -rf /app/venv/lib/python*/site-packages/slapdtest \
&& uv cache prune --ci \
&& du -sh "$UV_CACHE_DIR" \
&& /app/venv/bin/python -c 'from phply.phpparse import make_parser; make_parser()' \
&& ln -s /app/venv/share/weblate/examples/ /app/
# Apply hotfixes on Weblate
RUN find /app/src -name '*.patch' -print0 | sort -z | \
xargs -n1 -0 -r patch -p1 -d "/app/venv/lib/python${PYVERSION}/site-packages/" -i
FROM weblate/base:2026.11.0@sha256:1c68687b2375426ea00c2c58eff9a45d6639400d2bc38e19469bb19b65dd93bd AS final
# renovate: datasource=pypi depName=Weblate versioning=pep440
ENV WEBLATE_VERSION=5.16.2
LABEL name="Weblate"
LABEL version=$WEBLATE_VERSION
LABEL maintainer="Michal Čihař <michal@cihar.com>"
LABEL org.opencontainers.image.url="https://weblate.org/"
LABEL org.opencontainers.image.documentation="https://docs.weblate.org/en/latest/admin/install/docker.html"
LABEL org.opencontainers.image.source="https://github.com/WeblateOrg/docker"
LABEL org.opencontainers.image.version=$WEBLATE_VERSION
LABEL org.opencontainers.image.author="Michal Čihař <michal@weblate.org>"
LABEL org.opencontainers.image.vendor="Weblate"
LABEL org.opencontainers.image.title="Weblate"
LABEL org.opencontainers.image.description="A web-based continuous localization system with tight version control integration"
LABEL org.opencontainers.image.licenses="GPL-3.0-or-later"
# Increased start period for migrations run
HEALTHCHECK --interval=30s --timeout=3s --start-period=5m CMD /app/bin/health_check
# Use Docker specific settings
ENV DJANGO_SETTINGS_MODULE=weblate.settings_docker
# Copy built environment
COPY --from=build /app /app
# Configuration for Weblate, nginx and supervisor
COPY --link etc /etc/
# Customize Python:
# - Search path for custom modules
RUN \
echo "/app/data/python" > "/app/venv/lib/python${PYVERSION}/site-packages/weblate-docker.pth" && \
mkdir -p /app/data/python/customize && \
touch /app/data/python/customize/__init__.py && \
touch /app/data/python/customize/models.py && \
chown -R weblate:weblate /app/data/python
# Fix permissions and adjust files to be able to edit them as user on start
# - localtime is needed for setting system timezone based on environment
# - timezone is removed to avoid dpkg handling localtime updates
# - we generate nginx configuration based on environment
# - authorize passwd edition so we can fix weblate uid on startup
# - log, run and home directories
# - disable su for non root to avoid privilege escapation by changing /etc/passwd
RUN rm -f /etc/localtime /etc/timezone \
&& ln -s /tmp/localtime /etc/localtime \
&& chgrp -R 0 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home/weblate /etc/supervisor/conf.d \
&& chmod -R 770 /var/log/nginx/ /var/lib/nginx /app/data /app/cache /run /home /home/weblate /etc/supervisor/conf.d \
&& rm -f /etc/nginx/sites-available/default \
&& ln -s /tmp/nginx/weblate-site.conf /etc/nginx/sites-available/default \
&& rm -f /var/log/nginx/access.log /var/log/nginx/error.log \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& rm -rf /run/* \
&& chmod 664 /etc/passwd /etc/group \
&& sed -i '/pam_rootok.so/a auth requisite pam_deny.so' /etc/pam.d/su
# Entrypoint
COPY --link --chmod=0755 start health_check /app/bin/
EXPOSE 8080
VOLUME /app/data
VOLUME /app/cache
# Numerical value is needed for OpenShift S2I, see
# https://docs.openshift.com/container-platform/latest/openshift_images/create-images.html
USER 1000
ENTRYPOINT ["/app/bin/start"]
CMD ["runserver"]