FROM gcr.io/google-containers/debian-base-amd64:0.2 as runtime

ENV PATH /usr/local/bin:$PATH

ENV LANG C.UTF-8

COPY ./init-functions /lib/lsb/

RUN set -ex \

&& apt-mark unhold apt gnupg libcap2 libsemanage1 passwd libbz2-1.0\

&& runDeps='curl gnupg libsqlite3-0 zlib1g libexpat1 bash tcpdump procps less binutils libbz2-1.0 netcat-openbsd' \

&& apt-get -qq update; apt-get install -y $runDeps \

&& find /usr -type f -name "*.so" -exec strip --strip-unneeded {} + \

&& apt-get remove binutils --purge -y -qq \

&& find /var/lib/apt/lists \

/usr/share/man \

/usr/share/doc \

/var/log \

-type f -exec rm -f {} + \

&& rm -rf /root/.gnupg \

&& mkdir -p /root/.gnupg \

&& chmod 700 /root/.gnupg

LABEL stage RUNTIME

FROM runtime as build-setup

ADD gnupg/pubring.gpg gnupg/trustdb.gpg /root/.gnupg/

RUN set -ex \

&& mkdir -p /root/.gnupg \

&& chmod 700 /root/.gnupg \

&& buildDeps='libsqlite3-dev zlib1g-dev libexpat1-dev libssl-dev xz-utils dpkg-dev binutils libbz2-dev libreadline-dev' \

&& apt-get -qq update; apt-get -qq -y install ${buildDeps}

ARG PYTHON_VERSION

RUN curl -L -o /python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \

&& curl -L -o /python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \

&& gpg --keyserver ha.pool.sks-keyservers.net --refresh-keys 2>&1 | egrep -v 'requesting key|not changed' \

&& gpg --batch --verify /python.tar.xz.asc /python.tar.xz \

&& mkdir -p /usr/src/python \

&& tar -xJC /usr/src/python --strip-components=1 -f /python.tar.xz

LABEL stage BUILD-SETUP

LABEL version ${PYTHON_VERSION}

FROM build-setup as builder

ARG BUILD_ARGS

ARG PYTHON_VERSION

ENV LANG C.UTF-8

RUN set -ex \

&& cd /usr/src/python \

&& gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \

&& [ $(( ` echo $PYTHON_VERSION | cut -d"." -f1 ` )) -lt 3 ] && BUILD_ARGS="" \

; ./configure \

--build="$gnuArch" \

--enable-loadable-sqlite-extensions \

--enable-shared \

--with-system-expat \

--with-system-ffi \

--without-ensurepip ${BUILD_ARGS} \

&& make -j $(( 1 * $( egrep '^processor[[:space:]]+:' /proc/cpuinfo | wc -l ) )) \

&& make install

RUN set -ex \

find /usr/local -type f -name "*.so" -exec strip --strip-unneeded {} + \

& ldconfig \

& find /usr/local -depth \

\( \

\( -type d -a \( -name test -o -name tests -o -name __pycache__ \) \) \

-o \

\( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \

-o \

\( -name "idle*" \) \

\) -exec rm -rf '{}' + \

&& find /var/lib/apt/lists \

/usr/share/man \

/usr/share/doc \

/var/log \

-type f -exec rm -f {} +

RUN ["/bin/bash", "-c", "if [[ $( echo ${PYTHON_VERSION} | cut -d'.' -f1 ) == '3' ]]; then cd /usr/local/bin && ln -sf pydoc3 pydoc && ln -sf python3 python && ln -sf python3-config python-config; fi"]

LABEL stage BUILDER

LABEL version ${PYTHON_VERSION}

FROM builder as post-build

ENV PYTHON_PIP_VERSION 9.0.1

COPY ./ipython_config.py /

RUN set -ex; ldconfig

RUN set -ex; curl -sL -o get-pip.py 'https://bootstrap.pypa.io/get-pip.py';

RUN set -ex; python get-pip.py \

--disable-pip-version-check \

--no-cache-dir \

"pip==$PYTHON_PIP_VERSION"; pip --version

RUN mkdir -p $HOME/.ipython/profile_default ;

RUN mv ipython_config.py $HOME/.ipython/profile_default/. ;

RUN pip install 'ipython<6' ipdb

RUN set -ex; \

find /usr/local -depth \

\( \

\( -type d -a \( -name test -o -name tests -o -name __pycache__ \) \) \

-o \

\( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name '*.exe' \) \) \

\) -exec rm -rf '{}' +;

ARG PYTHON_VERSION

LABEL stage POST-BUILD

LABEL version ${PYTHON_VERSION}

FROM runtime

COPY --from=post-build /usr/local /usr/local

COPY --from=post-build /root /root

RUN /sbin/ldconfig

LABEL stage FINAL

ARG PYTHON_VERSION

LABEL version ${PYTHON_VERSION}

CMD ["ipython"]

.PHONY: image push-image build-image optimal

include .version

PYTHON_VERSION ?= 3.6.2

FUCKOFF = ${MAJOR_VERSION}

TAG = ${PYTHON_VERSION}-wee

IMAGE_TAG = ${IMAGE}:${TAG}

BUILD_ARGS =

ifdef PKG_PROXY

PROXY_ARGS := --build-arg=http_proxy=${PKG_PROXY} --build-arg=https_proxy=${PKG_PROXY}

else

PROXY_ARGS :=

ifdef PIP_PROXY_HOST

PIP_PROXY_ARGS := --add-host=pypi.python.org=${PIP_PROXY_HOST}

else

PIP_PROXY_ARGS :=

ifdef OPTIMAL

BUILD_ARGS += --enable-optimizations

TAG := ${TAG}-optimized

ifdef LTO

BUILD_ARGS += --with-lto

TAG := ${TAG}-lto

build-image:

@echo building ${IMAGE_TAG}

@docker build ${PROXY_ARGS} --build-arg=PYTHON_VERSION=${PYTHON_VERSION} --build-arg=BUILD_ARGS="${BUILD_ARGS}" -t ${IMAGE_TAG} --compress .

push-image:

@echo pushing ${IMAGE_TAG}

@docker push ${IMAGE_TAG}

image: build-image push-image

*NOTE*: This README isn't 100% accurate and up to date, we will fix it in the near future. Busy at a conference this weekend.

The main image variety is too big when the user is operating in a context

that involves multiple private registries.

It’s base layer is an Ubuntu image (with a few exceptions, this

provides an as-installed-by-Ubuntu environment) which is, essentially, what

one gets with a base minimal install of Ubuntu 16.04.

The [alpine](https://alpinelinux.org/) images are delightfully wee. But, alas,

[musl](https://www.musl-libc.org/). It is awesome. I mean, it *exists*. If you

don’t have build problems with your modules that have a C or C++ component,

use it. It is small, fast and well vetted.

**Note**: There are workarounds for *some* of the more common non-pure-python

module build failures but usually involve much shenaniganry that I have neither the time

nor inclination to pursue.

The **slim** images are similar to the ubuntu images. Rather than an Ubuntu base

image, they use a Debian 8 base.

| REPOSITORY | TAG | SIZE |

| ----------- | ---------------------- | ----- |

| python | 3.6.3 | 690MB |

| python | 3.6-slim | 201MB |

| python | 3.6.3-alpine | 89MB |

| registry.gitlab.com/revsys/docker-builds/python | 3.6.3-wee | 153MB |

We settled on a Debian 8 image provided by google’s GCE service. It is smaller

by way of excluding systemd-related bits while building the initial bootstrap

chroot.

The resulting images are smaller than -slim but larger than alpine.

Three builds are available per Python version:

* :wee - stock build without compile or link-time optimizations enabled

* :wee-optimized - build with profile-guided optimization flag

* :wee-optimized-lto - build with PGO + Link-Time-Optimization flags

| REPOSITORY | TAG | SIZE |

| ----------- | ---------------------- | ----- |

| revolutionsystems/python | 3.5.3-wee-optimized-lto | 164MB |

| revolutionsystems/python | 3.5.3-wee-optimized | 164MB |

| revolutionsystems/python | 3.5.3-wee | 158MB |

The registry is included from <gitroot>/.versions

make targets:

* build-image: docker build...

* push-image: docker push ...

* image: runs build-image then push-image

The build arguments have stayed fairly consistent at least since Python 2.6.

The build will not fail if the Python 3-specific environment variables remain

set; however, the image will get a misleading tag. For Python 2 builds, use:

Build times are radically reduced by using a local proxy. You can find an

example squid 3/4 configuration in ./examples.

After setting the `cache_dir` path the command, `squid -f /path/to/config -N -z`

to initialize the cache filesystem storage.

To kick off the cache service: `squid -f /path/to/config -N -a 3128`.

Once the proxy is running, set the environment variable `export PKG_PROXY=http://10.129.1.1:3128`.

Docker transparently passes the `HTTP_PROXY` and `HTTPS_PROXY` environment variables

into each build container if they are configured with the `--build-args` flag.

The transparency is significant in that whether or not your build is leveraging

a proxy will not affect the validity of the build host’s cache.