Refactor Dockerfile

.github/workflows/checks.yml

@@ -9,6 +9,10 @@ jobs:
       - uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Export runner UID/GID
+        run: |
+          echo "USER_UID=$(id -u)" >> $GITHUB_ENV
+          echo "USER_GID=$(id -g)" >> $GITHUB_ENV
       - name: Check formatting
         run: docker compose run web make check-formatting
       - name: Check translations

.github/workflows/tests.yml

@@ -9,8 +9,12 @@ jobs:
       - uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Export runner UID/GID
+        run: |
+          echo "USER_UID=$(id -u)" >> $GITHUB_ENV
+          echo "USER_GID=$(id -g)" >> $GITHUB_ENV
       - name: Run Test
-        run: docker compose run web make test
+        run: docker compose run -v .:/app --rm web make test
       - name: Upload coverage
         uses: actions/upload-artifact@master
         with:

CONTRIBUTING.md

@@ -111,7 +111,7 @@ The class name is the convention for the word in texts, followed by how to write
 ### Django Shell
 
 ```sh
-docker compose exec web poetry run python manage.py shell_plus
+docker compose exec web python manage.py shell_plus
 ```
 
 ### LDAP
@@ -129,7 +129,7 @@ docker compose up -d openldap
 Then, run the tests.
 
 ```sh
-docker compose run --rm web poetry run pytest
+docker compose run --rm web pytest
 ```
 
 The `--rm` option will delete the temporary containers created to run the tests. Omit it if you want to keep the
@@ -145,8 +145,8 @@ secret
 To generate the translation files, first use "makemessages" and specify the language you want to generate:
 
 ```sh
-docker compose exec -w /app/tapir web poetry run python ../manage.py makemessages --no-wrap -l de
-docker compose run --rm -w /app web poetry run python manage.py makemessages --no-wrap -l de -d djangojs
+docker compose exec -w /app/tapir web python ../manage.py makemessages --no-wrap -l de
+docker compose run --rm -w /app web python manage.py makemessages --no-wrap -l de -d djangojs
 ```
 
 Update tapir/translations/locale/de/LC_MESSAGES/django.po with your translations.
@@ -180,7 +180,7 @@ All changes must be done in the docker container. Since our development environm
 docker container, you must run djangos makemigrations on docker. You can do this with this command:
 
 ```sh
-docker compose exec web poetry run python manage.py makemigrations
+docker compose exec web python manage.py makemigrations
 ```
 
 Please check the migration script. It might contain unwished changes. There seems to be a bug in ldpa migrations.
@@ -190,7 +190,7 @@ Please check the migration script. It might contain unwished changes. There seem
 Last step is to update the database. this is done with this command:
 
 ```sh
-docker compose exec web poetry run python manage.py migrate
+docker compose exec web python manage.py migrate
 ```
 
 Please check, if applications runs (again).

Makefile

@@ -1,17 +1,18 @@
 lint:
-	poetry run black .
+	black .
 
 check-formatting:
-	poetry run black --check .
+	black --check .
 
 test:
-	poetry run pytest --cov-report xml:coverage.xml --cov=tapir --cov-config=pyproject.toml
+	pytest --cov-report xml:coverage.xml --cov=tapir --cov-config=pyproject.toml
 
 check-translations:
+	ls -la /app
 	cp tapir/translations/locale/de/LC_MESSAGES/django.po tapir/translations/locale/de/LC_MESSAGES/django-old.po
-	cd tapir && poetry run python ../manage.py makemessages --no-wrap -l de
+	cd tapir && python ../manage.py makemessages --no-wrap -l de
 	git diff --ignore-matching-lines=POT-Creation-Date --exit-code --no-index tapir/translations/locale/de/LC_MESSAGES/django.po tapir/translations/locale/de/LC_MESSAGES/django-old.po
 	rm tapir/translations/locale/de/LC_MESSAGES/django-old.po
 
 check-migrations:
-	poetry run python manage.py makemigrations --check
+	python manage.py makemigrations --check

django.Dockerfile

@@ -1,18 +1,84 @@
-FROM python:3.13
-ENV PYTHONUNBUFFERED=1
+# syntax=docker/dockerfile:1
+ARG USER_UID
+ARG USER_GID
+
+
+FROM python:3.13-slim AS build
+ARG DEV=false
+ENV POETRY_VERSION=2.2.1 \
+    PYTHONUNBUFFERED=1 \
+    # prevents python creating .pyc files
+    PYTHONDONTWRITEBYTECODE=1 \
+    PIP_NO_CACHE_DIR=off \
+    PIP_DISABLE_PIP_VERSION_CHECK=on \
+    PIP_DEFAULT_TIMEOUT=100 \
+    # make poetry install to this location
+    POETRY_HOME="/opt/poetry" \
+    # make poetry create the virtual environment in the project's root
+    # it gets named `.venv`
+    POETRY_VIRTUALENVS_IN_PROJECT=true \
+    # do not ask any interactive question
+    POETRY_NO_INTERACTION=1 \
+    # this is where our requirements + virtual environment will live
+    PYSETUP_PATH="/opt/pysetup" \
+    VENV_PATH="/opt/pysetup/.venv"
+
+ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
+
+
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+    build-essential curl \
+    # psycopg2 dependencies
+    libpq-dev \
+    # Translations dependencies
+    gettext \
+    # LDAP dependencies
+    libldap2-dev  libsasl2-dev  \
+    # cleaning up unused files
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -sS https://install.python-poetry.org | POETRY_HOME=$POETRY_HOME python3 - && \
+    ln -s $POETRY_HOME/bin/poetry /usr/local/bin/poetry
+
+WORKDIR $PYSETUP_PATH
+
+COPY poetry.lock pyproject.toml ./
+
+RUN if [ "$DEV" = "true" ]; then \
+      poetry install --with dev --no-root; \
+    else \
+      poetry install --without dev --no-root; \
+    fi
+
+
+FROM python:3.13-slim AS runtime
+ARG USERNAME=nonroot
 ARG ARG_VERSION
+ARG USER_UID
+ARG USER_GID
 ENV TAPIR_VERSION=${ARG_VERSION}
+ENV VENV_PATH="/opt/pysetup/.venv" \
+    PATH="/opt/pysetup/.venv/bin:$PATH"
+
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y libpq-dev gettext libldap2-dev libsasl2-dev  \
+    libpango-1.0-0 libpangoft2-1.0-0 libharfbuzz-subset0 \
+    make git \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd --gid $USER_GID $USERNAME && \
+    useradd --uid $USER_UID --gid $USER_GID -m $USERNAME
+
 WORKDIR /app
-COPY . /app
-
-RUN apt-get update -y  \
-    && apt-get --no-install-recommends install -y  \
-        gettext  \
-        libldap2-dev  \
-        libsasl2-dev  \
-        postgresql-client  \
-        postgresql-client-common \
-    && rm -rf /var/lib/apt/lists/*  \
-    && pip install poetry  \
-    && poetry install  \
-    && poetry run python manage.py compilemessages
+
+COPY --from=build /opt/pysetup/.venv /opt/pysetup/.venv
+COPY --from=build /opt/pysetup/ ./
+
+COPY tapir /app/tapir
+COPY manage.py /app/manage.py
+COPY Makefile /app/Makefile
+
+RUN python manage.py compilemessages
+
+USER $USERNAME

docker-compose.yml

@@ -16,14 +16,17 @@ services:
   web:
     build:
       context: .
-      args:
-          ARG_VERSION: ""
       dockerfile: ./django.Dockerfile
-    command: bash -c "poetry install &&
-                      poetry run python manage.py compilemessages --ignore \".venv\" &&
-                      poetry run python manage.py runserver_plus 0.0.0.0:80"
+      args:
+        DEV: true
+        ARG_VERSION: ""
+        USER_UID: ${USER_UID:-1000}
+        USER_GID: ${USER_GID:-1000}
+    command: bash -c "python manage.py runserver_plus 0.0.0.0:80"
     volumes:
-      - .:/app
+      - ./tapir:/app/tapir
+      - ./manage.py:/app/manage.py
+      - ./Makefile:/app/Makefile
     environment:
       VIRTUAL_HOST: localhost
       DEBUG: 1
@@ -69,17 +72,15 @@ services:
   celery:
     extends:
       service: web
-    command: bash -c "poetry install &&
-                      poetry run celery -A tapir worker -l info"
+    command: bash -c "celery -A tapir worker -l info"
     depends_on:
       - redis
 
   celery-beat:
     extends:
       service: web
     # --schedule to avoid polluting the app directory
-    command: bash -c "poetry install &&
-                      poetry run celery -A tapir beat -l info --schedule /tmp/celerybeat-schedule"
+    command: bash -c "celery -A tapir beat -l info --schedule /tmp/celerybeat-schedule"
     depends_on:
       - redis