chore: improvements to Dockerfile and devcontainer (#34)

* chore: improvements to Dockerfile and devcontainer

* fixed isseus with scripts

* parametrize user and project name in devcontainers

* fixed wrong path for zsh history

* added project name note to readme

* restored cache volume & fixed issue with missing source commandhistory

Author: m-revetria

.devcontainer/.env.example

@@ -1,5 +1,5 @@
 alias format='scripts/format.sh'
 alias makemigrations='scripts/makemigrations.sh'
 alias migrate='scripts/migrate.sh'
-alias shell='python src/helpers/shell.py'
+alias shell='poetry run python src/helpers/shell.py'
 alias test='pytest src'

.devcontainer/Dockerfile

@@ -0,0 +1,15 @@
+#!/usr/bin/bash
+
+# Run commands to setup the devcontainer when it was just created.
+
+set -xeo pipefail
+
+export HISTFILE_FOLDER=~/.commandhistory
+mkdir -p ${HISTFILE_FOLDER}
+
+export HISTFILE="${HISTFILE_FOLDER}/.zsh_history"
+
+SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=${HISTFILE}"
+sed -i "1 i\\$SNIPPET" ~/.zshrc
+
+cat .devcontainer/aliases-devcontainer >> ~/.zshrc

.devcontainer/aliases-devcontainer

@@ -1,6 +1,5 @@
 #!/usr/bin/bash
 
-
 # Run start commads such as poetry install to keep dependecies updates and in sync with your lock file.
 
 set -xeo pipefail

.devcontainer/commandhistory/.gitkeep

@@ -6,11 +6,19 @@
     "devcontainer",
     "postgres"
   ],
-  "workspaceFolder": "/workspace",
+  "workspaceFolder": "/opt/app/${localEnv:PROJECT_NAME:python-template}",
   "containerEnv": {
-    "PYTHONPATH": "/workspace",
+    "PROJECT": "${localEnv:PROJECT_NAME:python-template}",
     "USER": "${localEnv:USER}"
   },
+  "features": {
+    "ghcr.io/devcontainers/features/git:1": {},
+    "ghcr.io/devcontainers/features/sshd:1": {},
+    "ghcr.io/nils-geistmann/devcontainers-features/zsh:0": {
+      "plugins": "git"
+    }
+  },
+  "remoteUser": "${localEnv:USER}",
   "customizations": {
     "vscode": {
       "extensions": [
@@ -19,7 +27,8 @@
         "ms-python.flake8",
         "ms-python.isort",
         "ms-python.python",
-        "ms-python.mypy-type-checker"
+        "ms-python.mypy-type-checker",
+        "tamasfe.even-better-toml"
       ],
       "settings": {
         "editor.formatOnSave": true,
@@ -41,8 +50,8 @@
     ],
     "unwantedRecommendations": []
   },
-  "postCreateCommand": "cat /workspace/.devcontainer/aliases-devcontainer >> ~/.bashrc",
-  "postStartCommand": "/workspace/.devcontainer/devcontainer-start.sh",
+  "postCreateCommand": "/opt/app/${localEnv:PROJECT_NAME:python-template}/.devcontainer/devcontainer-create.sh",
+  "postStartCommand": "/opt/app/${localEnv:PROJECT_NAME:python-template}/.devcontainer/devcontainer-start.sh",
   "forwardPorts": [
     // Backend API:
     //   localhost:8000 for accessing on your host

.devcontainer/devcontainer-create.sh

@@ -1,17 +1,24 @@
 services:
   devcontainer:
-    command: sleep infinity
-    build: .
+    build:
+      context: ../
+      target: devcontainer
+      args:
+        PROJECT_NAME: ${PROJECT_NAME:-python-template}
+        USER: ${USER}
     ports:
       - '8000:8000'
     volumes:
       - source: ..
-        target: /workspace
+        target: /opt/app/${PROJECT_NAME:-python-template}
+        type: bind
+      - source: ./commandhistory
+        target: /home/${USER}/.commandhistory
         type: bind
       - source: cache
-        target: /root/.cache
+        target: /home/${USER}/.cache
         type: volume
-    env_file: .env
+    env_file: ../.env
 
   postgres:
     image: postgres:16

.devcontainer/devcontainer-start.sh

@@ -1,5 +1,8 @@
 # repo and project folders
+.devcontainer
+.docs
 .git
+.github
 .gitignore
 .gitmodules
 .idea
@@ -11,6 +14,8 @@ Dockerfile
 docker-compose.yaml
 
 # python related
+.mypy_cache
+.pytest_cache
 *.pyc
 *.pyo
 *.pyd

.devcontainer/devcontainer.json

@@ -0,0 +1,9 @@
+# The name of the project will be used to build the final docker image and has to 
+# be exactly the same as project.name as defined in pyproject.toml
+PROJECT_NAME="python-template"
+
+DATABASE_URL=postgresql://dev:dev@postgres:5432/dev
+LOG_LEVEL=DEBUG
+SERVER_URL=example.com
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+JWT_SIGNING_KEY=

.devcontainer/docker-compose.yaml

@@ -21,6 +21,15 @@ var/
 .installed.cfg
 *.egg
 
-.env
+# Other Python related stuff
+.venv
 logs/*
 .ptpython-history
+.mypy_cache
+.pytest_cache
+
+.devcontainer/commandhistory
+!.devcontainer/commandhistory/.gitkeep
+.env
+# Just for those who use nushell
+.env.nu

.dockerignore

@@ -0,0 +1,15 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Debug Server",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "src.main",
+            "cwd": "${workspaceFolder}"
+        }
+    ]
+}

.env.example

@@ -1,25 +1,99 @@
-FROM python:3.13-slim
+# ----
+# Base image install all the tools needed to build the project
+FROM python:3.13-slim-bookworm AS base
 
-RUN apt-get update && apt-get install -y curl libpq-dev gcc
+ARG PROJECT_NAME=python-template
+ARG USER=appuser
 
-# Install poetry dependency manager
-ENV POETRY_HOME="/usr/local" \
-    POETRY_NO_INTERACTION=1 \
-    POETRY_VIRTUALENVS_CREATE=false \
-    POETRY_VERSION=1.8.3
+ENV RUNTIME_PACKAGES=libpq-dev
+# These packages will be deleted from the final image, after the application is packaged
+ENV BUILD_PACKAGES=gcc
 
-RUN curl -sSL https://install.python-poetry.org | python3 -
+RUN apt-get update \
+    && apt-get install -y ${BUILD_PACKAGES} ${RUNTIME_PACKAGES} \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-COPY poetry.lock pyproject.toml /backend/
+RUN mkdir -p /opt/app/${PROJECT_NAME}
 
-WORKDIR /backend
+# Never run as root and prefer fixed IDs above 10000 to prevent conflicts with host users.
+RUN groupadd -g 10001 ${USER} \
+    && useradd -u 10000 -g ${USER} --create-home ${USER} \
+    && chown -R ${USER}:${USER} /opt/app
 
-RUN poetry install --no-ansi --no-root && \
-    # clean up installation caches
-    yes | poetry cache clear . --all
+USER ${USER}
 
-COPY . .
+ENV POETRY_HOME="/home/${USER}/.local/share/pypoetry"
+ENV POETRY_NO_INTERACTION=1
+ENV POETRY_VERSION=2.0.1
 
-ENV PYTHONPATH=/backend
+# Poetry is installed in user's home directory, which is not in PATH by default.
+ENV PATH="$PATH:/home/${USER}/.local/bin"
+ENV PYTHONPATH=/opt/app/${PROJECT_NAME}
 
-CMD ["uvicorn", "src.main:app", "--reload", "--host", "0.0.0.0", "--port", "8000"]
+RUN pip install --upgrade pip \
+    && pip install --user poetry==${POETRY_VERSION}
+
+WORKDIR /opt/app/${PROJECT_NAME}
+COPY --chown=${USER}:${USER} . .
+
+RUN poetry install --no-root --without dev \
+    # clean up installation caches and artifacts
+    && yes | poetry cache clear . --all
+
+
+# ----
+# Devcontainer adds extra tools for development
+FROM base AS devcontainer
+
+USER root
+
+# Add any other tool usefull during development to the following list, this won't be included
+# in the deployment image.
+ENV DEV_TOOLS="sudo curl nano"
+RUN apt-get update \
+    && apt-get install -y ${DEV_TOOLS}
+
+# To run chsh without password
+RUN echo "auth       sufficient   pam_shells.so" > /etc/pam.d/chsh
+
+# Adding sudo in development stage is fine – it's like leaving your front door open during construction.
+# Move this to production, and we’ll personally revoke your coffee privileges
+RUN adduser ${USER} sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+USER ${USER}
+
+RUN mkdir -p /home/${USER}/.cache
+RUN poetry install --no-root --all-groups
+
+CMD ["sleep", "infinity"]
+
+# ----
+# Builder will package the app for deployment
+FROM base AS builder
+
+RUN poetry check \
+    && poetry build --format wheel
+
+# ----
+# Deployment stage to run in cloud environments. This must be the last stage, which is used to run the application by default
+FROM base AS deployment
+
+# root is needed to remove build dependencies
+USER root
+RUN apt-get purge -y ${BUILD_PACKAGES} \
+    && apt-get autoremove -y \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+USER ${USER}
+
+# TODO(remer): wheel version has to match what is set in pyproject.toml
+COPY --from=builder /opt/app/${PROJECT_NAME}/dist/python_template-0.1.0-py3-none-any.whl /opt/app/${PROJECT_NAME}/dist/python_template-0.1.0-py3-none-any.whl
+
+RUN poetry run pip install --no-deps dist/python_template-0.1.0-py3-none-any.whl
+
+EXPOSE 8000
+
+ENTRYPOINT  ["poetry", "run", "python", "-m", "uvicorn", "src.main:app"]
+
+CMD ["--host", "0.0.0.0", "--port", "8000"]

.gitignore

@@ -10,7 +10,7 @@
 
 ## Project setup
 
-The only things you need are [Docker](https://docs.docker.com/engine/install/), [Docker Compose](https://docs.docker.com/compose/install/), and a code editor with devcontainer support like [Visual Studio Code](https://code.visualstudio.com/download). Once you open the template with VS Code, it will recommend that you install the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) if you don’t have it already. Then, a pop-up will appear to reopen the template in the devcontainer, or you can use `Ctrl / Cmd + shift + P` -> `Dev Containers: Open Folder in Container…`. Remember to add the `.env` file; you can use `.env.example` as a reference.
+The only things you need are [Docker](https://docs.docker.com/engine/install/), [Docker Compose](https://docs.docker.com/compose/install/), and a code editor with devcontainer support like [Visual Studio Code](https://code.visualstudio.com/download). Once you open the template with VS Code, it will recommend that you install the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) if you don’t have it already. Then, a pop-up will appear to reopen the template in the devcontainer, or you can use `Ctrl / Cmd + shift + P` -> `Dev Containers: Open Folder in Container…`. Remember to add the `.env` file at the root folder; you can use `.env.example` as a reference.
 
 And that's it, everything is ready to use. By using the VS Code terminal with `Ctrl / Cmd + J`, you'll be inside the container to run any command or start the server with `uvicorn src.main:app --reload --host 0.0.0.0 --port 8000`.
 
@@ -26,6 +26,18 @@ Alternatively, you must have:
 - [Poetry](https://python-poetry.org/docs/#installation) (don't forget to install the dependencies from the lock file)
 - [PostgreSQL](https://www.postgresql.org/) database, setting the corresponding environment variables for the database connection.
 
+### Customization
+
+The project's name (`python-template`) can be edited following next steps:
+
+1. Edit project's name in the [pyproject.toml](pyproject.toml) file
+2. Set `PROJECT_NAME` env variable to be exactly the same as project's name in pyproject.toml. Ensure VSCode has this
+variable loaded, otherwise the dev container might fail or not work as expected. You can open VScode with from cmd with:
+
+```bash
+PROJECT_NAME=your-awesome-project code <path/to/repo>
+```
+
 
 ## Migrations