0
0
mirror of https://github.com/PostHog/posthog.git synced 2024-12-01 12:21:02 +01:00
posthog/production.Dockerfile

131 lines
3.8 KiB
Docker
Raw Normal View History

#
2021-09-17 09:22:12 +02:00
# This Dockerfile is used for self-hosted production builds.
#
# Note: for 'posthog/posthog-cloud' remember to update 'prod.web.Dockerfile' as appropriate
#
FROM python:3.8-alpine3.14
ENV PYTHONUNBUFFERED 1
WORKDIR /code
# Install OS dependencies needed to run PostHog
#
# Note: please add in this section runtime dependences only.
# If you temporary need a package to build a Python or npm
# dependency take a look at the sections below.
RUN apk --update --no-cache add \
"bash~=5.1" \
"g++~=10.3" \
"gcc~=10.3" \
"libpq~=13" \
"libxml2-dev~=2.9" \
"libxslt~=1.1" \
"libxslt-dev~=1.1" \
"make~=4.3" \
"nodejs~=14" \
"npm~=7" \
&& npm install -g yarn@1
# Install SAML dependencies
#
# Notes:
#
# - please add in this section runtime dependences only.
# If you temporary need a package to build a Python or npm
# dependency take a look at the sections below.
#
# - we would like to include those dependencies + 'python3-saml'
# directly in the requirements.txt file but due to our CI/CD
# setup this is currently not possible. More context at:
# https://github.com/PostHog/posthog/pull/5870
# https://github.com/PostHog/posthog/pull/6575#discussion_r733457836
# https://github.com/PostHog/posthog/pull/6607
#
RUN apk --update --no-cache add \
"libxml2-dev~=2.9" \
"xmlsec~=1.2" \
"xmlsec-dev~=1.2" \
&& \
pip install python3-saml==1.12.0 --compile --no-cache-dir
Personal API keys and Zapier integration (#1281) * Add missing migration * Add generate_random_token() model util * Move PublicTokenAuthentication to utils * Make use of generate_random_token * Add User.personal_access_token field * Add PersonalAccessTokenAuthentication * Fix PublicTokenAuthentication * Fix migration and auth import * Add personal_access_token to user API * Update Setup.js * Support trailing slash in API * Improve PAT auth quality * Add django-rest-hooks requirement * Update settings.py for rest_hooks * Fix django-rest-hooks requirement * Bring back API routes with no double trailing slash * Rename posthog.api.team to team_user * Add API TODO * Ad PAT auth with X-PAT HTTP header * Replace User.personal_access_token with PersonalAPIKey model * Fix PersonalAPIKey max_lengths * Describe posthog.models.utils.generate_random_token better * Add personal_api_key to API * Add authenticate_header to PersonalAPIKeyAuthentication * Add hook API endpoint * Use django.utils.timezone in place of datetime.datetime * Add Personal API Keys to Setup * Sort personal_api_keys in ORM * Add Action.on_perform() * Remove requirements.txt comment * Add a * Add REST hook tasks * Optimize PersonalAPIKeyAuthentication query * Add a trailing slash version of /e endpoint * Add team field to PersonalAPIKey model * Add personal API key support to capture endpoint, get_cached_from_token * Reject personal API keys from inactive users * Add extra_properties_json field to /capture * Improve PAK auth header regex * Use custom hook model * Deliver hooks * Handle action.on_perform * Consolidate userLogic in userLogic.tsx * Update PersonalAPIKeys.js * Make PersonalAPIKey foreign keys read-only * Update requirements/dev.txt * Make PersonalAPIKeys TSX * Fix conflict * Fix migration * Fix minor mishaps * Update and fix tests * Use CharField of random 32 bits as hook.id * Fix conflicting migrations * Fix ValidationError in HookSerializer.validate_event * Use query param in /api/event/actions ID filtering * Rename endpoint `hook` to `hooks` * Satisfy mypy * Add tests * Use DRF serialization in action_defined and annotation_created triggers * Update migration leafs * Make mypy ignore rest_hooks * Update Django signal receiver names * Update TS dependencies * Revert "Update TS dependencies" This reverts commit 7fc26fefcdc16e630e1c8fd2c510fd323d97169f. * Add field user to Hook model * Update migration leafs * Fix circular import * Fix some code * Install git before running pip install in Dockerfiles * Improve personal API keys UI * Satisfy mypy * Reword key label placeholder * Add personal API key support to /api/user/* Unfortunately these endpoints are still limited by CSRF protections at the moment, so not accessible outside PostHog itself. * Improve PersonalAPIKeyAuthentication and add CsrfOrKeyViewMiddleware * Run collectstatic before test * Don't install dev dependencies in CI * Update dependency installation order in CI * Fix bug and describe PersonalAPIKeyAuthentication * Fix CI issues * Fix typing issues * Fix more typing issues * Use /api/personal_api_keys to list keys * Move REST hooks (and therefore Zapier) to ee/ * Refactor personal API logic with kea-loaders * Add "More about API authentication in PostHog docs." * Update PersonalAPIKeys.tsx * Use TestMixin * Fix "Authentication" that should've been "Authorization" * Add option to skip self.client.force_login in API tests * Include team_id and user_id in personal API key serialization * Update test_hooks.py * Add personal API key tests * Remove leftover * Make ee.settings override posthog.settings * Don't directly import from models * Remove unused imports * Fix mypy issues * Fix HOOK_DELIVERER * Use decorator for /api/user PAK auth * Don't fire REST hook if user doesn't have "zapier" feature * Import Optional * Reword to "premium Zapier" * Make mypy happy * Fix test_delete_personal_api_key * Fix misclick * Fix and test /capture with personal API key * Make mypy happy * Remove extra_properties_json * Resolve migrations * Remove apt-utils * Optimize and test PAK user.is_active filtering * Replace DEBUG true with 1 * Remove unused instance_id * Improve typing * Fix deletion toast * Refactor CopyToClipboard and use it in PAKs * Use toast.success * Update migrations * Fix migration * Fix migrations * Complete merge Co-authored-by: Tim Glaser <tim@glsr.nl>
2020-08-26 10:34:57 +02:00
# Compile and install Python dependencies.
#
# Notes:
#
# - we explicitly COPY the files so that we don't need to rebuild
# the container every time a dependency changes
#
# - we need few additional OS packages for this. Let's install
# and then uninstall them when the compilation is completed.
COPY requirements.txt ./
RUN apk --update --no-cache --virtual .build-deps add \
"cargo~=1.52" \
"git~=2" \
"libffi-dev~=3.3" \
"postgresql-dev~=13" \
&& \
pip install -r requirements.txt --compile --no-cache-dir \
&& \
apk del .build-deps
2020-04-02 00:46:29 +02:00
# Compile and install Yarn dependencies.
#
# Notes:
#
# - we explicitly COPY the files so that we don't need to rebuild
# the container every time a dependency changes
#
# - we need few additional OS packages for this. Let's install
# and then uninstall them when the compilation is completed.
COPY package.json yarn.lock ./
COPY ./plugin-server/ ./plugin-server/
RUN apk --update --no-cache --virtual .build-deps add \
"gcc~=10.3" \
&& \
yarn config set network-timeout 300000 && \
yarn install --frozen-lockfile && \
yarn install --frozen-lockfile --cwd plugin-server && \
yarn cache clean \
&& \
apk del .build-deps
2021-09-17 09:22:12 +02:00
# Copy everything else
COPY . .
2021-09-17 09:22:12 +02:00
# Build the plugin server
#
# Note: we run the build as a separate actions to increase
# the cache hit ratio of the layers above.
# symlink musl -> ld-linux is required for re2 compat on alpine
RUN cd plugin-server \
&& ln -s /lib/ld-musl-x86_64.so.1 /lib/ld-linux-x86-64.so.2 \
&& yarn build \
&& yarn cache clean \
&& cd ..
# Build the frontend
#
# Note: we run the build as a separate actions to increase
# the cache hit ratio of the layers above.
RUN yarn build && \
yarn cache clean && \
rm -rf ./node_modules
2021-09-17 09:22:12 +02:00
# Generate Django's static files
RUN SKIP_SERVICE_VERSION_REQUIREMENTS=1 SECRET_KEY='unsafe secret key for collectstatic only' DATABASE_URL='postgres:///' REDIS_URL='redis:///' python manage.py collectstatic --noinput
# Add a dedicated 'posthog' user and group, move files into its home dir and set the
# proper file permissions. This alleviates compliance issue for not running a
# container as 'root'
RUN addgroup -S posthog && \
adduser -S posthog -G posthog && \
mv /code /home/posthog && \
chown -R posthog:1000 /home/posthog/code
WORKDIR /home/posthog/code
USER posthog
# Expose container port and run entry point script
EXPOSE 8000
CMD ["./bin/docker"]