lukehinds/Dockerfile

## docker-compose.yml
services:
  postgres:
    image: postgres
    profiles: ["dev", "prod"]
    ports:
      - "5432:5432"
    environment:
      POSTGRES_DB: monocle
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 10

  flyway:
    image: flyway/flyway
    profiles: ["dev", "prod"]
    command: -url=jdbc:postgresql://postgres:5432/monocle -user=postgres -password=postgres migrate
    volumes:
      - ./database/migrations:/flyway/sql
      - ./utils/wait-for-it.sh:/wait-for-it.sh
    depends_on:
      postgres:
        condition: service_healthy
    entrypoint: ["/wait-for-it.sh", "postgres:5432", "--", "flyway", "migrate"]

  localstack:
    container_name: localstack
    image: localstack/localstack
    profiles: ["dev"]
    ports:
      - "4566:4566"
      - '4510-4559:4510-4559'
    environment:
      - SERVICES=sns,sqs
      - DEBUG=1
      - DOCKER_HOST=unix:///var/run/docker.sock
      - HOSTNAME_EXTERNAL=localstack
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-f",
          "http://localhost:4566/_localstack/health"
        ]
      interval: 30s
      timeout: 20s
      retries: 20
      start_period: 10s
    volumes:
      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
      - ./devcontainer/localstack:/docker-entrypoint-initaws.d

  monocle:
    container_name: monocle
    profiles: ["prod"]
    image: monocle:latest
    entrypoint: ["/bin/bash", "-c", "python3 monocle/main.py"]
    tmpfs:
      - /tmp
    environment:
      - GITHUB_TOKEN=${GITHUB_TOKEN}
    ports:
      - "8000:8000"
      - "9090:9090"
    depends_on:
      postgres:
        condition: service_healthy

  sqs_consumer:
    container_name: sqs_consumer
    profiles: ["prod"]
    image: monocle:latest
    entrypoint: ["/bin/bash", "-c", "python3 monocle/sqs_consumer.py"]
    tmpfs:
      - /tmp
    environment:
      - GITHUB_TOKEN=${GITHUB_TOKEN}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-test}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-test}
      - AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-test}
      - AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
    depends_on:
      postgres:
        condition: service_healthy
      localstack:
        condition: service_healthy

  monocle-dev:
    tty: true
    profiles: ["dev"]
    build:
      context: .
      dockerfile: Dockerfile

    tmpfs:
      - /tmp
    depends_on:
      postgres:
        condition: service_healthy
      localstack:
        condition: service_healthy

  sqs_consumer-dev:
    profiles: ["dev"]
    container_name: sqs_consumer-dev
    image: monocle:latest
    entrypoint: ["/bin/bash", "-c", "python3 monocle/sqs_consumer.py"]
    tmpfs:
      - /tmp
    environment:
      - GITHUB_TOKEN=${GITHUB_TOKEN}
      - AWS_ENDPOINT_URL=http://localstack:4566
      - AWS_DEFAULT_REGION=us-east-1
      - AWS_ACCESS_KEY_ID=test
      - AWS_SECRET_ACCESS_KEY=test
      - AWS_SESSION_TOKEN=test
    depends_on:
      postgres:
        condition: service_healthy
      localstack:
        condition: service_healthy

volumes:
  postgres-data:

## Dockerfile
FROM index.docker.io/library/python:3.12-slim@sha256:d5f16749562233aa4bd26538771d76bf0dfd0a0ea7ea8771985e267451397ae4 AS base

RUN pip3 install --upgrade pip setuptools
COPY requirements.txt /
RUN pip3 install -r requirements.txt
ENV PYTHONPATH=/monocle
WORKDIR /app
COPY setup.py /app/
RUN mkdir /monocle && pip3 install . && adduser --system --no-create-home monocle --uid 1000

FROM base AS dev
COPY .monocle.env.docker /app/.monocle.env
COPY monocle/ /app/monocle
COPY analyzers/ /app/analyzers
COPY malicious_examples/ /app/malicious_examples
RUN mkdir /logs
RUN chown 1000:1000 /logs
RUN mkdir /EXTRACT_FOLDER
RUN chown 1000:1000 /EXTRACT_FOLDER
RUN mkdir /DOWNLOAD_FOLDER
RUN chown 1000:1000 /DOWNLOAD_FOLDER
USER 1000
	services:
	postgres:
	image: postgres
	profiles: ["dev", "prod"]
	ports:
	- "5432:5432"
	environment:
	POSTGRES_DB: monocle
	POSTGRES_USER: postgres
	POSTGRES_PASSWORD: postgres
	volumes:
	- postgres-data:/var/lib/postgresql/data
	healthcheck:
	test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
	interval: 10s
	timeout: 5s
	retries: 10

	flyway:
	image: flyway/flyway
	profiles: ["dev", "prod"]
	command: -url=jdbc:postgresql://postgres:5432/monocle -user=postgres -password=postgres migrate
	volumes:
	- ./database/migrations:/flyway/sql
	- ./utils/wait-for-it.sh:/wait-for-it.sh
	depends_on:
	postgres:
	condition: service_healthy
	entrypoint: ["/wait-for-it.sh", "postgres:5432", "--", "flyway", "migrate"]

	localstack:
	container_name: localstack
	image: localstack/localstack
	profiles: ["dev"]
	ports:
	- "4566:4566"
	- '4510-4559:4510-4559'
	environment:
	- SERVICES=sns,sqs
	- DEBUG=1
	- DOCKER_HOST=unix:///var/run/docker.sock
	- HOSTNAME_EXTERNAL=localstack
	healthcheck:
	test:
	[
	"CMD",
	"curl",
	"-f",
	"http://localhost:4566/_localstack/health"
	]
	interval: 30s
	timeout: 20s
	retries: 20
	start_period: 10s
	volumes:
	- "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
	- ./devcontainer/localstack:/docker-entrypoint-initaws.d

	monocle:
	container_name: monocle
	profiles: ["prod"]
	image: monocle:latest
	entrypoint: ["/bin/bash", "-c", "python3 monocle/main.py"]
	tmpfs:
	- /tmp
	environment:
	- GITHUB_TOKEN=${GITHUB_TOKEN}
	ports:
	- "8000:8000"
	- "9090:9090"
	depends_on:
	postgres:
	condition: service_healthy

	sqs_consumer:
	container_name: sqs_consumer
	profiles: ["prod"]
	image: monocle:latest
	entrypoint: ["/bin/bash", "-c", "python3 monocle/sqs_consumer.py"]
	tmpfs:
	- /tmp
	environment:
	- GITHUB_TOKEN=${GITHUB_TOKEN}
	- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-test}
	- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-test}
	- AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-test}
	- AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
	depends_on:
	postgres:
	condition: service_healthy
	localstack:
	condition: service_healthy

	monocle-dev:
	tty: true
	profiles: ["dev"]
	build:
	context: .
	dockerfile: Dockerfile

	tmpfs:
	- /tmp
	depends_on:
	postgres:
	condition: service_healthy
	localstack:
	condition: service_healthy

	sqs_consumer-dev:
	profiles: ["dev"]
	container_name: sqs_consumer-dev
	image: monocle:latest
	entrypoint: ["/bin/bash", "-c", "python3 monocle/sqs_consumer.py"]
	tmpfs:
	- /tmp
	environment:
	- GITHUB_TOKEN=${GITHUB_TOKEN}
	- AWS_ENDPOINT_URL=http://localstack:4566
	- AWS_DEFAULT_REGION=us-east-1
	- AWS_ACCESS_KEY_ID=test
	- AWS_SECRET_ACCESS_KEY=test
	- AWS_SESSION_TOKEN=test
	depends_on:
	postgres:
	condition: service_healthy
	localstack:
	condition: service_healthy

	volumes:
	postgres-data:
	FROM index.docker.io/library/python:3.12-slim@sha256:d5f16749562233aa4bd26538771d76bf0dfd0a0ea7ea8771985e267451397ae4 AS base

	RUN pip3 install --upgrade pip setuptools
	COPY requirements.txt /
	RUN pip3 install -r requirements.txt
	ENV PYTHONPATH=/monocle
	WORKDIR /app
	COPY setup.py /app/
	RUN mkdir /monocle && pip3 install . && adduser --system --no-create-home monocle --uid 1000

	FROM base AS dev
	COPY .monocle.env.docker /app/.monocle.env
	COPY monocle/ /app/monocle
	COPY analyzers/ /app/analyzers
	COPY malicious_examples/ /app/malicious_examples
	RUN mkdir /logs
	RUN chown 1000:1000 /logs
	RUN mkdir /EXTRACT_FOLDER
	RUN chown 1000:1000 /EXTRACT_FOLDER
	RUN mkdir /DOWNLOAD_FOLDER
	RUN chown 1000:1000 /DOWNLOAD_FOLDER
	USER 1000