Add server-base image

README.md

@@ -7,3 +7,7 @@ This repository contains the recipes and CI for building the base images used by
 ### secret-generation
 
 This image is used by the [helm chart](https://github.com/DIRACGrid/diracx-charts) to run batch jobs within the cluster that automatically generate kubernetes secrets.
+
+### server-base
+
+This image is used as the base of the diracx service image.

server-base/Dockerfile

@@ -0,0 +1,32 @@
+FROM registry.cern.ch/docker.io/mambaorg/micromamba
+EXPOSE 8000
+
+# Create empty directory for the various volume to be mounted
+# and assign them to mambauser
+# This is needed for the DIRAC integration test, as docker-compose
+# isn't playing well with permissions and volumes
+USER root
+RUN mkdir /cs_store /signing-key && chown $MAMBA_USER:$MAMBA_USER /cs_store /signing-key
+USER $MAMBA_USER
+
+WORKDIR /code
+
+COPY --chown=$MAMBA_USER:$MAMBA_USER . /code/diracx
+
+RUN micromamba install --yes --file diracx/environment.yml --name=base && micromamba clean --all --yes --force-pkgs-dirs
+
+ARG MAMBA_DOCKERFILE_ACTIVATE=1
+
+RUN  pip install ./diracx git+https://github.com/DIRACGrid/DIRAC.git@integration
+# Copying in ENTRYPOINT script
+COPY --chown=$MAMBA_USER:$MAMBA_USER entrypoint.sh /
+RUN chmod 755 /entrypoint.sh
+
+# In many clusters the container is ran as a random uid for security reasons.
+# If we mark the conda directory as group 0 and give it group write permissions
+# then we're still able to manage the environment from inside the container.
+USER 0
+RUN chown -R $MAMBA_USER:0 /opt/conda && chmod -R g=u /opt/conda
+USER $MAMBA_USER
+
+ENTRYPOINT [ "/entrypoint.sh" ]

server-base/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+# TODO: This is a workaround until this is released
+# https://github.com/DaanDeMeyer/reproc/pull/103
+# or that this is merged
+# https://github.com/conda-forge/reproc-feedstock/pull/10
+ulimit -n 8192
+
+eval "$(micromamba shell hook --shell=posix)"
+micromamba activate base
+exec "$@"

server-base/environment.yml

@@ -0,0 +1,59 @@
+name: diracx-dev
+channels:
+  - diracgrid
+  - conda-forge
+  - nodefaults
+dependencies:
+  - authlib
+  - aiohttp
+  - aiomysql
+  - aiosqlite
+  - azure-core
+  - cachetools
+  ########
+  # Building the docker image on some system may fail
+  # as long as this bug is still present
+  # https://github.com/DaanDeMeyer/reproc/pull/103
+  # or that this is merged
+  # https://github.com/conda-forge/reproc-feedstock/pull/10
+  # If it does, we need to comment out `dirac-grid` here
+  # and install it via pip
+  - dirac-grid
+  - m2crypto >=0.38.0
+  - python-gfal2
+  - importlib_resources
+  #######
+  - email-validator
+  - fastapi
+  - git
+  - gitpython
+  - httpx
+  - isodate
+  - mypy
+  - opensearch-py
+  - pydantic =1.10.10
+  - pyjwt
+  - pytest
+  - pytest-asyncio
+  - pytest-cov
+  - pytest-httpx
+  - python
+  - python-dotenv
+  - python-jose
+  - python-multipart
+  - pyyaml
+  - requests
+  - rich
+  - sqlalchemy
+  - typer
+  - types-cachetools
+  - types-PyYAML
+  - types-requests
+  - uvicorn
+  - moto
+  - aiobotocore
+  - botocore
+  - git
+  - pip:
+    - types-aiobotocore[essential]
+    - boto3-stubs[essential]