Restructure Docker images

* Create a separate image for the virtual environment
* Build NsJail in the base image
    * Remove the NsJail binaries
* Replace tini with Docker's init feature
* Update Python to 3.7.3

8 files changed, 40 insertions, 34 deletions

diff --git a/Pipfile b/Pipfile
index 3f67b54..788e900 100644
--- a/Pipfile
+++ b/Pipfile
@@ -22,7 +22,7 @@ flake8-string-format = "*"
 flake8-formatter-junit-xml = "*"
 
 [requires]
-python_version = "3.6"
+python_version = "3.7"
 
 [scripts]
 lint = "flake8"
diff --git a/binaries/nsjail2.5-alpine-x86_64 b/binaries/nsjail2.5-alpine-x86_64
deleted file mode 100644
index 9af91fc..0000000
--- a/binaries/nsjail2.5-alpine-x86_64
+++ /dev/null
diff --git a/binaries/nsjail2.6-ubuntu-x86_64 b/binaries/nsjail2.6-ubuntu-x86_64
deleted file mode 100644
index d8df21b..0000000
--- a/binaries/nsjail2.6-ubuntu-x86_64
+++ /dev/null
diff --git a/docker-compose.yml b/docker-compose.yml
index 2b22db4..1fe8e39 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,8 @@
-version: '3'
+version: "3.7"
 services:
   pdsnk:
     hostname: "pdsnk"
     privileged: true
     image: pythondiscord/snekbox:latest
     network_mode: "host"
+    init: true
diff --git a/docker/Dockerfile b/docker/Dockerfile
index b8d5637..5ef8a88 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,13 +1,7 @@
-FROM pythondiscord/snekbox-base:latest
+FROM pythondiscord/snekbox-venv:latest
 
-RUN apk add --update tini
+ENTRYPOINT ["pipenv", "run"]
+CMD ["snekbox"]
 
-RUN mkdir -p /snekbox
 COPY . /snekbox
 WORKDIR /snekbox
-
-RUN pipenv --rm
-RUN pipenv sync
-
-ENTRYPOINT ["/sbin/tini", "--"]
-CMD ["pipenv", "run", "snekbox"]
diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile
index cdbd98e..2883398 100644
--- a/docker/base.Dockerfile
+++ b/docker/base.Dockerfile
@@ -1,23 +1,24 @@
-FROM python:3.6.6-alpine3.7
-
-RUN apk add --no-cache libstdc++ protobuf
-RUN apk add --update build-base
-
-ENV PIPENV_VENV_IN_PROJECT=1
-ENV PIPENV_IGNORE_VIRTUALENVS=1
-ENV PIPENV_NOSPIN=1
-ENV PIPENV_HIDE_EMOJIS=1
-ENV PYTHONPATH=/snekbox
+FROM alpine:3.9.2 as builder
+RUN apk add --no-cache --update  \
+        bison \
+        bsd-compat-headers \
+        flex \
+        g++ \
+        gcc \
+        git \
+        libnl3-dev \
+        linux-headers \
+        make \
+        protobuf-dev
+RUN git clone --depth=1 https://github.com/google/nsjail.git /nsjail
+WORKDIR /nsjail
+RUN make
 
+FROM python:3.7.3-alpine3.9
+RUN apk add --no-cache --update \
+        libnl3 \
+        libstdc++ \
+        protobuf
 RUN pip install pipenv
-
-RUN mkdir -p /snekbox
-COPY Pipfile /snekbox
-COPY Pipfile.lock /snekbox
-COPY . /snekbox
-WORKDIR /snekbox
-
-RUN pipenv sync --dev
-
-RUN cp binaries/nsjail2.5-alpine-x86_64 /usr/sbin/nsjail
+COPY --from=builder /nsjail/nsjail /usr/sbin/
 RUN chmod +x /usr/sbin/nsjail
diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile
new file mode 100644
index 0000000..9608d28
--- /dev/null
+++ b/docker/venv.Dockerfile
@@ -0,0 +1,10 @@
+FROM pythondiscord/snekbox-base:latest
+
+ENV PIPENV_VENV_IN_PROJECT=1 \
+    PIPENV_NOSPIN=1 \
+    PIPENV_HIDE_EMOJIS=1
+
+COPY Pipfile Pipfile.lock /snekbox/
+WORKDIR /snekbox
+
+RUN pipenv sync --dev
diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py
index 458a94e..ec43c25 100644
--- a/snekbox/nsjail.py
+++ b/snekbox/nsjail.py
@@ -8,7 +8,7 @@ class NsJail:
 
     def __init__(self,
                  nsjail_binary='nsjail',
-                 python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.6'):
+                 python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.7'):
         self.nsjail_binary = nsjail_binary
         self.python_binary = python_binary
         self._nsjail_workaround()
@@ -19,8 +19,8 @@ class NsJail:
             'sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
         ),
         'LANG': 'en_US.UTF-8',
-        'PYTHON_VERSION': '3.6.5',
-        'PYTHON_PIP_VERSION': '10.0.1',
+        'PYTHON_VERSION': '3.7.3',
+        'PYTHON_PIP_VERSION': '19.0.3',
         'PYTHONDONTWRITEBYTECODE': '1',
     }