Docker: add required files to dockerize Fresh cube

- update __pkginfo__.py and use cubicweb[pyramid] '>= 3.26.0, < 3.27'
- update README file
- update setup.py to read from README.rst not README

- install from Debian Buster as base image so that we can use Python 3.7
- install current source code for fresh cube
- install additional requirements from docker/requirements.txt

- add docker/entrypoint.sh to define available entrypoints for the instance
- add docker/pyramid.ini.j2 that will be used to create the instance
- add docker/uwsgi.ini that will be used to start the instance
- add .dockerignore file to build a smaller image

.dockerignore

+**
+!docker/requirements.txt
+!docker/entrypoint.sh
+!docker/pyramid.ini.j2
+!docker/uwsgi.ini
+!MANIFEST.in
+!README.rst
+!setup.py
+!cubicweb_fresh/*.py
+!cubicweb_fresh/migration/*.py
+!cubicweb_fresh/views/*.py
+!cubicweb_fresh/data/*

Dockerfile

+FROM debian:buster-slim
+ENV LANG C.UTF-8
+RUN mkdir -p /usr/share/man/man1 && mkdir -p /usr/share/man/man7
+RUN apt-get update && apt-get -y --no-install-recommends install \
+    gettext \
+    uwsgi \
+    uwsgi-plugin-python3 \
+    graphviz \
+    postgresql-client \
+    python3-pip \
+    python3-setuptools \
+    python3-crypto \
+    python3-psycopg2 \
+    python3-jinja2 \
+    pwgen \
+    && rm -rf /var/lib/apt/lists/*
+COPY . /src/
+RUN python3 -m pip install --no-cache-dir --disable-pip-version-check -r /src/docker/requirements.txt
+RUN python3 -m pip install --no-cache-dir --disable-pip-version-check -e /src
+# ensure rql is installed with gecode extension
+RUN python3 -c 'import rql.rql_solve'
+RUN useradd cubicweb --uid 1000 -m -s /bin/bash
+RUN install -d -o cubicweb -g cubicweb /etc/cubicweb.d
+COPY docker/uwsgi.ini /etc/uwsgi/uwsgi.ini
+COPY docker/pyramid.ini.j2 /
+COPY docker/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+USER cubicweb
+WORKDIR /home/cubicweb
+ENV CW_DOCKER_CUBE=fresh
+ENV CW_INSTANCE=$CW_DOCKER_CUBE
+ENV CW_CUBES_PATH=/usr/local/share/cubicweb/cubes
+ENV CW_INSTANCES_DIR=/etc/cubicweb.d
+ENV CW_INSTANCES_DATA_DIR=/etc/cubicweb.d
+ENV CW_LOG_FILE=/dev/stdout
+ENV CW_LOG_THRESHOLD=WARNING
+ENV CW_DB_HOST=
+ENV CW_DB_USER=cubicweb
+ENV CW_DB_PASSWORD=
+ENV CW_DB_NAME=$CW_INSTANCE
+ENV CW_DB_DRIVER=postgres
+ENV CW_LOGIN=admin
+ENV CW_PASSWORD=admin
+ENV WITH_TRUSTEDAUTH=false
+ENV CW_BASE_URL=http://localhost:8080
+EXPOSE 8080/tcp
+RUN cubicweb-ctl create $CW_DOCKER_CUBE $CW_INSTANCE --automatic --no-db-create
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["start"]

README

-Expense tracking application built on the CubicWeb framework.
\ No newline at end of file

README.rst

+Expense tracking application built on the CubicWeb framework.
+=============================================================

cubicweb_fresh/__pkginfo__.py

@@ -19,7 +19,7 @@ classifiers = [
     'Programming Language :: JavaScript',
     ]
 
-__depends__ = {'cubicweb': '>= 3.24.0',
+__depends__ = {'cubicweb[pyramid]': '>= 3.26.0, < 3.27',
                'cubicweb-expense': '>= 0.7.0',
                'cubicweb-workcase': None,
                }

docker/entrypoint.sh

+#!/bin/sh
+set -e
+PINI=$CW_INSTANCES_DIR/$CW_INSTANCE/pyramid.ini
+if ! test -e $PINI; then
+    test -z "$PYRAMID_SESSION_SECRET" && export PYRAMID_SESSION_SECRET=$(pwgen -s 20)
+    test -z "$PYRAMID_AUTHTKT_SESSION_SECRET" && export PYRAMID_AUTHTKT_SESSION_SECRET=$(pwgen -s 20)
+    test -z "$PYRAMID_AUTHTKT_PERSISTENT_SECRET" && export PYRAMID_AUTHTKT_PERSISTENT_SECRET=$(pwgen -s 20)
+    python3 > $PINI << EOF
+import os
+import jinja2
+print(jinja2.Template(open('/pyramid.ini.j2').read()).render(os.environ))
+EOF
+fi
+check_upgrade() {
+    echo "check the instance is properly bootstraped and up to date"
+    echo "print('OK')" > /tmp/chk.py
+    isok=$(cubicweb-ctl shell $CW_INSTANCE /tmp/chk.py || true)
+    if [ "x$isok" != xOK ]; then
+      echo $isok
+      echo "upgrading instance"
+      cubicweb-ctl upgrade --nostartstop --backup-db=no --force --verbosity=0 $CW_INSTANCE
+    fi
+    cubicweb-ctl gen-static-datadir $CW_INSTANCE
+    cubicweb-ctl i18ninstance $CW_INSTANCE
+}
+case "$1" in
+    start)
+        check_upgrade
+        exec uwsgi --ini /etc/uwsgi/uwsgi.ini
+        ;;
+    db-create)
+        exec cubicweb-ctl db-create --automatic $CW_INSTANCE
+        ;;
+    -h|--help|help)
+        cat << EOF
+Docker image for cubicweb-$CW_DOCKER_CUBE
+
+Usage:
+
+start                   upgrade and start instance
+db-create               initialize database
+
+
+Environment variables:
+
+CW_BASE_URL                             site url (default http://localhost:8080)
+CW_LOG_THRESHOLD                        log level (default WARNING)
+CW_DB_HOST                              database host
+CW_DB_USER                              database user (default cubicweb)
+CW_DB_PASSWORD                          database password
+CW_DB_NAME                              database name (default $CW_INSTANCE)
+CW_DB_DRIVER                            database driver (default postgres)
+WITH_TRUSTEDAUTH                        Disable cubicweb login page (default false)
+CW_SENTRY_DSN                           Sentry DSN
+REDIS_SESSIONS_SECRET
+REDIS_SESSIONS_URL
+PYRAMID_SESSION_SECRET
+PYRAMID_AUTHTKT_SESSION_SECRET
+PYRAMID_AUTHTKT_PERSISTENT_SECRET
+EOF
+        exit 64
+        ;;
+    *)
+        exec $*
+        ;;
+esac

docker/pyramid.ini.j2

+{% set secure = "yes" if CW_BASE_URL.startswith('https://') else "no" -%}
+[main]
+cubicweb.includes =
+  cubicweb.pyramid.auth
+{%- if not WITH_TRUSTEDAUTH.lower() in ('y', 'yes', 't', 'true') %}
+  cubicweb.pyramid.login
+{% endif %}
+cubicweb.session.secret = {{ PYRAMID_SESSION_SECRET }}
+cubicweb.auth.authtkt.session.secret = {{ PYRAMID_AUTHTKT_SESSION_SECRET }}
+cubicweb.auth.authtkt.session.secure = {{ secure }}
+cubicweb.auth.authtkt.persistent.secret = {{ PYRAMID_AUTHTKT_PERSISTENT_SECRET }}
+cubicweb.auth.authtkt.persistent.secure = {{ secure }}
+{% if REDIS_SESSIONS_URL -%}
+cubicweb.defaults = no
+redis.sessions.url = {{ REDIS_SESSIONS_URL }}
+redis.sessions.secret = {{ REDIS_SESSIONS_SECRET }}
+redis.sessions.timeout = 1200
+redis.sessions.prefix = {{ CW_INSTANCE }}:
+pyramid.includes =
+  pyramid_redis_sessions
+{% endif %}
+
+[filter:cors]
+use = egg:wsgicors#middleware
+policy=free
+free_origin=*
+free_headers=*
+free_expose_headers=Allow,Link
+free_methods=HEAD, OPTIONS, GET, POST, PATCH, PUT, DELETE

docker/requirements.txt

+# extra requirements to be installed in docker
+pyramid-redis-sessions
+cubicweb-trustedauth
+https://github.com/cannatag/ldap3/archive/0.9.5.1.tar.gz

docker/uwsgi.ini

+[uwsgi]
+master = true
+http = 0.0.0.0:8080
+module = cubicweb.pyramid:wsgi_application()
+processes = 2
+threads = 8
+plugins = http,python3
+auto-procname = true
+lazy-apps = true
+log-master = true
+disable-logging = true
+http-timeout = 180

setup.py

@@ -47,7 +47,7 @@ author = __pkginfo__['author']
 author_email = __pkginfo__['author_email']
 classifiers = __pkginfo__['classifiers']
 
-with open(join(here, 'README')) as f:
+with open(join(here, 'README.rst')) as f:
     long_description = f.read()
 
 # get optional metadatas