From b4ccf040bb221d63a5faaa995e56475974ef4da7 Mon Sep 17 00:00:00 2001
From: Laurent Sorber <laurent.sorber@gmail.com>
Date: Tue, 19 Dec 2023 14:45:50 +0000
Subject: [PATCH] chore: cruft update

---
 .cruft.json                  |  2 +-
 .dockerignore                |  5 ++++
 .github/workflows/deploy.yml |  6 ++--
 .github/workflows/test.yml   | 10 +++----
 Dockerfile                   | 57 ++++++++++++++++++------------------
 README.md                    |  1 -
 6 files changed, 41 insertions(+), 40 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.cruft.json b/.cruft.json
index a118753..425ee62 100644
--- a/.cruft.json
+++ b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/radix-ai/poetry-cookiecutter",
-  "commit": "0ebc888c020aad416bcca536e5f828545706f490",
+  "commit": "0168710e9b56ab046cd2cf34b60866805ec41f58",
   "checkout": null,
   "context": {
     "cookiecutter": {
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..c17c79a
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+# Caches
+.*_cache/
+
+# Git
+.git/
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4961d69..ef5cb87 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -30,10 +30,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to the Docker registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.DOCKER_REGISTRY }}
           username: ${{ github.actor }}
@@ -43,7 +43,7 @@ jobs:
         run: echo "GIT_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4c1d824..7538d38 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,19 +20,17 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 21
 
       - name: Install @devcontainers/cli
-        run: npm install --location=global @devcontainers/cli@0.41.0
+        run: npm install --location=global @devcontainers/cli@0.55.0
 
       - name: Start Dev Container
-        env:
-          DOCKER_BUILDKIT: 1
         run: |
           git config --global init.defaultBranch main
           PYTHON_VERSION=${{ matrix.python-version }} devcontainer up --workspace-folder .
diff --git a/Dockerfile b/Dockerfile
index ed0bc5c..5484b70 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,24 +2,15 @@
 ARG PYTHON_VERSION=3.8
 FROM python:$PYTHON_VERSION-slim AS base
 
+# Remove docker-clean so we can keep the apt cache in Docker build cache.
+RUN rm /etc/apt/apt.conf.d/docker-clean
+
 # Configure Python to print tracebacks on crash [1], and to not buffer stdout and stderr [2].
 # [1] https://docs.python.org/3/using/cmdline.html#envvar-PYTHONFAULTHANDLER
 # [2] https://docs.python.org/3/using/cmdline.html#envvar-PYTHONUNBUFFERED
 ENV PYTHONFAULTHANDLER 1
 ENV PYTHONUNBUFFERED 1
 
-# Install Poetry.
-ENV POETRY_VERSION 1.6.1
-RUN --mount=type=cache,target=/root/.cache/pip/ \
-    pip install poetry~=$POETRY_VERSION
-
-# Install compilers that may be required for certain packages or platforms.
-RUN rm /etc/apt/apt.conf.d/docker-clean
-RUN --mount=type=cache,target=/var/cache/apt/ \
-    --mount=type=cache,target=/var/lib/apt/ \
-    apt-get update && \
-    apt-get install --no-install-recommends --yes build-essential
-
 # Create a non-root user and switch to it [1].
 # [1] https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user
 ARG UID=1000
@@ -30,40 +21,45 @@ RUN groupadd --gid $GID user && \
 USER user
 
 # Create and activate a virtual environment.
-RUN python -m venv /opt/my-package-env
-ENV PATH /opt/my-package-env/bin:$PATH
 ENV VIRTUAL_ENV /opt/my-package-env
+ENV PATH $VIRTUAL_ENV/bin:$PATH
+RUN python -m venv $VIRTUAL_ENV
 
 # Set the working directory.
 WORKDIR /workspaces/my-package/
 
-# Install the run time Python dependencies in the virtual environment.
-COPY --chown=user:user poetry.lock* pyproject.toml /workspaces/my-package/
-RUN mkdir -p /home/user/.cache/pypoetry/ && mkdir -p /home/user/.config/pypoetry/ && \
-    mkdir -p src/my_package/ && touch src/my_package/__init__.py && touch README.md
-RUN --mount=type=cache,uid=$UID,gid=$GID,target=/home/user/.cache/pypoetry/ \
-    poetry install --only main --no-interaction
-
 
 
-FROM base as ci
+FROM base as poetry
 
-# Allow CI to run as root.
 USER root
 
-# Install git so we can run pre-commit.
+# Install Poetry in separate venv so it doesn't pollute the main venv.
+ENV POETRY_VERSION 1.6.1
+ENV POETRY_VIRTUAL_ENV /opt/poetry-env
+RUN --mount=type=cache,target=/root/.cache/pip/ \
+    python -m venv $POETRY_VIRTUAL_ENV && \
+    $POETRY_VIRTUAL_ENV/bin/pip install poetry~=$POETRY_VERSION && \
+    ln -s $POETRY_VIRTUAL_ENV/bin/poetry /usr/local/bin/poetry
+
+# Install compilers that may be required for certain packages or platforms.
 RUN --mount=type=cache,target=/var/cache/apt/ \
     --mount=type=cache,target=/var/lib/apt/ \
     apt-get update && \
-    apt-get install --no-install-recommends --yes git
+    apt-get install --no-install-recommends --yes build-essential
+
+USER user
 
-# Install the CI/CD Python dependencies in the virtual environment.
-RUN --mount=type=cache,target=/root/.cache/pypoetry/ \
-    poetry install --only main,test --no-interaction
+# Install the run time Python dependencies in the virtual environment.
+COPY --chown=user:user poetry.lock* pyproject.toml /workspaces/my-package/
+RUN mkdir -p /home/user/.cache/pypoetry/ && mkdir -p /home/user/.config/pypoetry/ && \
+    mkdir -p src/my_package/ && touch src/my_package/__init__.py && touch README.md
+RUN --mount=type=cache,uid=$UID,gid=$GID,target=/home/user/.cache/pypoetry/ \
+    poetry install --only main --no-interaction
 
 
 
-FROM base as dev
+FROM poetry as dev
 
 # Install development tools: curl, git, gpg, ssh, starship, sudo, vim, and zsh.
 USER root
@@ -107,6 +103,9 @@ RUN git clone --branch v$ANTIDOTE_VERSION --depth=1 https://github.com/mattmc3/a
 
 FROM base AS app
 
+# Copy the virtual environment from the poetry stage.
+COPY --from=poetry $VIRTUAL_ENV $VIRTUAL_ENV
+
 # Copy the package source code to the working directory.
 COPY --chown=user:user . .
 
diff --git a/README.md b/README.md
index b8f38ab..ae83dde 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,6 @@ _Python application_: to serve this REST API, run `docker compose up app` and op
 1. [Install Docker Desktop](https://www.docker.com/get-started).
     - Enable _Use Docker Compose V2_ in Docker Desktop's preferences window.
     - _Linux only_:
-        - [Configure Docker to use the BuildKit build system](https://docs.docker.com/build/buildkit/#getting-started). On macOS and Windows, BuildKit is enabled by default in Docker Desktop.
         - Export your user's user id and group id so that [files created in the Dev Container are owned by your user](https://github.com/moby/moby/issues/3206):
             ```sh
             cat << EOF >> ~/.bashrc