Update dockerfile 2.2.4 (#1924)

* updated Dockerfile
- use `python:3.10-slim` as baseimage
- separate builder and runtime stages again
- get rid of uneeded packages
- pin packages for persistence
- remove outdir from entrypoint since invoke.init is available in /data
- shrinked image size to <2GB
- way better security score than before

* small output update to build.sh and run.sh

* update matrix in build-container.yml

* remove branches from build-container.yml

Author: mauwii

.github/workflows/build-container.yml

@@ -5,17 +5,12 @@ on:
   push:
     branches:
       - 'main'
-      - 'development'
-      - 'update-dockerfile'
 
 jobs:
   docker:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - x86_64
-          - aarch64
         pip-requirements:
           - requirements-lin-amd.txt
           - requirements-lin-cuda.txt
@@ -37,7 +32,7 @@ jobs:
         with:
           context: .
           file: docker-build/Dockerfile
-          platforms: Linux/${{ matrix.arch }}
+          platforms: linux/amd64,linux/arm64
           push: false
-          tags: ${{ env.dockertag }}:${{ matrix.pip-requirements }}-${{ matrix.arch }}
+          tags: ${{ env.dockertag }}:${{ matrix.pip-requirements }}
           build-args: pip_requirements=${{ matrix.pip-requirements }}

docker-build/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.10
+FROM python:3.10-slim AS builder
 
 # use bash
 SHELL [ "/bin/bash", "-c" ]
@@ -7,28 +7,42 @@ SHELL [ "/bin/bash", "-c" ]
 RUN apt-get update \
   && apt-get install -y \
     --no-install-recommends \
-    build-essential \
-    gcc \
-    git \
-    libgl1-mesa-glx \
-    libglib2.0-0 \
-    pip \
-    python3 \
-    python3-dev \
+    gcc=4:10.2.* \
+    libgl1-mesa-glx=20.3.* \
+    libglib2.0-0=2.66.* \
+    python3-dev=3.9.* \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
-# set workdir and copy sources
-WORKDIR /invokeai
+# set workdir, PATH and copy sources
+WORKDIR /usr/src/app
+ENV PATH /usr/src/app/.venv/bin:$PATH
 ARG PIP_REQUIREMENTS=requirements-lin-cuda.txt
 COPY . ./environments-and-requirements/${PIP_REQUIREMENTS} ./
 
-# install requirements and link outputs folder
-RUN pip install \
-  --no-cache-dir \
-  -r ${PIP_REQUIREMENTS}
+# install requirements
+RUN python3 -m venv .venv \
+  && pip install \
+    --no-cache-dir \
+    -r ${PIP_REQUIREMENTS}
+
+FROM python:3.10-slim AS runtime
+
+# Install necesarry packages
+RUN apt-get update \
+  && apt-get install -y \
+    --no-install-recommends \
+    libgl1-mesa-glx=20.3.* \
+    libglib2.0-0=2.66.* \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /usr/src/app
+COPY --from=builder /usr/src/app .
 
 # set Environment, Entrypoint and default CMD
 ENV INVOKEAI_ROOT /data
-ENTRYPOINT [ "python3", "scripts/invoke.py", "--outdir=/data/outputs" ]
+ENV PATH=/usr/src/app/.venv/bin:$PATH
+
+ENTRYPOINT [ "python3", "scripts/invoke.py" ]
 CMD [ "--web", "--host=0.0.0.0" ]

docker-build/build.sh

@@ -12,13 +12,13 @@ pip_requirements=${PIP_REQUIREMENTS:-requirements-lin-cuda.txt}
 dockerfile=${INVOKE_DOCKERFILE:-docker-build/Dockerfile}
 
 # print the settings
-echo "You are using these values:"
-echo -e "Dockerfile:\t\t ${dockerfile}"
-echo -e "requirements:\t\t ${pip_requirements}"
-echo -e "volumename:\t\t ${volumename}"
-echo -e "arch:\t\t\t ${arch}"
-echo -e "platform:\t\t ${platform}"
-echo -e "invokeai_tag:\t\t ${invokeai_tag}\n"
+echo -e "You are using these values:\n"
+echo -e "Dockerfile:\t ${dockerfile}"
+echo -e "requirements:\t ${pip_requirements}"
+echo -e "volumename:\t ${volumename}"
+echo -e "arch:\t\t ${arch}"
+echo -e "platform:\t ${platform}"
+echo -e "invokeai_tag:\t ${invokeai_tag}\n"
 
 if [[ -n "$(docker volume ls -f name="${volumename}" -q)" ]]; then
   echo "Volume already exists"

docker-build/run.sh

@@ -3,6 +3,10 @@ set -e
 
 source ./docker-build/env.sh || echo "please run from repository root" || exit 1
 
+echo -e "You are using these values:\n"
+echo -e "volumename:\t ${volumename}"
+echo -e "invokeai_tag:\t ${invokeai_tag}\n"
+
 docker run \
   --interactive \
   --tty \