clean up docker and makefile

* remove gosuuser - this means we can upgrade the base image to
  something more modern and not have to faff around with gpg
* remove unnecessary commands - some things need to exist in the
  makefile to keep jenkins happy
* remove concept of building separately - pip install requirements.txt
  in the dockerfile

Makefile

@@ -2,14 +2,12 @@
 SHELL := /bin/bash
 DATE = $(shell date +%Y-%m-%d:%H:%M:%S)
 
-PIP_ACCEL_CACHE ?= ${CURDIR}/cache/pip-accel
 APP_VERSION_FILE = app/version.py
 
 GIT_BRANCH ?= $(shell git symbolic-ref --short HEAD 2> /dev/null || echo "detached")
 GIT_COMMIT ?= $(shell git rev-parse HEAD)
 
-DOCKER_IMAGE_TAG := $(shell cat docker/VERSION)
-DOCKER_BUILDER_IMAGE_NAME = govuk/notify-api-builder:${DOCKER_IMAGE_TAG}
+DOCKER_BUILDER_IMAGE_NAME = govuk/notify-api-builder:master
 DOCKER_TTY ?= $(if ${JENKINS_HOME},,t)
 
 BUILD_TAG ?= notifications-api-manual
@@ -33,22 +31,10 @@ NOTIFY_CREDENTIALS ?= ~/.notify-credentials
 help:
 	@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-.PHONY: venv
-venv: venv/bin/activate ## Create virtualenv if it does not exist
-
-venv/bin/activate:
-	test -d venv || virtualenv venv -p python3
-	. venv/bin/activate && pip install pip-accel
-
 .PHONY: check-env-vars
 check-env-vars: ## Check mandatory environment variables
 	$(if ${DEPLOY_ENV},,$(error Must specify DEPLOY_ENV))
 
-.PHONY: sandbox
-sandbox: ## Set environment to sandbox
-	$(eval export DEPLOY_ENV=sandbox)
-	@true
-
 .PHONY: preview
 preview: ## Set environment to preview
 	$(eval export DEPLOY_ENV=preview)
@@ -64,19 +50,10 @@ production: ## Set environment to production
 	$(eval export DEPLOY_ENV=production)
 	@true
 
-.PHONY: dependencies
-dependencies: venv ## Install build dependencies
-	mkdir -p ${PIP_ACCEL_CACHE}
-	. venv/bin/activate && PIP_ACCEL_CACHE=${PIP_ACCEL_CACHE} pip-accel install -r requirements_for_test.txt
-
 .PHONY: generate-version-file
 generate-version-file: ## Generates the app version file
 	@echo -e "__travis_commit__ = \"${GIT_COMMIT}\"\n__time__ = \"${DATE}\"\n__travis_job_number__ = \"${BUILD_NUMBER}\"\n__travis_job_url__ = \"${BUILD_URL}\"" > ${APP_VERSION_FILE}
 
-.PHONY: build
-build: dependencies generate-version-file ## Build project
-	. venv/bin/activate && PIP_ACCEL_CACHE=${PIP_ACCEL_CACHE} pip-accel install -r requirements.txt
-
 .PHONY: build-paas-artifact
 build-paas-artifact:  ## Build the deploy artifact for PaaS
 	rm -rf target
@@ -90,7 +67,7 @@ upload-paas-artifact:
 	aws s3 cp --region eu-west-1 --sse AES256 target/notifications-api.zip s3://${JENKINS_S3_BUCKET}/build/notifications-api/${DEPLOY_BUILD_NUMBER}.zip
 
 .PHONY: test
-test: venv generate-version-file ## Run tests
+test: generate-version-file ## Run tests
 	./scripts/run_tests.sh
 
 .PHONY: freeze-requirements
@@ -113,40 +90,25 @@ test-requirements:
 || { echo "requirements.txt is up to date"; exit 0; }
 
 .PHONY: coverage
-coverage: venv ## Create coverage report
-	. venv/bin/activate && coveralls
+coverage: ; ## don't do anything
 
 .PHONY: prepare-docker-build-image
-prepare-docker-build-image: ## Prepare the Docker builder image
-	mkdir -p ${PIP_ACCEL_CACHE}
-	make -C docker build
+prepare-docker-build-image: generate-version-file ## Prepare the Docker builder image
+	docker build -f docker/Dockerfile \
+		--build-arg HTTP_PROXY="${HTTP_PROXY}" \
+		--build-arg HTTPS_PROXY="${HTTP_PROXY}" \
+		--build-arg NO_PROXY="${NO_PROXY}" \
+		-t ${DOCKER_BUILDER_IMAGE_NAME} \
+		.
 
 .PHONY: build-with-docker
-build-with-docker: prepare-docker-build-image ## Build inside a Docker container
-	@docker run -i${DOCKER_TTY} --rm \
-		--name "${DOCKER_CONTAINER_PREFIX}-build" \
-		-v "`pwd`:/var/project" \
-		-v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \
-		-e UID=$(shell id -u) \
-		-e GID=$(shell id -g) \
-		-e GIT_COMMIT=${GIT_COMMIT} \
-		-e BUILD_NUMBER=${BUILD_NUMBER} \
-		-e BUILD_URL=${BUILD_URL} \
-		-e http_proxy="${HTTP_PROXY}" \
-		-e HTTP_PROXY="${HTTP_PROXY}" \
-		-e https_proxy="${HTTPS_PROXY}" \
-		-e HTTPS_PROXY="${HTTPS_PROXY}" \
-		-e NO_PROXY="${NO_PROXY}" \
-		${DOCKER_BUILDER_IMAGE_NAME} \
-		gosu hostuser make build
+build-with-docker: ; ## don't do anything
 
 .PHONY: test-with-docker
 test-with-docker: prepare-docker-build-image create-docker-test-db ## Run tests inside a Docker container
 	@docker run -i${DOCKER_TTY} --rm \
 		--name "${DOCKER_CONTAINER_PREFIX}-test" \
 		--link "${DOCKER_CONTAINER_PREFIX}-db:postgres" \
-		-e UID=$(shell id -u) \
-		-e GID=$(shell id -g) \
 		-e SQLALCHEMY_DATABASE_URI=postgresql://postgres:postgres@postgres/test_notification_api \
 		-e GIT_COMMIT=${GIT_COMMIT} \
 		-e BUILD_NUMBER=${BUILD_NUMBER} \
@@ -156,9 +118,8 @@ test-with-docker: prepare-docker-build-image create-docker-test-db ## Run tests
 		-e https_proxy="${HTTPS_PROXY}" \
 		-e HTTPS_PROXY="${HTTPS_PROXY}" \
 		-e NO_PROXY="${NO_PROXY}" \
-		-v "`pwd`:/var/project" \
 		${DOCKER_BUILDER_IMAGE_NAME} \
-		gosu hostuser make test
+		make test
 
 .PHONY: create-docker-test-db
 create-docker-test-db: ## Start the test database in a Docker container
@@ -175,9 +136,6 @@ create-docker-test-db: ## Start the test database in a Docker container
 coverage-with-docker: prepare-docker-build-image ## Generates coverage report inside a Docker container
 	@docker run -i${DOCKER_TTY} --rm \
 		--name "${DOCKER_CONTAINER_PREFIX}-coverage" \
-		-v "`pwd`:/var/project" \
-		-e UID=$(shell id -u) \
-		-e GID=$(shell id -g) \
 		-e COVERALLS_REPO_TOKEN=${COVERALLS_REPO_TOKEN} \
 		-e CIRCLECI=1 \
 		-e CI_NAME=${CI_NAME} \
@@ -191,7 +149,7 @@ coverage-with-docker: prepare-docker-build-image ## Generates coverage report in
 		-e HTTPS_PROXY="${HTTPS_PROXY}" \
 		-e NO_PROXY="${NO_PROXY}" \
 		${DOCKER_BUILDER_IMAGE_NAME} \
-		gosu hostuser make coverage
+		make coverage
 
 .PHONY: clean-docker-containers
 clean-docker-containers: ## Clean up any remaining docker containers

docker/Dockerfile

@@ -1,12 +1,11 @@
-FROM python:3.5-slim-jessie
+FROM python:3.6-slim
 
 ARG HTTP_PROXY
 ARG HTTPS_PROXY
 ARG NO_PROXY
 
 ENV PYTHONUNBUFFERED=1 \
-	DEBIAN_FRONTEND=noninteractive \
-	GOSU_VERSION=1.10
+	DEBIAN_FRONTEND=noninteractive
 
 RUN \
 	echo "Install base packages" \
@@ -19,39 +18,22 @@ RUN \
 		build-essential \
 		zip \
 		libpq-dev \
-		libffi-dev \
-		python-dev \
-		jq \
 	&& echo "Clean up" \
 	&& rm -rf /var/lib/apt/lists/* /tmp/*
 
-RUN \
-	echo "Install global pip packages" \
-	&& pip install \
-		virtualenv \
-		awscli \
-		wheel
-
 RUN \
 	echo "Install Cloud Foundry CLI" \
 	&& curl -sSL "https://cli.run.pivotal.io/stable?release=debian64&source=github" -o /tmp/cloudfoundry-cli.deb \
 	&& dpkg -i /tmp/cloudfoundry-cli.deb
 
-COPY tianon.gpg /tmp/tianon.gpg
-
+# these are declared statically here so that they're cached by the docker image - if we run after the `COPY` command
+# they won't be cached so it'll re-download every time. But these don't involve the filesystem
+COPY requirements.txt .
+COPY requirements_for_test.txt .
 RUN \
-	echo "Install gosu" \
-	&& curl -sSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
-	&& curl -sSL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
-	&& export GNUPGHOME="$(mktemp -d)" \
-	&& gpg --import /tmp/tianon.gpg \
-	&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
-	&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
-	&& chmod +x /usr/local/bin/gosu \
-	&& gosu nobody true
+	echo "Installing python dependencies" \
+	&& pip install -r requirements_for_test.txt
 
 WORKDIR /var/project
 
-COPY entrypoint.sh /usr/local/bin/docker-entrypoint
-
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
+COPY . .

docker/Makefile

@@ -1,33 +0,0 @@
-.DEFAULT_GOAL := help
-SHELL := /bin/bash
-DOCKER_IMAGE_TAG := $(shell cat VERSION)
-
-.PHONY: help
-help:
-	@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
-
-.PHONY: build
-build:
-	docker pull `grep "FROM " Dockerfile | cut -d ' ' -f 2` || true
-	docker build \
-		--build-arg HTTP_PROXY="${HTTP_PROXY}" \
-		--build-arg HTTPS_PROXY="${HTTP_PROXY}" \
-		--build-arg NO_PROXY="${NO_PROXY}" \
-		-t govuk/notify-api-builder:${DOCKER_IMAGE_TAG} \
-		.
-
-.PHONY: bash
-bash:
-	docker run -it --rm \
-		-e UID=$(shell id -u) \
-		-e GID=$(shell id -g) \
-		govuk/notify-api-builder:${DOCKER_IMAGE_TAG} \
-		bash
-
-.PHONY: bash
-bash-hostuser:
-	docker run -it --rm \
-		-e UID=$(shell id -u) \
-		-e GID=$(shell id -g) \
-		govuk/notify-api-builder:${DOCKER_IMAGE_TAG} \
-		gosu hostuser bash

docker/VERSION

@@ -1 +0,0 @@
-2

docker/entrypoint.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail; [[ "$TRACE" ]] && set -x
-
-if [[ "$(id -u)" -ne 0 ]]; then
-    echo 'docker-entrypoint requires root' >&2
-    exit 1
-fi
-
-if [ -z "$UID" ] || [ "$UID" = "0" ]; then
-  echo "UID must be specified as a positive integer"
-  exit 1
-fi
-
-if [ -z "$GID" ] || [ "$GID" = "0" ]; then
-  echo "GID must be specified as positive integer"
-  exit 1
-fi
-
-USER=$(id -un $UID 2>/dev/null || echo "hostuser")
-GROUP=$(getent group $GID | cut -d: -f1 || echo "hostgroup")
-
-if [ "$USER" = "hostuser" ]; then
-  useradd -u $UID -s /bin/bash -m $USER
-fi
-
-if [ "$GROUP" = "hostgroup" ]; then
-  groupadd -g $GID $GROUP
-fi
-
-usermod -g $GROUP $USER
-
-exec "$@"

runtime.txt

@@ -1 +1 @@
-python-3.5.x
+python-3.6.x