Containerize an App
Services are best maintained if they are run in a controlled environment also known as a container. This includes the exact version of the operating system, both system and user libraries, and your carefully configured service. The image of the container is uploaded to an OCI file server (e.g. docker.io, ghcr.io) from where the server hosting your bot downloads it.
Let's have the following project consisting of two files:
my-bot
├── bot.py # A python bot script
└── requirements.txt # Python dependencies
For containerization we will use Docker, but you can also use alternatives such as Podman. In fact, when your app is deployed to a ROFL node the containers there will be orchestrated by Podman, so feel free to use it instead for better compatibility.
Dockerfile
Inside the project folder create a file called Dockerfile
. This will
instruct Docker to compile a python-based image and add our python bot
script on top of it.
FROM python:alpine3.17
WORKDIR /bot
COPY ./bot.py ./requirements.txt /bot
RUN pip install -r requirements.txt
ENTRYPOINT ["python", "bot.py"]
Compose
Docker Compose orchestrates your containers. It makes sure
they are spun up in correct order, defines storage points, networking and other
functionalities. Create compose.yaml
with the following example content:
services:
python-bot:
build: .
image: "docker.io/YOUR_USERNAME/YOUR_PROJECT"
platform: linux/amd64
environment:
- TOKEN=${TOKEN}
Adjust image:
field to fit your needs
The image:
field(s) in compose.yaml
above must point to a publicly
accessible OCI registry where your image will be downloaded from for
execution.
In your case replace the image:
field with a fully qualified domain of the OCI
server you use followed by your username, for example:
docker.io/your_username/my-bot
ghcr.io/your_username/my-bot
When specifying the container image URL, make sure to use fully qualified domain
name e.g. docker.io/ollama/ollama
and not just ollama/ollama
.
Build and Push
Build the container image and tag it using docker compose
:
docker compose build
You can also test the compose setup locally with:
docker compose up
To stop it:
docker compose down
After building and tagging the images you need to push the container images to publicly accessible OCI registry (e.g. docker.io, ghcr.io). If this is the first time you're pushing images on your computer, you will first need to authenticacte with:
docker login
Then run the following to upload the container images to the registry:
docker compose push
If you're pushing the image to GitHub containers for the first time, make sure you configure public package visibility!
Pin Your Image Hash
To prevent another container image being pulled inside ROFL, pin the image
digest inside compose.yaml
. Fetch the sha256:...
digest by invoking:
docker images --digest
Then append @
and the digest next to the image tag in your compose.yaml
, for
example:
image: "docker.io/MY_USERNAME/my-bot@sha256:9633593eb9e8395023cb0d926982602978466ec003efa189d94a34e7bea6ec0d"