Skip to main content

Containerize an App

Services are best maintained if they are run in a controlled environment also known as a container. This includes the exact version of the operating system, both system and user libraries, and your carefully configured service. The image of the container is uploaded to an OCI file server (e.g. docker.io, ghcr.io) from where the server hosting your bot downloads it.

Let's have the following project consisting of two files:

my-bot
├── bot.py # A python bot script
└── requirements.txt # Python dependencies

For containerization we will use Docker, but you can also use alternatives such as Podman. In fact, when your app is deployed to a ROFL node the containers there will be orchestrated by Podman, so feel free to use it instead for better compatibility.

Dockerfile

Inside the project folder create a file called Dockerfile. This will instruct Docker to compile a python-based image and add our python bot script on top of it.

Dockerfile
FROM python:alpine3.17

WORKDIR /bot
COPY ./bot.py ./requirements.txt /bot
RUN pip install -r requirements.txt

ENTRYPOINT ["python", "bot.py"]

Compose

Docker Compose orchestrates your containers. It makes sure they are spun up in correct order, defines storage points, networking and other functionalities. Create compose.yaml with the following example content:

compose.yaml
services:
python-bot:
build: .
image: "docker.io/YOUR_USERNAME/YOUR_PROJECT"
platform: linux/amd64
environment:
- TOKEN=${TOKEN}

Adjust image: field to fit your needs

The image: field(s) in compose.yaml above must point to a publicly accessible OCI registry where your image will be downloaded from for execution.

In your case replace the image: field with a fully qualified domain of the OCI server you use followed by your username, for example:

  • docker.io/your_username/my-bot
  • ghcr.io/your_username/my-bot
Always specify FQDN image URL

When specifying the container image URL, make sure to use fully qualified domain name e.g. docker.io/ollama/ollama and not just ollama/ollama.

Build and Push

Build the container image and tag it using docker compose:

docker compose build
tip

You can also test the compose setup locally with:

docker compose up

To stop it:

docker compose down

After building and tagging the images you need to push the container images to publicly accessible OCI registry (e.g. docker.io, ghcr.io). If this is the first time you're pushing images on your computer, you will first need to authenticacte with:

docker login

Then run the following to upload the container images to the registry:

docker compose push
Make sure your image is public

If you're pushing the image to GitHub containers for the first time, make sure you configure public package visibility!

Pin Your Image Hash

To prevent another container image being pulled inside ROFL, pin the image digest inside compose.yaml. Fetch the sha256:... digest by invoking:

docker images --digest

Then append @ and the digest next to the image tag in your compose.yaml, for example:

    image: "docker.io/MY_USERNAME/my-bot@sha256:9633593eb9e8395023cb0d926982602978466ec003efa189d94a34e7bea6ec0d"