diff --git a/RemoteSettings.Dockerfile b/RemoteSettings.Dockerfile index 892941a4..7b5735e3 100644 --- a/RemoteSettings.Dockerfile +++ b/RemoteSettings.Dockerfile @@ -13,7 +13,7 @@ WORKDIR /opt COPY ./uv.lock ./pyproject.toml ./ COPY ./kinto-slack ./kinto-slack RUN uv venv $VIRTUAL_ENV -RUN uv sync --frozen --no-install-project --no-editable \ +RUN uv sync --frozen --compile-bytecode --no-install-project --no-editable \ --no-group kinto-remote-settings \ --no-group cronjobs \ --no-group git-reader \ @@ -21,7 +21,7 @@ RUN uv sync --frozen --no-install-project --no-editable \ --no-group docs COPY ./kinto-remote-settings ./kinto-remote-settings -RUN uv sync --frozen --no-install-project --no-editable \ +RUN uv sync --frozen --compile-bytecode --no-install-project --no-editable \ --group kinto-remote-settings \ --no-group cronjobs \ --no-group git-reader \ @@ -78,6 +78,9 @@ COPY --chown=app:app . . COPY --from=get-admin /opt/kinto-admin/build $KINTO_ADMIN_ASSETS_PATH +# Compile app bytecode to speed up startup time. +RUN python -m compileall -q /app + # Generate local key pair to simplify running without Autograph out of the box (see `config/testing.ini`) RUN python -m kinto_remote_settings.signer.generate_keypair /app/ecdsa.private.pem /app/ecdsa.public.pem diff --git a/git-reader/Dockerfile b/git-reader/Dockerfile index d0cd7b58..5272fcd2 100644 --- a/git-reader/Dockerfile +++ b/git-reader/Dockerfile @@ -23,11 +23,13 @@ RUN mkdir /app/.ssh && \ COPY --chown=app:app pyproject.toml uv.lock ./ COPY --chown=app:app version.json . -RUN uv sync --frozen --no-install-project +RUN uv sync --frozen --compile-bytecode --no-install-project COPY --chown=app:app run.sh . RUN chmod +x run.sh COPY --chown=app:app app.py mimetypes.txt ./ +# Compile app bytecode to speed up startup time. +RUN python -m compileall -q /app USER app diff --git a/kinto-remote-settings/src/kinto_remote_settings/signer/utils.py b/kinto-remote-settings/src/kinto_remote_settings/signer/utils.py index 221306b1..88e7c05c 100644 --- a/kinto-remote-settings/src/kinto_remote_settings/signer/utils.py +++ b/kinto-remote-settings/src/kinto_remote_settings/signer/utils.py @@ -6,9 +6,6 @@ from typing import Any from urllib.parse import urlparse -import cryptography -import cryptography.x509 -from cryptography.hazmat.backends import default_backend as crypto_default_backend from kinto.core.events import ACTIONS from kinto.core.storage.exceptions import UnicityError from kinto.core.utils import build_request, instance_uri, read_env @@ -309,6 +306,13 @@ def fetch_cert(url): """ Returns the SSL certificate object for the specified `url`. """ + # Import lazily to reduce startup time for the application + # since cryptography is a heavy dependency (200ms import time!) + # and `fetch_cert()` is only used in healthcheck. + import cryptography + import cryptography.x509 + from cryptography.hazmat.backends import default_backend as crypto_default_backend + parsed_url = urlparse(url) host, port = (parsed_url.netloc, parsed_url.port or 443) cert_pem = ssl.get_server_certificate((host, port))