Changes:
- Switch to Python 3.10
- Drop pywheels.org repository. Build cryptography, uwsgi, psycopg2
etc. from source. This means builds on armhf will be slower, but
hopefully fewer worries about the piwheels binary package
not finding a .so file in our base image
- Don't ship the .git folder (facepalm)
The binary uwsgi package from piwheels.org crashes with:
uwsgi: error while loading shared libraries: libxml2.so.2:
cannot open shared object file: No such file or directory
(when run in a docker environment, with python:3.9-slim-buster
base image. It works fine in Raspbian)
The workaround is to build uwsgi from source, hence the "--no-binary"
flag.
The problem:
- the first "pip wheel" collects a specific version of requests
- the second "pip wheel" collects the latest version of requests
- later "pip install" tries to install both and fails
The fix is to run "pip wheel" once, and it will then pick a single
version of requests that satisfies all constraints.
Fixes: #594
Fixes: #565
Also, split Dockerfile into two stages, so rust
and other build dependencies don't end up in the final image.
Note cryptography has binary wheels for various architectures,
but unfortunately not for 32-bit arm. And, starting from v35.0.0,
cryptography requires rust to build from source.
Previously, I had changed the default value to "", to force
users to set the SECRET_KEY value (the app refuses to start
if SECRET_KEY is empty).
The problem with that is, out of the box, with the default
configuration, the tests also don't run and complain about the
empty SECRET_KEY.
So, a compromise: revert back to the default value "---".
At runtime, if SECRET_KEY has the default value, show a warning
at the top of every page.
