Revisit Docker configuration pattern

[agjohnson]

#1319 was merged early, there were a few points of unresolved feedback from review there:

• Use Ubuntu image to match usage in other repositories
• Match volume mounting pattern used in other repositories
• Rely on docker-compose patterns
• Use invoke instead of Makefile?

[benjaoming]

Thanks! I was about to type in something and noticed this :)

Problem

Current Docker development strategy and implementation isn't reviewed or adopted widely, it's more a rough sketch to solve imminent build issues.

Note: Currently, as we maintain our built CSS and JS artifacts in git, the development environment is ALSO the build/production environment.

Some notes:

• Resolve whether to replace Make with invoke, keep it or replace it with a very small shell script
• There are some quirks around the way that Docker builds using the Make command, mainly that I've seen the dubious artifacts getting copied out, caught by the --porcelain command - will need to investigate.
• Find a good balance between container image and mounted host environment

Solution

(nothing proposed currently, might come as a PR)

See also

#1319

[benjaoming]

Some additional requirements:

• The release process needs to be supported by a reliable docker workflow that doesn't produce unexpected outcomes. For instance, it should be guaranteed that an outdated image isn't allowed to build a release
• Copying out built artifacts from the container should ONLY copy out artifacts, right now sphinx_rtd_theme/__init__.py is also copied out, which is vulnerable to the above issue
• npm ci should be preferred and npm audit fix is only done through a deliberate process.