-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathDockerfile
More file actions
74 lines (56 loc) · 1.99 KB
/
Dockerfile
File metadata and controls
74 lines (56 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Multi-stage build for optimal size and speed
FROM python:3.13-alpine AS builder
# Install build dependencies
RUN apk add --no-cache \
build-base \
postgresql-dev \
libffi-dev
# Install uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
# Set uv configuration for production
ENV UV_COMPILE_BYTECODE=1 \
UV_LINK_MODE=copy \
UV_PYTHON_DOWNLOADS=never
WORKDIR /app
# Copy dependency files first for better caching
COPY pyproject.toml uv.lock* ./
# Create virtual environment at /app/.venv and install dependencies
RUN uv sync --frozen --no-dev
# Production stage
FROM python:3.13-alpine AS production
# Install runtime dependencies only
RUN apk add --no-cache \
postgresql-libs \
wget
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
VIRTUAL_ENV=/app/.venv \
PATH="/app/.venv/bin:$PATH" \
WORKERS_COUNT=1 \
UV_PROJECT_ENVIRONMENT=/app/.venv
WORKDIR /app
# Create a non-privileged user and group for running the application
RUN addgroup -g 1001 -S uvicorn \
&& adduser -u 1001 -S uvicorn -G uvicorn \
&& mkdir -p /home/uvicorn \
&& chown -R uvicorn:uvicorn /home/uvicorn \
&& chown -R uvicorn:uvicorn /app
# Copy virtual environment from builder stage
COPY --from=builder --chown=uvicorn:uvicorn /app/.venv /app/.venv
# Copy application code
COPY --chown=uvicorn:uvicorn ./app ./
# Copy uv from builder stage (after changing ownership for efficiency)
COPY --from=builder /usr/local/bin/uv /usr/local/bin/uv
# Switch to non-privileged user
USER uvicorn
EXPOSE 8799
# Healthcheck to monitor application status
HEALTHCHECK \
--interval=10s \
--timeout=10s \
--start-period=5s \
--retries=3 \
CMD wget --quiet --output-document=/dev/null --timeout=8 http://127.0.0.1:8080/ || exit 1
# Use exec form for better signal handling
CMD ["/bin/sh", "-c", "alembic upgrade head && uvicorn app.main:app --host 0.0.0.0 --port 8799 --forwarded-allow-ips '*' --proxy-headers --workers ${WORKERS_COUNT}"]