-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
91 lines (70 loc) · 3.2 KB
/
Dockerfile
File metadata and controls
91 lines (70 loc) · 3.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# ------------------------------------------------------------------------------
# Stage 1: builder
# - Uses a full Python image with uv to resolve/build dependencies quickly.
# - Installs build deps only here (kept out of final runtime image).
# ------------------------------------------------------------------------------
FROM python:3.11-slim AS builder
# System deps needed to compile some Python packages (adjust as needed).
# Keep this minimal; delete libs that you don't actually need.
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
gcc \
libffi-dev \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install uv (https://github.com/astral-sh/uv)
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
WORKDIR /app
# Copy dependency files
COPY pyproject.toml uv.lock ./
COPY README.md ./
# Create a virtual environment and install dependencies using uv
# uv sync will create a .venv and install all dependencies
RUN uv sync --frozen --no-dev
# ------------------------------------------------------------------------------
# Stage 2: runtime
# - Tiny final image with only runtime libs + dependencies from the builder.
# - Non-root user, safer defaults, minimal attack surface.
# ------------------------------------------------------------------------------
FROM python:3.11-slim AS runtime
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH="/app/.venv/bin:$PATH"
# Add a non-root user for security (UID/GID chosen to avoid collisions).
RUN useradd -u 10001 -m -s /usr/sbin/nologin appuser
WORKDIR /app
# Minimal runtime libs (add only what you truly need at runtime).
# Added libGL and libglib for OpenCV (cv2) support
RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
libgl1 \
libglib2.0-0 \
&& rm -rf /var/lib/apt/lists/*
# Copy the virtual environment from builder
COPY --from=builder --chown=appuser:appuser /app/.venv /app/.venv
# Copy your application code last for better layer caching during dev.
# Adjust paths if your repo layout differs.
COPY backend ./backend
COPY libs ./libs
COPY scripts/download_dataset.py /app/
#RUN mkdir -p /app/storage/tmp /app/storage/.sync /app/storage/emb_model_cache && \
# chown -R appuser:appuser /app/storage \
# Crea le directory necessarie e assegna la proprietà all'utente non-root
RUN mkdir -p /app/storage/emb_model_cache && \
chown -R appuser:appuser /app/storage
RUN mkdir -p /app/data/tmp /app/data/sync /app/data/recommender/processed /app/data/recommender/raw && \
chown -R appuser:appuser /app/data
# Download dataset as appuser (not root)
USER appuser
RUN python /app/download_dataset.py
USER root
# Create merged_files directory for knowledge graph builder
RUN mkdir -p /app/libs/llm_graph_builder/merged_files && \
chmod -R 777 /app/libs/llm_graph_builder/merged_files
# Uvicorn port (matches docker-compose mapping).
EXPOSE 5000
# Default command is for the API; docker-compose overrides this for the worker.
# In compose, you already run:
# api: command: uvicorn backend.app:app --host 0.0.0.0 --port 5000 --reload
# Keeping a sensible default helps when running the image directly.
CMD ["uvicorn", "backend.app:app", "--host", "0.0.0.0", "--port", "5000"]