-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
113 lines (86 loc) · 2.97 KB
/
Dockerfile
File metadata and controls
113 lines (86 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# syntax=docker/dockerfile:1.9
FROM python:3.12-slim AS build
SHELL ["sh", "-exc"]
# Install build dependencies
RUN <<EOT
apt-get update -qy
apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
build-essential \
curl \
ca-certificates
EOT
# Install uv (only needed in build stage)
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
# uv configuration for optimal Docker builds:
# - UV_LINK_MODE=copy: Don't use hard links (not supported in containers)
# - UV_COMPILE_BYTECODE=1: Byte-compile for faster startup
# - UV_PYTHON_DOWNLOADS=never: Use system Python, don't download
# - UV_PROJECT_ENVIRONMENT=/app: Install into /app virtualenv
ENV UV_LINK_MODE=copy \
UV_COMPILE_BYTECODE=1 \
UV_PYTHON_DOWNLOADS=never \
UV_PYTHON=/usr/local/bin/python3.12 \
UV_PROJECT_ENVIRONMENT=/app
# Sync DEPENDENCIES only (cached until uv.lock/pyproject.toml change)
# This layer is cached separately from application code
COPY uv.lock pyproject.toml ./
RUN uv sync --locked --no-dev --no-install-project --all-extras
# Now install the APPLICATION (separate layer, changes more often)
COPY . /src
WORKDIR /src
RUN uv sync --locked --no-dev --no-editable --all-extras
# Frontend build stage
FROM node:20-slim AS frontend
RUN npm install -g bun
WORKDIR /app/frontend
COPY frontend/package.json frontend/bun.lock* ./
RUN bun install --frozen-lockfile
COPY frontend/ ./
# Copy templates so Tailwind can scan them for utility classes
COPY src/scribbl_py/templates/ ../src/scribbl_py/templates/
RUN bun run build
# Runtime stage - minimal, no build tools, no uv
FROM python:3.12-slim
SHELL ["sh", "-exc"]
# Add virtualenv to PATH
ENV PATH=/app/bin:$PATH
# Create non-root user
RUN <<EOT
groupadd -r app
useradd -r -d /app -g app -N app
EOT
# Install only runtime dependencies (no uv, no build tools)
RUN <<EOT
apt-get update -qy
apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
curl
apt-get clean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EOT
# Copy pre-built virtualenv from build stage
COPY --from=build --chown=app:app /app /app
# Copy built frontend assets, source, and public files
COPY --from=frontend --chown=app:app /app/frontend/dist /app/frontend/dist
COPY --from=frontend --chown=app:app /app/frontend/public /app/frontend/public
COPY --from=frontend --chown=app:app /app/frontend/src /app/frontend/src
# Create data directory for SQLite
RUN mkdir -p /app/data && chown app:app /app/data
USER app
WORKDIR /app
# Smoke test - verify the app can be imported
RUN <<EOT
python -V
python -Im site
python -Ic 'import scribbl_py'
EOT
EXPOSE 8000
# Health check - use /health endpoint, longer start period for app initialization
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Use SIGINT for graceful shutdown
STOPSIGNAL SIGINT
CMD ["uvicorn", "scribbl_py.app:app", "--host", "0.0.0.0", "--port", "8000"]