-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
52 lines (42 loc) · 1.62 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Use a multi-stage build to separate the downloader and final image
FROM python:3.9-slim AS downloader
RUN apt-get update && apt-get install -y \
curl \
libpq-dev \
gcc \
&& rm -rf /var/lib/apt/lists/*
# Create a non-root user
RUN groupadd -r user && useradd -r -g user user
# Create the home directory and necessary directories for the non-root user
RUN mkdir -p /home/user && chown -R user:user /home/user
RUN mkdir -p /home/user/.local/share && mkdir -p /home/user/.local/bin && chown -R user:user /home/user/.local
USER user
# Install Poetry
RUN curl -sSL https://install.python-poetry.org | python -
ENV PATH=$PATH:/home/user/.local/bin
# Generate requirements.txt
COPY --chown=user:user pyproject.toml poetry.lock ./
USER root
RUN poetry update
RUN poetry export -f requirements.txt --output /home/user/requirements.txt --without-hashes
RUN chmod go-w pyproject.toml poetry.lock
USER user
# Final image
FROM python:3.9
WORKDIR /src
# Create a non-root user and switch to it
RUN groupadd -r user && useradd -r -g user user
RUN mkdir -p /home/user && chown -R user:user /home/user
USER user
# Copy dependencies and requirements.txt file
COPY --from=downloader --chown=user:user /home/user/.local ./.local
COPY --from=downloader --chown=user:user /home/user/requirements.txt ./requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt
# Add files
COPY --chown=user:user src/ src/
COPY --chown=user:user .well-known .well-known
COPY --chown=user:user static static
RUN chmod go-w src/ .well-known static
# Run server
EXPOSE 8000
CMD ["sh", "-c", "poetry run uvicorn src.api.main:app --host 0.0.0.0 --port 8000"]