-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
86 lines (61 loc) · 1.67 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# syntax=docker/dockerfile:1.9
FROM python:3.11-slim-buster AS base
ENV PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
PYTHONHASHSEED=random
FROM base AS uv
ENV UV_LINK_MODE=copy \
UV_COMPILE_BYTECODE=1 \
UV_PYTHON_DOWNLOADS=never \
UV_PYTHON=python3.11 \
UV_PROJECT_ENVIRONMENT=/app
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN apt-get update -qy \
&& apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false \
ca-certificates \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
FROM uv AS deps-builder
COPY pyproject.toml /_project/
COPY uv.lock /_project/
RUN --mount=type=cache,target=/root/.cache <<EOT
uv venv
EOT
WORKDIR /_project
# install deps
RUN --mount=type=cache,target=/root/.cache <<EOT
uv sync --locked --no-dev --no-install-project
EOT
FROM uv AS project-builder
COPY --from=deps-builder /app /app
COPY . /src
WORKDIR /src
# install project
RUN --mount=type=cache,target=/root/.cache <<EOT
uv sync --locked --no-dev --no-editable
EOT
FROM base AS final
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
ENV PATH=/app/bin:$PATH
RUN <<EOT
groupadd -r app
useradd -r -d /app -g app -N app
EOT
STOPSIGNAL SIGINT
RUN <<EOT
apt-get update -qy
apt-get install -qyy \
-o APT::Install-Recommends=false \
-o APT::Install-Suggests=false
apt-get clean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EOT
COPY docker-entrypoint.sh /
RUN chmod +x '/docker-entrypoint.sh'
ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"]
COPY --from=project-builder --chown=app:app /app /app
USER app
WORKDIR /app