|
|
|
|
@ -19,26 +19,28 @@ COPY pyproject.toml poetry.lock ./
|
|
|
|
|
# Install dependencies
|
|
|
|
|
RUN poetry install --no-root
|
|
|
|
|
|
|
|
|
|
# Use a new slim image for the runtime
|
|
|
|
|
FROM python:3.11-slim as runtime
|
|
|
|
|
# Use Google's distroless Python image for runtime
|
|
|
|
|
FROM gcr.io/distroless/python3:3.11 as runtime
|
|
|
|
|
|
|
|
|
|
# Install necessary tools for running the app, including `make`
|
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
|
make \
|
|
|
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
|
|
|
|
# Set environment variables for Poetry
|
|
|
|
|
ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
|
|
|
|
|
PATH="/app/.venv/bin:$PATH"
|
|
|
|
|
|
|
|
|
|
# Copy Poetry installation from builder
|
|
|
|
|
# Copy Poetry virtual environment from builder
|
|
|
|
|
COPY --from=builder /app/.venv /app/.venv
|
|
|
|
|
|
|
|
|
|
# Copy application files
|
|
|
|
|
COPY . /app/
|
|
|
|
|
# Set environment variables for Python
|
|
|
|
|
ENV PYTHONUNBUFFERED=1 \
|
|
|
|
|
PATH="/app/.venv/bin:$PATH" \
|
|
|
|
|
PYTHONPATH="/app"
|
|
|
|
|
|
|
|
|
|
# Copy only necessary application files
|
|
|
|
|
COPY --chown=nonroot:nonroot . /app/
|
|
|
|
|
|
|
|
|
|
# Delete Tests for production
|
|
|
|
|
RUN rm -rf /app/tests/
|
|
|
|
|
RUN ["rm", "-rf", "/app/tests/"]
|
|
|
|
|
|
|
|
|
|
# Create a directory for any necessary data with proper permissions
|
|
|
|
|
RUN ["mkdir", "-p", "/app/data"]
|
|
|
|
|
|
|
|
|
|
# Switch to non-root user
|
|
|
|
|
USER nonroot
|
|
|
|
|
|
|
|
|
|
# Expose port for the application
|
|
|
|
|
EXPOSE 3000
|
|
|
|
|
@ -46,5 +48,6 @@ EXPOSE 3000
|
|
|
|
|
# Set the working directory
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
# Run `make run` as the entry point
|
|
|
|
|
CMD ["make", "run"]
|
|
|
|
|
# Run the application directly instead of using make
|
|
|
|
|
# Assuming your application is started with python -m app.main or similar
|
|
|
|
|
CMD ["python", "-m", "app.main"]
|
|
|
|
|
|
