46 lines
1.0 KiB
Docker
46 lines
1.0 KiB
Docker
# Stage 1: Builder
|
|
FROM python:3.14-slim@sha256:9006fc63e3eaedc00ebc81193c99528575a2f9b9e3fb36d95e94814c23f31f47 AS builder
|
|
|
|
# Install uv
|
|
COPY --from=ghcr.io/astral-sh/uv:latest@sha256:2f2ccd27bbf953ec7a9e3153a4563705e41c852a5e1912b438fc44d88d6cb52c /uv /usr/local/bin/uv
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy dependency files
|
|
COPY pyproject.toml uv.lock ./
|
|
|
|
# Install dependencies
|
|
RUN uv sync --frozen --no-dev --no-install-project
|
|
|
|
# Copy source code
|
|
COPY src ./src
|
|
|
|
# Install the project
|
|
RUN uv sync --frozen --no-dev
|
|
|
|
|
|
# Stage 2: Runtime
|
|
FROM python:3.14-slim@sha256:9006fc63e3eaedc00ebc81193c99528575a2f9b9e3fb36d95e94814c23f31f47
|
|
|
|
# Create non-root user
|
|
RUN useradd --create-home --shell /bin/bash appuser
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy virtual environment from builder
|
|
COPY --from=builder --chown=appuser:appuser /app/.venv /app/.venv
|
|
|
|
# Copy source code
|
|
COPY --from=builder --chown=appuser:appuser /app/src ./src
|
|
|
|
# Set environment
|
|
ENV PATH="/app/.venv/bin:$PATH"
|
|
ENV PORT=3000
|
|
|
|
# Switch to non-root user
|
|
USER appuser
|
|
|
|
EXPOSE 3000
|
|
|
|
CMD ["python", "-m", "grist_mcp.main"]
|