41 lines
1.2 KiB
Docker
41 lines
1.2 KiB
Docker
# syntax=docker/dockerfile:1
|
|
FROM python:3.13-slim
|
|
|
|
# Pull uv binary from the official image (no pip overhead)
|
|
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
|
|
|
|
# Non-root user for security
|
|
RUN adduser --disabled-password --no-create-home appuser
|
|
|
|
WORKDIR /app
|
|
|
|
# Install dependencies first (layer is cached unless lock file changes)
|
|
COPY pyproject.toml uv.lock ./
|
|
RUN uv sync --frozen --no-dev --no-install-project
|
|
|
|
# Copy application source
|
|
COPY src/ ./src/
|
|
|
|
# data.csv is NOT baked into the image — it is mounted at runtime via docker-compose
|
|
# so updates to the CSV don't require a rebuild.
|
|
|
|
RUN chown -R appuser:appuser /app
|
|
USER appuser
|
|
|
|
# WORKDIR=/app → gunicorn CWD is /app → data.csv resolves to /app/data.csv (mounted volume)
|
|
# PYTHONPATH=/app/src → 'app' module resolves to src/app.py
|
|
ENV PYTHONPATH=/app/src
|
|
|
|
EXPOSE 8000
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000')"
|
|
|
|
CMD ["uv", "run", "--no-dev", "gunicorn", \
|
|
"--workers", "2", \
|
|
"--bind", "0.0.0.0:8000", \
|
|
"--access-logfile", "-", \
|
|
"--error-logfile", "-", \
|
|
"app:app"]
|
|
|