-
Notifications
You must be signed in to change notification settings - Fork 84
Expand file tree
/
Copy pathDockerfile.optimized
More file actions
60 lines (45 loc) · 2.25 KB
/
Dockerfile.optimized
File metadata and controls
60 lines (45 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Optimized Dockerfile for Lambda functions with minimal dependencies
# This builds each function with ONLY the dependencies it needs
# checkov:skip=CKV_DOCKER_3: "The Dockerfile uses the official AWS Lambda Python base image (public.ecr.aws/lambda/python:3.12-arm64), which already configures the appropriate non-root user for Lambda execution"
# checkov:skip=CKV_DOCKER_2: "The Dockerfile.optimized is specifically designed for AWS Lambda container images, which don't use Docker HEALTHCHECK instructions."
# Use specific version to avoid network issues
FROM ghcr.io/astral-sh/uv:0.9.6 AS uv
# Builder stage - bundle dependencies into Lambda task root
FROM public.ecr.aws/lambda/python:3.12-arm64 AS builder
# Enable bytecode compilation to improve cold-start performance
ENV UV_COMPILE_BYTECODE=1
# Disable installer metadata to create a deterministic layer
ENV UV_NO_INSTALLER_METADATA=1
# Enable copy mode to support bind mount caching
ENV UV_LINK_MODE=copy
# Build argument for function path
ARG FUNCTION_PATH
ARG INSTALL_IDP_COMMON=true
ARG INSTALL_GIT=false
# Create working directory
WORKDIR /build
# Copy idp_common_pkg and requirements for installation
COPY lib/idp_common_pkg /tmp/idp_common_pkg
COPY ${FUNCTION_PATH}/requirements.txt* /build/
# Install all dependencies including idp_common_pkg in one step
# Using mount from uv stage instead of COPY to avoid layer bloat
RUN --mount=from=uv,source=/uv,target=/bin/uv \
--mount=type=cache,target=/root/.cache/uv \
if [ -f /build/requirements.txt ]; then \
sed 's|^\.\./\.\.\(/\.\.\)\?/lib/idp_common_pkg|/tmp/idp_common_pkg|' /build/requirements.txt > /tmp/requirements.txt && \
uv pip install --python python3.12 --target "${LAMBDA_TASK_ROOT}" -r /tmp/requirements.txt && \
rm /tmp/requirements.txt; \
fi && \
rm -rf /tmp/idp_common_pkg
# Final stage - minimal runtime
FROM public.ecr.aws/lambda/python:3.12-arm64
# Conditionally install git (required for mlflow/gitpython)
ARG INSTALL_GIT=false
RUN if [ "$INSTALL_GIT" = "true" ]; then dnf install -y git && dnf clean all; fi
# Copy the runtime dependencies from the builder stage
COPY --from=builder ${LAMBDA_TASK_ROOT} ${LAMBDA_TASK_ROOT}
# Copy function code
ARG FUNCTION_PATH
COPY ${FUNCTION_PATH}/*.py ${LAMBDA_TASK_ROOT}/
# Set handler
CMD ["index.handler"]