m4.2_advanced_middleware_api/docker/Dockerfile.api at 2cd216b403f7b8a812b013a78dbf5c740365134c · fairagro/m4.2_advanced_middleware_api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# ---- Package Build Stage ----
FROM python:3.12.13-alpine3.23 AS package-builder

# Accept PEP 440 compliant version from CI
ARG APP_VERSION=0.0.0

# Set as environment variables for the build process
# SETUPTOOLS_SCM_PRETEND_VERSION overrides dynamic version discovery from Git
ENV SETUPTOOLS_SCM_PRETEND_VERSION=${APP_VERSION}

WORKDIR /build

# Copy project files needed for package build
COPY pyproject.toml uv.lock ./
COPY middleware ./middleware

# Upgrade pip and install uv
RUN pip install --no-cache-dir --upgrade pip==26.1.1 uv==0.11.16

# Build wheels
RUN uv build --package fairagro-middleware-shared --wheel && \
    uv build --package api --wheel


# ---- Binary Build Stage ----
FROM python:3.12.13-alpine3.23 AS binary-builder

# Install build tools for PyInstaller
RUN apk add --no-cache \
    build-base=0.5-r3 \
    python3-dev=3.12.13-r0 \
    libffi-dev=3.5.2-r0 \
    openssl-dev=3.5.6-r0 \
    cargo=1.91.1-r1 \
    musl-utils=1.2.5-r23 \
    libssl3=3.5.6-r0

WORKDIR /build

# Install uv and PyInstaller
RUN pip install --no-cache-dir --upgrade pip==26.1.1 uv==0.11.16

# Copy built wheel from package-builder stage
COPY --from=package-builder /build/dist/*.whl /tmp/wheels/

# Install the API package from wheel
RUN uv pip install --system /tmp/wheels/*.whl

# Install PyInstaller
RUN uv pip install --system pyinstaller

# Build standalone binary with PyInstaller
RUN pyinstaller --onedir \
    --name middleware-api \
    --hidden-import "middleware.api.worker" \
    --hidden-import "middleware.api.worker.celery_app" \
    --hidden-import "middleware.api.worker.worker" \
    --hidden-import "celery.app.amqp" \
    --hidden-import "celery.app.control" \
    --hidden-import "celery.app.events" \
    --hidden-import "celery.app.log" \
    --hidden-import "celery.apps.worker" \
    --hidden-import "celery.concurrency.prefork" \
    --hidden-import "celery.events.state" \
    --hidden-import "celery.fixups" \
    --hidden-import "celery.fixups.django" \
    --hidden-import "celery.loaders.app" \
    --hidden-import "celery.worker.autoscale" \
    --hidden-import "celery.worker.components" \
    --hidden-import "celery.worker.consumer" \
    --hidden-import "celery.worker.consumer.delayed_delivery" \
    --hidden-import "celery.worker.strategy" \
    --hidden-import "kombu.transport.pyamqp" \
    --copy-metadata celery \
    --copy-metadata opentelemetry-api \
    --copy-metadata opentelemetry-instrumentation \
    --copy-metadata opentelemetry-instrumentation-fastapi \
    --copy-metadata opentelemetry-instrumentation-celery \
    --copy-metadata opentelemetry-instrumentation-requests \
    --copy-metadata opentelemetry-sdk \
    --copy-metadata requests \
    --copy-metadata pydantic \
    --copy-metadata pydantic-core \
    --copy-metadata fastapi \
    --copy-metadata uvicorn \
    --copy-metadata prompt-toolkit \
    --copy-metadata click \
    --copy-metadata api \
    $(python -c "import middleware.api; print(middleware.api.__file__.replace('__init__.py', 'main.py'))")


# ---- Runtime Stage ----
FROM alpine:3.23.4

WORKDIR /api

ENV UVICORN_HOST=0.0.0.0
ENV UVICORN_PORT=8000
ENV UVICORN_LOG_LEVEL=info

# Create non-root user and group and fix permissions
RUN apk add --no-cache --upgrade \
        curl=8.19.0-r0 \
        git=2.52.0-r0 \
        zlib=1.3.2-r0 \
        tzdata \
        musl-utils=1.2.5-r23 \
        libssl3=3.5.6-r0 && \
    addgroup -S middleware && \
    adduser -S -H -G middleware middleware && \
    chown middleware:middleware /api

COPY --chown=middleware:middleware --from=binary-builder /build/dist/middleware-api /api/middleware-api

# Configure Git system-wide (before switching user) to ensure settings apply
# http.postBuffer: 500MB buffer for large requests
# http.version: Force HTTP/1.1 as HTTP/2 can be unstable
# http.keepAlive: Disable to prevent unexpected connection drops
RUN git config --system http.postBuffer 524288000 \
    && git config --system http.version HTTP/1.1 \
    && git config --system http.keepAlive false

USER middleware

EXPOSE $UVICORN_PORT

CMD ["/api/middleware-api/middleware-api"]

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD ["sh", "-c", "curl -f http://127.0.0.1:${UVICORN_PORT}/v1/liveness"]