m4.2_sql_to_arc/docker/Dockerfile.sql_to_arc at 7a51bbbc80afb2db89ad8112b09af331ea203854 · fairagro/m4.2_sql_to_arc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# ---- Package Build Stage ----
FROM python:3.12.12-alpine3.23 AS package-builder

WORKDIR /build

# Copy project files needed for package build
COPY pyproject.toml uv.lock ./
COPY middleware ./middleware

# Upgrade pip and install uv
RUN pip install --no-cache-dir --upgrade pip==25.3 uv==0.9.27

# We prefer to build a wheel for our package first. This ensures we have a clean,
# distributable artifact that contains only the necessary files.
RUN uv build --package sql_to_arc --wheel


# ---- Binary Build Stage ----
FROM python:3.12.12-alpine3.23 AS binary-builder

# Install build tools for PyInstaller
RUN apk add --no-cache \
    build-base=0.5-r3 \
    python3-dev=3.12.12-r0 \
    libffi-dev=3.5.2-r0 \
    openssl-dev=3.5.5-r0 \
    cargo=1.91.1-r0 \
    git=2.52.0-r0

WORKDIR /build

# Install uv core tool
RUN pip install --no-cache-dir --upgrade pip==25.3 uv==0.9.27

# Bring in the pre-built wheel and project metadata
COPY --from=package-builder /build/dist/*.whl /tmp/wheels/
COPY pyproject.toml uv.lock ./

# We still need the source code because uv sync requires all workspace members (e.g., middleware/sql_to_arc)
# to be physically present to validate the environment against the lockfile.
COPY middleware ./middleware

# Dependency Resolution Strategy:
# 1. We would prefer to install everything as wheels for speed and reliability.
# 2. However, some dependencies (especially git-based ones like api_client) are not available
#    as pre-built wheels on PyPI.
# 3. Thus, we use 'uv sync' to create a virtual environment (.venv) and resolve all
#    complex dependencies exactly as specified in the uv.lock.
RUN uv sync --no-dev

# 4. Finally, for packages like sql_to_arc that exist both as a workspace dependency
#    and as a pre-built wheel, we explicitly 'uv pip install' the wheel. This ensures
#    we use our optimized, pre-built package instead of the 'editable' source install.
RUN uv pip install /tmp/wheels/*.whl pyinstaller

# Build standalone binary using the .venv's context.
RUN . .venv/bin/activate && \
    python -m PyInstaller --onedir \
    --name sql_to_arc \
    /build/middleware/sql_to_arc/src/middleware/sql_to_arc/main.py


# ---- Runtime Stage ----
FROM alpine:3.23.3

WORKDIR /middleware

# Create non-root user and group
RUN addgroup -S sql_to_arc && \
    adduser -S -H -G sql_to_arc sql_to_arc

# Copy the entire directory created by --onedir with correct ownership
COPY --chown=sql_to_arc:sql_to_arc --from=binary-builder /build/dist/sql_to_arc /middleware/sql_to_arc

USER sql_to_arc

# Execute the binary inside the directory
CMD ["/middleware/sql_to_arc/sql_to_arc"]