-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
52 lines (37 loc) · 1.48 KB
/
Copy pathContainerfile
File metadata and controls
52 lines (37 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# syntax=docker/dockerfile:1.7
# Builder stage — installs deps with uv into /app/.venv
FROM python:3.13-slim AS builder
ENV UV_LINK_MODE=copy \
UV_COMPILE_BYTECODE=1 \
UV_PYTHON_DOWNLOADS=never \
PYTHONDONTWRITEBYTECODE=1
COPY --from=ghcr.io/astral-sh/uv:0.5.13 /uv /uvx /usr/local/bin/
WORKDIR /app
# Install deps first (cached layer) then project
COPY pyproject.toml uv.lock README.md ./
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev --no-install-project
COPY src ./src
COPY migrations ./migrations
COPY alembic.ini ./
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev
# Runtime stage — minimal, OpenShift-friendly (random UID, group 0)
FROM python:3.13-slim AS runtime
# Release workflow injects the semver tag here so logs/responses carry the
# real version. Defaults to 'dev' for local builds where no version is set.
ARG RIPTIDE_VERSION=dev
ENV RIPTIDE_VERSION=${RIPTIDE_VERSION}
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH="/app/.venv/bin:$PATH"
WORKDIR /app
COPY --from=builder /app /app
# OpenShift-compatible permissions: group 0, group-writable
# The container will run with a random UID; the GID 0 group is always present.
RUN chgrp -R 0 /app && chmod -R g=u /app && \
mkdir -p /etc/riptide-collector && \
chgrp 0 /etc/riptide-collector && chmod g=u /etc/riptide-collector
EXPOSE 8000
USER 1001
CMD ["uvicorn", "riptide_collector.main:app", "--host", "0.0.0.0", "--port", "8000"]