-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.api
More file actions
80 lines (60 loc) · 2.37 KB
/
Dockerfile.api
File metadata and controls
80 lines (60 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# --- Stage 1: Production Dependency Builder ---
# Builds a lean virtual environment with only production dependencies.
FROM python:3.11 AS prod_builder
WORKDIR /app
# Upgrade system packages to minimize vulnerabilities
RUN apt-get update && \
apt-get install -y --no-install-recommends build-essential && \
apt-get dist-upgrade -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Copy Poetry files and install only production dependencies
COPY pyproject.toml poetry.lock ./
RUN pip install --upgrade pip setuptools wheel && \
pip install --upgrade poetry && \
poetry cache clear . --all || true && \
for i in 1 2 3; do poetry install --only main --no-root && break || sleep 10; done
# --- Stage 2: Development & Test Dependency Builder ---
# Builds on the production environment, adding development dependencies.
FROM prod_builder AS dev_builder
COPY pyproject.toml poetry.lock ./
RUN pip install --upgrade pip setuptools wheel && \
pip install --upgrade poetry && \
poetry cache clear . --all || true && \
for i in 1 2 3; do poetry install --with dev --no-root && break || sleep 10; done
# --- Stage 3: Tester ---
# Uses the full development environment to run the test suite as a quality gate.
# The build will fail here if any tests fail.
FROM dev_builder AS tester
WORKDIR /app
COPY src ./src
COPY tests ./tests
COPY config ./config
COPY data/dev ./data/dev
COPY pytest.ini .
RUN poetry run pytest
# --- Stage 4: Final Production Image ---
# Creates the final, lean, and secure image for the API server.
FROM python:3.11
WORKDIR /app
# Update system packages and remove build tools to minimize vulnerabilities
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install -y --no-install-recommends libpq-dev gcc && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
apt-get purge -y --auto-remove gcc
# Copy installed dependencies from builder
COPY --from=prod_builder /usr/local /usr/local
# Copy application code
COPY src/ ./src/
COPY infrastructure/ ./infrastructure/
COPY notebooks/ ./notebooks/
COPY config/ ./config/
COPY infrastructure/app.py ./app.py
# Expose the API port
EXPOSE 8000
# Set environment variables (override in ECS/EKS/production)
ENV PYTHONUNBUFFERED=1
# Use uvicorn as the entrypoint (run FastAPI app)
CMD ["poetry", "run", "uvicorn", "src.adapters.api.main:app", "--host", "0.0.0.0", "--port", "8000"]