-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
75 lines (56 loc) · 2.27 KB
/
Dockerfile
File metadata and controls
75 lines (56 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# ============================================================
# API-Watch — Multi-stage Production Dockerfile
# Stage 1: Build React frontend (Node 22)
# Stage 2: Production Python backend (Python 3.11-slim)
# ============================================================
# ── Stage 1: Frontend Build ─────────────────────────────────
FROM node:22-alpine AS frontend-build
WORKDIR /build
# Install deps first (layer cache — only re-run if package.json changes)
COPY frontend/package.json frontend/package-lock.json* ./
RUN npm ci --prefer-offline
# Copy frontend source and build
COPY frontend/ ./
ARG VITE_API_URL=""
ENV VITE_API_URL=${VITE_API_URL}
RUN npm run build
# ── Stage 2: Production Backend ─────────────────────────────
FROM python:3.11-slim AS production
# Prevent Python from writing .pyc files and enable unbuffered stdout/stderr
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
# Default port (Azure App Service sets PORT automatically)
PORT=8000
WORKDIR /app
# Install system dependencies needed by asyncpg, bcrypt, etc.
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
&& \
rm -rf /var/lib/apt/lists/*
# Install Python dependencies (layer cache — only re-run if requirements.txt changes)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY src/ ./src/
COPY alembic/ ./alembic/
COPY alembic.ini .
COPY examples/ ./examples/
# Copy built frontend from Stage 1
COPY --from=frontend-build /build/dist ./public/
# Copy entrypoint script
COPY docker-entrypoint.sh .
RUN chmod +x docker-entrypoint.sh
# Create non-root user for security
RUN addgroup --system --gid 1001 appgroup && \
adduser --system --uid 1001 --ingroup appgroup appuser
# Create writable directories for the app
RUN mkdir -p /app/data /app/logs && \
chown -R appuser:appgroup /app/data /app/logs
# Switch to non-root user
USER appuser
# Health check — Azure also uses this
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
CMD curl -f http://localhost:${PORT}/health || exit 1
EXPOSE ${PORT}
ENTRYPOINT ["./docker-entrypoint.sh"]