-
-
Notifications
You must be signed in to change notification settings - Fork 30
Expand file tree
/
Copy pathDockerfile
More file actions
150 lines (115 loc) · 5.1 KB
/
Dockerfile
File metadata and controls
150 lines (115 loc) · 5.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# syntax=docker/dockerfile:1
# ============================================================================
# Build stage: Install depend using Poetry
# ============================================================================
FROM python:3.14-slim AS builder
# Install build dependencies required for compiling Python packages
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
rm -f /etc/apt/apt.conf.d/docker-clean && \
apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
curl
# Install Poetry
ENV POETRY_VERSION=2.3.2 \
POETRY_HOME="/opt/poetry" \
POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_IN_PROJECT=1 \
POETRY_VIRTUALENVS_CREATE=1 \
POETRY_CACHE_DIR=/tmp/poetry_cache
RUN --mount=type=cache,target=/root/.cache \
curl -sSL https://install.python-poetry.org | python3 - && \
ln -s /opt/poetry/bin/poetry /usr/local/bin/poetry
WORKDIR /app
# Copy dependency files first for better layer caching
COPY pyproject.toml poetry.lock ./
# Install dependencies into a virtual environment
# Using --mount=type=cache speeds up rebuilds significantly
RUN --mount=type=cache,target=$POETRY_CACHE_DIR \
poetry install --only=main --no-interaction --no-ansi --no-root
# ============================================================================
# Development builder: Install all dependencies including dev tools
# ============================================================================
FROM builder AS builder-dev
# Install all dependencies including dev (debug_toolbar, pytest, etc.)
RUN --mount=type=cache,target=$POETRY_CACHE_DIR \
poetry install --no-interaction --no-ansi --no-root
# ============================================================================
# Development stage: Full development environment with dev tools
# ============================================================================
FROM python:3.14-slim AS development
LABEL org.opencontainers.image.source="https://github.com/operationcode/back-end"
LABEL org.opencontainers.image.description="Operation Code Backend - Development"
LABEL org.opencontainers.image.licenses="MIT"
# Install runtime dependencies
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
rm -f /etc/apt/apt.conf.d/docker-clean && \
apt-get update && apt-get install -y --no-install-recommends \
libpq5 \
curl \
&& apt-get upgrade -y
# Create non-root user for security
RUN groupadd -r appuser && \
useradd -r -g appuser -u 1000 -m -d /app appuser
# Set environment variables for Python optimization
ENV PYTHONUNBUFFERED=1 \
PYTHONPATH=/app/src \
PATH="/app/.venv/bin:$PATH" \
VIRTUAL_ENV=/app/.venv
WORKDIR /app
# Copy virtual environment with dev dependencies from builder-dev stage
COPY --from=builder-dev --chown=appuser:appuser /app/.venv /app/.venv
# Copy application code
COPY --chown=appuser:appuser ./src ./src
# Set working directory to src for running the application
WORKDIR /app/src
# Switch to non-root user
USER appuser
# Expose port for Django dev server
EXPOSE 8000
# Run Django development server (will be overridden by docker-compose)
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
# ============================================================================
# Production/Runtime stage: Minimal production image (DEFAULT)
# ============================================================================
FROM python:3.14-slim AS runtime
LABEL org.opencontainers.image.source="https://github.com/operationcode/back-end"
LABEL org.opencontainers.image.description="Operation Code Backend - Django API"
LABEL org.opencontainers.image.licenses="MIT"
# Install only runtime dependencies (no build tools)
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
rm -f /etc/apt/apt.conf.d/docker-clean && \
apt-get update && apt-get install -y --no-install-recommends \
libpq5 \
curl \
&& apt-get upgrade -y
# Create non-root user for security
RUN groupadd -r appuser && \
useradd -r -g appuser -u 1000 -m -d /app appuser
# Set environment variables for Python optimization
ENV PYTHONUNBUFFERED=1 \
PYTHONPATH=/app/src \
PATH="/app/.venv/bin:$PATH" \
VIRTUAL_ENV=/app/.venv \
DJANGO_Q_WORKERS=1
WORKDIR /app
# Copy virtual environment from builder stage (production deps only)
COPY --from=builder --chown=appuser:appuser /app/.venv /app/.venv
# Copy application code
COPY --chown=appuser:appuser ./src ./src
# Pre-compile Python bytecode for faster startup
RUN python -m compileall -q ./src/
# Set working directory to src for running the application
WORKDIR /app/src
# Switch to non-root user
USER appuser
# Expose port for Gunicorn
EXPOSE 8000
# Health check endpoint
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD curl -f http://localhost:8000/healthz || exit 1
# Run gunicorn (qcluster disabled - not currently needed)
CMD ["gunicorn", "operationcode_backend.wsgi", "-c", "gunicorn_config.py"]