54 lines
1.3 KiB
Docker
54 lines
1.3 KiB
Docker
# pull official base uv image
|
|
FROM ghcr.io/astral-sh/uv:python3.14-bookworm-slim
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
libpango-1.0-0 libpangocairo-1.0-0 libgdk-pixbuf2.0-0 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# setup non-root
|
|
RUN groupadd --system --gid 999 nonroot \
|
|
&& useradd --system --gid 999 --uid 999 --create-home nonroot
|
|
|
|
# set workdir
|
|
WORKDIR /app
|
|
|
|
#enable bytecode compilation
|
|
ENV UV_COMPILE_BYTCODE=1
|
|
|
|
# Copy from cache instead of linking since it's a mounted volume
|
|
ENV UV_LINK_MODE=copy
|
|
|
|
# omit developement dependencies
|
|
ENV UV_NO_DEV=1
|
|
|
|
# ensure tools are on path
|
|
ENV UV_TOOL_BIN_DIR=/usr/local/bin
|
|
|
|
# Install project's dependencies
|
|
RUN --mount=type=cache,target=/root/.cache/uv \
|
|
--mount=type=bind,source=uv.lock,target=uv.lock \
|
|
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
|
|
uv sync --locked --no-install-project
|
|
|
|
|
|
# add the project source code and install
|
|
# installing seperatley optimizes layer caching
|
|
COPY . /app
|
|
RUN --mount=type=cache,target=/root/.cache/uv \
|
|
uv sync --locked
|
|
|
|
RUN mkdir -p /app/markdown /app/publihs && \
|
|
chown -R nonroot:nonroot /app
|
|
|
|
# Place executables at the front of path
|
|
ENV PATH="/app/.venv/bin:$PATH"
|
|
|
|
# reset the entrypoint, don't invoke uv
|
|
ENTRYPOINT []
|
|
|
|
# use the non-root user to run app
|
|
USER nonroot
|
|
|
|
# run the app
|
|
CMD ["python", "src/main.py"]
|