generated from ilkersigirci/python-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
123 lines (97 loc) · 3.39 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
ARG BASE_IMAGE=debian:bookworm-slim
ARG PYTHON_VERSION=3.11
#
# Stage: staging
#
FROM python:${PYTHON_VERSION}-slim-bookworm AS staging
# FIXME: /bin/sh rye not found
# FROM ${BASE_IMAGE} AS staging
WORKDIR /app
RUN \
--mount=type=cache,target=/var/lib/apt/lists \
--mount=type=cache,target=/var/cache/apt/archives \
apt-get update -y \
&& apt-get install -y --no-install-recommends \
curl \
build-essential
# && apt-get clean \
# && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives
ENV RYE_HOME="/opt/rye"
ENV PATH="$RYE_HOME/shims:$PATH"
RUN curl -sSf https://rye.astral.sh/get | RYE_NO_AUTO_INSTALL=1 RYE_INSTALL_OPTION="--yes" bash
# TODO: Find out the way to use local config.toml
# COPY config.toml /opt/rye/config.toml
RUN rye config --set-bool behavior.use-uv=true
#
# Stage: development
#
FROM staging AS development
WORKDIR /app
ENV \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
UV_CACHE_DIR=/opt/rye/.cache/uv
RUN --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
--mount=type=bind,source=requirements.lock,target=requirements.lock \
--mount=type=bind,source=requirements-dev.lock,target=requirements-dev.lock \
--mount=type=bind,source=.python-version,target=.python-version \
--mount=type=bind,source=README.md,target=README.md \
--mount=type=bind,source=src,target=src \
--mount=type=cache,target=/opt/rye/.cache/uv \
rye sync --no-lock
COPY . .
# TODO: Find out the way to set host to 0.0.0.0 using settings.py
# NOTE: --reload gives OS file watch warning
CMD ["rye", "run", "uvicorn", "bert_score_api.app:create_app", "--host", "0.0.0.0", "--port", "8888"]
#
# Stage: build
#
FROM staging AS build
ENV \
UV_CACHE_DIR=/opt/rye/.cache/uv
RUN --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
--mount=type=bind,source=requirements.lock,target=requirements.lock \
--mount=type=bind,source=requirements-dev.lock,target=requirements-dev.lock \
--mount=type=bind,source=.python-version,target=.python-version \
--mount=type=bind,source=README.md,target=README.md \
--mount=type=bind,source=src,target=src \
--mount=type=cache,target=/opt/rye/.cache/uv \
rye build --wheel --clean
#
# Stage: production
#
ARG PYTHON_VERSION=3.11
FROM python:${PYTHON_VERSION}-slim-bookworm AS production
ARG UID=1000
ARG GID=1000
ENV \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PIP_ROOT_USER_ACTION=ignore \
UV_SYSTEM_PYTHON=1 \
# UV_REQUIRE_HASHES=true \
UV_NO_CACHE=1
WORKDIR /app
COPY --from=build /app/dist/*.whl ./
RUN \
--mount=type=bind,source=requirements.lock,target=requirements.lock \
sed '/-e/d' requirements.lock > requirements.txt \
&& pip install *.whl -r requirements.txt
# FIXME: uv can't install from wheel
# RUN python -m pip install --no-cache-dir uv==0.1.44 \
# && uv pip install *.whl -r requirements.txt
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonroot_home" \
--shell "/sbin/nologin" \
--uid "${UID}" \
appuser
RUN chown -R appuser:appuser /app
# Switch to the non-privileged user to run the application.
USER appuser
CMD ["uvicorn", "bert_score_api.app:create_app", "--host", "0.0.0.0", "--port", "8888"]