Spaces:
Running
Running
| # syntax=docker/dockerfile:1.7 | |
| # | |
| # BuildKit cache mounts speed up rebuilds by persisting npm and pip | |
| # package caches across builds (outside the image - they don't bloat | |
| # the final layer). The first `docker compose build` is unchanged; | |
| # subsequent rebuilds skip the network for any unchanged dependency. | |
| # | |
| # The `# syntax=` directive auto-opts into BuildKit on Docker Desktop | |
| # 20.10+; HuggingFace Spaces also supports this directive. Older | |
| # builders silently treat the cache mounts as no-ops, so this file | |
| # remains forward-compatible. | |
| FROM node:22-alpine AS frontend-build | |
| WORKDIR /app/frontend | |
| # Copy lockfile + manifest first so the layer hash only changes when | |
| # deps actually change, not on every source edit. | |
| COPY frontend/package.json frontend/package-lock.json ./ | |
| RUN --mount=type=cache,target=/root/.npm \ | |
| npm ci | |
| COPY frontend/ ./ | |
| ENV REACT_APP_API_URL= | |
| RUN npm run build | |
| FROM python:3.12-slim | |
| RUN useradd -m -u 1000 user | |
| USER user | |
| ENV HOME=/home/user \ | |
| PATH=/home/user/.local/bin:$PATH \ | |
| PYTHONUNBUFFERED=1 | |
| WORKDIR $HOME/app | |
| # Lockfile-equivalent first; cache mount targets the unprivileged | |
| # user's pip cache (uid/gid 1000 matches the `user` account). | |
| COPY --chown=user backend/requirements.txt ./ | |
| RUN --mount=type=cache,target=/home/user/.cache/pip,uid=1000,gid=1000 \ | |
| pip install --user -r requirements.txt | |
| COPY --chown=user backend/ ./ | |
| COPY --chown=user --from=frontend-build /app/frontend/build ./static | |
| EXPOSE 7860 | |
| CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860"] | |