# Multi-stage build for Rust Coder Environment # Build context: repo root (contains models.py, problems.json, pyproject.toml, uv.lock) ARG BASE_IMAGE=ghcr.io/meta-pytorch/openenv-base:latest FROM ${BASE_IMAGE} AS builder # 1. Environment Setup USER root WORKDIR /app # Install build essentials for Rust (linker, etc.) RUN apt-get update && \ apt-get install -y --no-install-recommends git curl build-essential ca-certificates && \ rm -rf /var/lib/apt/lists/* # 2. Create the non-root user (Hugging Face default) RUN useradd -m -u 1000 user USER user ENV HOME=/home/user \ PATH=/home/user/.cargo/bin:/home/user/.local/bin:$PATH # 3. Install Rust toolchain as 'user' RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable RUN rustup toolchain install stable # 4. Copy environment code and install Python dependencies WORKDIR $HOME/app/env COPY --chown=user . $HOME/app/env # Install uv (if not present) and then the virtual environment RUN if ! command -v uv >/dev/null 2>&1; then \ curl -LsSf https://astral.sh/uv/install.sh | sh; \ fi RUN --mount=type=cache,target=/home/user/.cache/uv,uid=1000,gid=1000 \ uv sync --no-editable # ------------------------------------------------------------- # Final Runtime Stage # ------------------------------------------------------------- FROM ${BASE_IMAGE} USER root RUN apt-get update && \ apt-get install -y --no-install-recommends curl build-essential ca-certificates && \ rm -rf /var/lib/apt/lists/* # Create the user again in the final stage RUN useradd -m -u 1000 user USER user ENV HOME=/home/user \ PATH="/home/user/app/env/.venv/bin:/home/user/.cargo/bin:$PATH" \ PYTHONPATH="/home/user/app/env:$PYTHONPATH" # Copy Cargo/Rustup from builder and then the local code COPY --from=builder --chown=user /home/user/.cargo /home/user/.cargo COPY --from=builder --chown=user /home/user/.rustup /home/user/.rustup WORKDIR $HOME/app/env COPY --chown=user . $HOME/app/env # Install uv and Python dependencies in the FINAL stage RUN curl -LsSf https://astral.sh/uv/install.sh | sh RUN uv sync --no-editable # ------------------------------------------------------------- # Final Config # ------------------------------------------------------------- EXPOSE 8000 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD curl -f http://localhost:8000/health || exit 1 ENV ENABLE_WEB_INTERFACE=true CMD ["/home/user/app/env/.venv/bin/uvicorn", "server.app:app", "--host", "0.0.0.0", "--port", "8000", "--log-level", "info"]