FROM python:3.11-slim-bookworm AS builder WORKDIR /app COPY requirements.txt requirements.txt COPY requirements-dev.txt requirements-dev.txt ARG TEST # Avoid interactive prompts during package installation ENV DEBIAN_FRONTEND=noninteractive # Install gcc and curl for building and downloading packages # Use --no-install-recommends to avoid installing unnecessary packages # Clean up apt cache to reduce image size # Use pip to install Python packages RUN apt-get update && \ apt-get install -y --no-install-recommends \ gcc \ curl && \ pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt && \ # Install development dependencies if TEST is true if [ "$TEST" = "true" ]; then \ pip install --no-cache-dir -r requirements-dev.txt; \ fi && \ # Clean up apt cache and remove gcc and curl to reduce image size apt-get remove -y gcc curl && \ apt-get autoremove -y && \ apt-get clean && rm -rf /var/lib/apt/lists/* # ---- Runtime stage ---- FROM python:3.11-slim-bookworm WORKDIR /app ARG TEST COPY --from=builder /usr/local/lib/python3.11 /usr/local/lib/python3.11 COPY --from=builder /usr/local/bin /usr/local/bin # For faking postgresql in tests RUN if [ "$TEST" = "true" ]; then \ apt-get update && \ apt-get install -y --no-install-recommends \ postgresql \ postgresql-contrib && \ apt-get clean && rm -rf /var/lib/apt/lists/* \ else \ echo "Skipping PostgreSQL installation for non-test build"; \ fi COPY ./entrypoint.sh /app/entrypoint.sh COPY ./src /app/src COPY ./tests /app/tests COPY ./pytest.ini /app/pytest.ini COPY ./.env.test /app/.env.test RUN chmod +x /app/entrypoint.sh ENV PYTHONPATH=/app # Port to expose EXPOSE 8860 # Health Check HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \ CMD [ "curl", "-f", "http://localhost:8860/check_health" ] # Create a non-root user 'appuser' and switch to this user RUN useradd --create-home appuser RUN chown -R appuser:appuser /app USER appuser # CMD with JSON notation CMD ["/app/entrypoint.sh"]