| # Stage 1: Frontend Builder | |
| FROM node:20-alpine AS frontend-builder | |
| WORKDIR /app/frontend | |
| COPY frontend/package.json frontend/package-lock.json ./ | |
| RUN npm ci | |
| COPY frontend/ ./ | |
| RUN npm run build | |
| # Stage 2: Final Python Image | |
| FROM python:3.11.9-slim-bookworm AS final | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| curl git gcc libffi-dev libssl-dev ca-certificates \ | |
| && rm -rf /var/lib/apt/lists/* | |
| RUN groupadd -g 1000 appuser && useradd -r -u 1000 -g appuser appuser | |
| WORKDIR /app | |
| COPY backend/requirements.txt ./backend/requirements.txt | |
| RUN pip install --no-cache-dir -r ./backend/requirements.txt | |
| COPY backend/ ./backend/ | |
| COPY --from=frontend-builder /app/frontend/dist ./backend/static | |
| COPY entrypoint.sh /entrypoint.sh | |
| RUN chmod +x /entrypoint.sh | |
| ENV PYTHONDONTWRITEBYTECODE=1 | |
| ENV PYTHONUNBUFFERED=1 | |
| ENV DATA_DIR=/data | |
| EXPOSE 7860 | |
| USER appuser | |
| CMD ["/entrypoint.sh"] |