| FROM python:3.11-slim | |
| # cache-bust: 2026-05-10 | |
| WORKDIR /app | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| curl git ca-certificates gnupg && \ | |
| # Install kubectl | |
| curl -fsSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \ | |
| -o /usr/local/bin/kubectl && \ | |
| chmod +x /usr/local/bin/kubectl && \ | |
| rm -rf /var/lib/apt/lists/* | |
| COPY pyproject.toml . | |
| RUN pip install --no-cache-dir \ | |
| httpx requests jinja2 \ | |
| google-cloud-monitoring google-cloud-logging google-cloud-pubsub \ | |
| google-auth kubernetes rich python-dotenv \ | |
| fastapi uvicorn[standard] aiofiles pydantic | |
| COPY . . | |
| # HF Spaces runs as user 1000 β ensure data dirs are writable | |
| RUN mkdir -p data docs/postmortems && chmod -R 777 data docs | |
| # HF Spaces port | |
| EXPOSE 7860 | |
| # ββ HF Space Secrets (minimal β see docs/HF_SPACE_SETUP.md) βββββββββββββββββββ | |
| # HF_TOKEN=<read + inference capable> | |
| # ATLASOPS_USE_HF_INFERENCE=1 | |
| # AGENT_MODEL=your-org/merged-atlasops-7b-grpo # Hub id after merging LoRA | |
| # JUDGE_MODEL=Qwen/Qwen2.5-72B-Instruct-AWQ # or a smaller HF id Router allows | |
| # Optional: ATLASOPS_LIVE_JUDGE=1|0 (defaults ON when inference pack enabled) | |
| # | |
| # Comms out (optional): | |
| # DISCORD_WEBHOOK_URL # Server Settings β Integrations β Webhooks β channel URL | |
| # SLACK_WEBHOOK_URL | |
| # Existing cluster / Grafana wiring: | |
| # PROMETHEUS_URL, ALERTMANAGER_URL, JAEGER_URL, GRAFANA_URL, ARGOCD_URL, BOUTIQUE_URL | |
| # ATLASOPS_API_KEY, ALERTMANAGER_WEBHOOK_SECRET | |
| # If kubectl cannot reach GKE from this container (typical HF Space): | |
| # ATLASOPS_SKIP_KUBECTL_INJECT=1 | |
| CMD ["python", "app.py"] | |