Spaces:
Running
Running
| # syntax=docker/dockerfile:1.7 | |
| # ----------------------------------------------------------------------------- | |
| # Lightweight Embeddings — multi-stage image (CPU-only by default). | |
| # | |
| # Stage 1 builder compiles wheels from requirements.txt into /install | |
| # Stage 2 runtime slim image with jemalloc + healthcheck + non-root user | |
| # | |
| # Build: | |
| # docker build -t lightweight-embeddings . | |
| # Run: | |
| # docker run --rm -p 7860:7860 lightweight-embeddings | |
| # ----------------------------------------------------------------------------- | |
| ARG PYTHON_VERSION=3.10 | |
| # ============================================================================ | |
| # Stage 1: builder | |
| # ============================================================================ | |
| FROM python:${PYTHON_VERSION}-slim AS builder | |
| ENV PIP_DISABLE_PIP_VERSION_CHECK=1 \ | |
| PIP_NO_CACHE_DIR=0 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 | |
| # Build tools required by torch/transformers wheels with no prebuilt arch. | |
| RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ | |
| --mount=type=cache,target=/var/lib/apt,sharing=locked \ | |
| apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential git ca-certificates | |
| WORKDIR /build | |
| COPY requirements.txt ./ | |
| # CPU torch wheels are an order of magnitude smaller than the CUDA ones. | |
| # Override at build time with: --build-arg TORCH_INDEX_URL=... | |
| ARG TORCH_INDEX_URL=https://download.pytorch.org/whl/cpu | |
| RUN --mount=type=cache,target=/root/.cache/pip,sharing=locked \ | |
| pip install --prefix=/install \ | |
| --extra-index-url "${TORCH_INDEX_URL}" \ | |
| -r requirements.txt | |
| # ============================================================================ | |
| # Stage 2: runtime | |
| # ============================================================================ | |
| FROM python:${PYTHON_VERSION}-slim AS runtime | |
| LABEL org.opencontainers.image.title="lightweight-embeddings" \ | |
| org.opencontainers.image.description="Multilingual text+image embeddings & reranking API" \ | |
| org.opencontainers.image.licenses="MIT" \ | |
| org.opencontainers.image.source="https://github.com/lh0x00/lightweight-embeddings" | |
| ENV PYTHONUNBUFFERED=1 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PIP_DISABLE_PIP_VERSION_CHECK=1 \ | |
| OMP_NUM_THREADS=2 \ | |
| MKL_NUM_THREADS=2 \ | |
| TOKENIZERS_PARALLELISM=false \ | |
| HF_HOME=/home/user/.cache/huggingface \ | |
| PORT=7860 | |
| # jemalloc keeps RSS predictable for workloads with frequent (de)allocations. | |
| RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ | |
| --mount=type=cache,target=/var/lib/apt,sharing=locked \ | |
| apt-get update && apt-get install -y --no-install-recommends \ | |
| libjemalloc2 ca-certificates curl | |
| ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2 | |
| # Non-root. | |
| RUN useradd -m -u 1000 user | |
| USER user | |
| WORKDIR /home/user/app | |
| # Pull the prebuilt site-packages from stage 1. | |
| COPY --from=builder /install /usr/local | |
| # Application source. | |
| COPY --chown=user . . | |
| EXPOSE 7860 | |
| HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \ | |
| CMD curl -fsS http://127.0.0.1:7860/healthz >/dev/null || exit 1 | |
| CMD ["uvicorn", "app:app", \ | |
| "--host", "0.0.0.0", \ | |
| "--port", "7860", \ | |
| "--proxy-headers", \ | |
| "--forwarded-allow-ips", "*"] | |