sumit-server / Dockerfile
rockerritesh's picture
Upload Dockerfile with huggingface_hub
ecec7b5 verified
Raw
History Blame Contribute Delete
2.59 kB
# All-in-one Tatva deployment for a SINGLE Hugging Face Space.
#
# Clones the private monorepo with a GitHub PAT (build secret GITHUB_TOKEN),
# builds the Next.js dashboard, installs the MCP server + FastAPI control plane,
# and runs all of them behind nginx on port 7860 via supervisord.
#
# This file is self-contained (it clones rather than COPYs) so it can be the
# root Dockerfile of a thin HF Space — the same pattern as `sumit-server`.
#
# Build (local):
# echo -n "$GITHUB_PAT" | docker build -f deploy/Dockerfile \
# --secret id=GITHUB_TOKEN,src=/dev/stdin -t tatva-aio .
# HF Space: add a Space secret GITHUB_TOKEN; HF passes it as a build secret.
ARG REPO=github.com/rockerritesh/sumit-mcp-server.git
# ---------- stage 1: build the Next.js dashboard ----------
FROM node:20-slim AS web
ARG REPO
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
WORKDIR /src
RUN --mount=type=secret,id=GITHUB_TOKEN \
git clone https://x-access-token:$(cat /run/secrets/GITHUB_TOKEN)@${REPO} .
WORKDIR /src/portal/web
RUN npm install --legacy-peer-deps && npm run build
# ---------- stage 2: runtime (python + node + nginx + supervisor) ----------
FROM python:3.13-slim
ARG REPO
RUN apt-get update \
&& apt-get install -y git nginx supervisor curl ca-certificates \
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
WORKDIR /app
RUN --mount=type=secret,id=GITHUB_TOKEN \
git clone https://x-access-token:$(cat /run/secrets/GITHUB_TOKEN)@${REPO} .
# MCP server deps (repo root) + control-plane deps (portal/api)
ENV UV_CACHE_DIR=/app/.cache/uv
RUN uv sync --no-dev \
&& cd portal/api && uv sync --no-dev
# Next.js standalone server from the build stage (tracing root pinned to web/,
# so server.js + node_modules sit at .next/standalone/).
COPY --from=web /src/portal/web/.next/standalone/ /app/portal/web/
COPY --from=web /src/portal/web/.next/static /app/portal/web/.next/static
COPY --from=web /src/portal/web/public /app/portal/web/public
# Process + proxy config (from the cloned repo)
RUN cp deploy/nginx.conf /etc/nginx/nginx.conf \
&& cp deploy/supervisord.conf /etc/supervisor/conf.d/tatva.conf \
&& mkdir -p /app/.cache && chmod -R 777 /app/.cache
# Control-plane + MCP read all other config (MONGO_URI, JWT_SECRET, QDRANT_*,
# PLATFORM_ADMINS, STRIPE_*) from Space secrets injected as env vars at runtime.
EXPOSE 7860
CMD ["supervisord", "-c", "/etc/supervisor/conf.d/tatva.conf"]