Spaces:
Sleeping
Sleeping
| # Stage 1: Builder | |
| FROM python:3.12-slim-trixie AS builder | |
| # Install uv by copying the binary from the official image | |
| COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ | |
| # Set working directory | |
| WORKDIR /app | |
| # Enable bytecode compilation | |
| ENV UV_COMPILE_BYTECODE=1 | |
| # Copy only dependency files first to leverage Docker layer caching | |
| COPY pyproject.toml uv.lock ./ | |
| # Disable development dependencies | |
| ENV UV_NO_DEV=1 | |
| # Sync the project into a new environment | |
| RUN uv sync --frozen --no-install-project | |
| # Stage 2: Final | |
| FROM python:3.12-slim-trixie | |
| # Set working directory | |
| WORKDIR /app | |
| # Install system dependencies (curl for healthchecks) | |
| RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* | |
| # Create logs directory | |
| RUN mkdir -p logs | |
| # Create a non-root user for security | |
| # Note: HF Spaces runs as user 1000 by default, so we align with that | |
| RUN useradd -m -u 1000 payshield | |
| # Set PYTHONPATH to include the app directory | |
| ENV PYTHONPATH=/app | |
| # Copy the virtual environment from the builder stage | |
| COPY --from=builder /app/.venv /app/.venv | |
| # Ensure the installed binary is on the `PATH` | |
| ENV PATH="/app/.venv/bin:$PATH" | |
| # Copy the rest of the application code | |
| COPY src /app/src | |
| COPY configs /app/configs | |
| COPY models /app/models | |
| COPY entrypoint.sh /app/entrypoint.sh | |
| # Change ownership to the non-root user | |
| RUN chown -R payshield:payshield /app | |
| # Switch to the non-root user | |
| USER 1000 | |
| # Expose ports | |
| # 7860 is the default port for Hugging Face Spaces | |
| EXPOSE 7860 8000 | |
| # Set environment variables for HF Spaces | |
| ENV API_URL="http://localhost:8000/v1/predict" | |
| ENV PORT=7860 | |
| # Use entrypoint script to run both services | |
| CMD ["/bin/bash", "/app/entrypoint.sh"] | |