Spaces:
Running
Running
| # Flow UI Container | |
| # Production-ready deployment with uvicorn workers | |
| FROM python:3.11-slim AS base | |
| WORKDIR /app | |
| # Install system dependencies | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| git \ | |
| curl \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Install uv for fast dependency management | |
| RUN pip install --no-cache-dir uv | |
| # ------------------------------------------------------------------- | |
| # Builder stage: install dependencies | |
| # ------------------------------------------------------------------- | |
| FROM base AS builder | |
| # Copy files needed for build (hatchling requires README.md) | |
| COPY pyproject.toml uv.lock README.md ./ | |
| # Install dependencies to system (no venv needed in container) | |
| RUN uv pip install --system . | |
| # ------------------------------------------------------------------- | |
| # Final stage: copy app and run | |
| # ------------------------------------------------------------------- | |
| FROM base AS final | |
| # Copy installed packages from builder | |
| COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages | |
| COPY --from=builder /usr/local/bin /usr/local/bin | |
| # Copy application source (includes pre-built frontend in src/flow/ui/ui/) | |
| COPY src/ ./src/ | |
| # Copy files needed for package install | |
| COPY pyproject.toml README.md ./ | |
| # Install the app itself (editable, uses already-installed deps) | |
| RUN uv pip install --system --no-deps -e . | |
| # Create non-root user for security | |
| RUN useradd --create-home --shell /bin/bash flowuser | |
| RUN mkdir -p /app/data && chown -R flowuser:flowuser /app | |
| USER flowuser | |
| # Configuration | |
| ENV PORT=7860 | |
| ENV FLOW_DATA_DIR=/app/data | |
| ENV UVICORN_WORKERS=2 | |
| # Auth is disabled by default - enable via HF Space Secrets or .env: | |
| # AUTH_ENABLED=true | |
| # AUTH_MODE=github (or basic) | |
| # AUTH_SECRET=<random-string> | |
| # AUTH_GITHUB_CLIENT_ID=<your-client-id> | |
| # AUTH_GITHUB_CLIENT_SECRET=<your-secret> | |
| # AUTH_GITHUB_ALLOWED_USERS=user1,user2 | |
| # Expose the port | |
| EXPOSE ${PORT} | |
| # Health check - matches the actual endpoint in main.py | |
| HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \ | |
| CMD curl -f http://localhost:${PORT}/api/health || exit 1 | |
| # Production uvicorn with multiple workers | |
| # - workers: handle concurrent requests (CPU-bound, use 2-4 for most cases) | |
| # - For I/O bound (which this is), uvicorn's async handles concurrency well | |
| # - limit-concurrency prevents overload | |
| CMD uvicorn flow.ui.main:app \ | |
| --host 0.0.0.0 \ | |
| --port ${PORT} \ | |
| --workers ${UVICORN_WORKERS} \ | |
| --limit-concurrency 100 \ | |
| --timeout-keep-alive 30 | |