1- FROM python:3.12.2
21
3- USER root
2+ # Stage 1: Build environment (with Poetry + dependencies installed)
3+ FROM python:3.12-slim AS development_build
44
55ARG VCS_REF="missing"
66ARG BUILD_DATE="missing"
@@ -10,32 +10,32 @@ ENV BUILD_DATE=${BUILD_DATE}
1010ENV PORT=8080
1111
1212LABEL org.label-schema.vcs-ref=${VCS_REF} \
13- org.label-schema.build-date=${BUILD_DATE}
13+ org.label-schema.build-date=${BUILD_DATE} \
14+ vendor="BCROS"
1415
15- LABEL vendor= "BCROS"
16+ USER root
1617
1718ARG APP_ENV \
18- # Needed for fixing permissions of files created by Docker:
19- UID=1000 \
20- GID=1000
19+ UID=1000 \
20+ GID=1000
2121
2222ENV APP_ENV=${APP_ENV} \
23- # python:
24- PYTHONFAULTHANDLER=1 \
25- PYTHONUNBUFFERED=1 \
26- PYTHONHASHSEED=random \
27- PYTHONDONTWRITEBYTECODE=1 \
28- # pip:
29- PIP_NO_CACHE_DIR=1 \
30- PIP_DISABLE_PIP_VERSION_CHECK=1 \
31- PIP_DEFAULT_TIMEOUT=100 \
32- PIP_ROOT_USER_ACTION=ignore \
33- # poetry:
34- POETRY_VERSION=1.3.2 \
35- POETRY_NO_INTERACTION=1 \
36- POETRY_VIRTUALENVS_CREATE=false \
37- POETRY_CACHE_DIR='/var/cache/pypoetry' \
38- POETRY_HOME='/usr/local'
23+ # python:
24+ PYTHONFAULTHANDLER=1 \
25+ PYTHONUNBUFFERED=1 \
26+ PYTHONHASHSEED=random \
27+ PYTHONDONTWRITEBYTECODE=1 \
28+ # pip:
29+ PIP_NO_CACHE_DIR=1 \
30+ PIP_DISABLE_PIP_VERSION_CHECK=1 \
31+ PIP_DEFAULT_TIMEOUT=100 \
32+ PIP_ROOT_USER_ACTION=ignore \
33+ # poetry:
34+ POETRY_VERSION=2. 1.3 \
35+ POETRY_NO_INTERACTION=1 \
36+ POETRY_VIRTUALENVS_CREATE=false \
37+ POETRY_CACHE_DIR='/var/cache/pypoetry' \
38+ POETRY_HOME='/usr/local'
3939
4040SHELL ["/bin/bash" , "-eo" , "pipefail" , "-c" ]
4141
@@ -51,7 +51,7 @@ RUN apt-get update && apt-get upgrade -y \
5151 wait-for-it \
5252 && curl -sSL 'https://install.python-poetry.org' | python - \
5353 && poetry --version \
54- # Cleaning cache:
54+ # Clean up apt cache
5555 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
5656 && apt-get clean -y && rm -rf /var/lib/apt/lists/*
5757
@@ -61,29 +61,30 @@ RUN groupadd -g "${GID}" -r web \
6161 && useradd -d '/code' -g web -l -r -u "${UID}" web \
6262 && chown web:web -R '/code'
6363
64- # Copy only requirements, to cache them in docker layer
64+ # Copy dependency files first (better caching)
6565COPY --chown=web:web ./poetry.lock ./pyproject.toml /code/
6666
67+ # Copy app source
6768COPY --chown=web:web ./src /code/src
6869COPY --chown=web:web ./README.md /code
6970
70- # Project initialization:
71+ # Install dependencies
7172RUN --mount=type=cache,target="$POETRY_CACHE_DIR" \
7273 echo "$APP_ENV" \
74+ && poetry config installer.max-workers 1 \
7375 && poetry version \
74- # Install deps:
7576 && poetry run pip install -U pip \
7677 && poetry install \
77- $(if [ -z ${APP_ENV+x} ] | [ "$APP_ENV" = 'production' ]; then echo '--only main' ; fi) \
78+ $(if [ -z " ${APP_ENV}" | | [ "$APP_ENV" = 'production' ]; then echo '--only main' ; fi) \
7879 --no-interaction --no-ansi
7980
80- # Running as non-root user:
81+ # Run as non-root
8182USER web
8283
83- # The following stage is only for production:
84- # FROM development_build AS production_build
84+ # Stage 2: Production image (lighter)
85+ FROM development_build AS production_build
8586COPY --chown=web:web . /code
8687
87- # ENV PYTHONPATH=/opt/app-root/src
88+ EXPOSE 8080
8889
89- CMD gunicorn --preload -- bind 0.0.0.0:${PORT} --config /code/gunicorn_config.py wsgi:app
90+ CMD gunicorn --bind 0.0.0.0:${PORT} --config /code/gunicorn_config.py wsgi:app
0 commit comments