diff --git a/Dockerfile b/Dockerfile index 7ed4809..2dc889c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,38 @@ +# syntax=docker/dockerfile:1.5 FROM python:3.11-slim AS builder +ARG APT_PROXY=http://192.168.88.14:3142 + WORKDIR /app -# Install build deps -RUN apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ +# Configure apt to use apt-cacher-ng (overrideable via --build-arg APT_PROXY="") +RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy + +# Install build deps (minimal) +RUN apt-get update \ + && apt-get install -y --no-install-recommends build-essential ca-certificates \ && rm -rf /var/lib/apt/lists/* -# Copy requirements and install into a target directory -COPY /requirements.txt /app/requirements.txt -RUN python -m pip install --upgrade pip && \ - # install into a prefix so console_scripts (gunicorn) are placed into /app/_deps/bin - python -m pip install --no-cache-dir --upgrade --prefix /app/_deps -r /app/requirements.txt +# Copy only what's needed for dependency resolution to leverage cache +COPY requirements.txt ./requirements.txt +# Use BuildKit cache mount for pip wheels/cache to speed up rebuilds when available +RUN --mount=type=cache,target=/root/.cache/pip \ + python -m pip install --upgrade pip \ + && python -m pip install --prefix /app/_deps -r requirements.txt + +# Copy application source COPY . /app/src FROM python:3.11-slim +ARG APT_PROXY=http://192.168.88.14:3142 + WORKDIR /app +# Configure apt to use apt-cacher-ng in the runtime stage as well +RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy + # Create non-root user RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser @@ -27,17 +41,14 @@ COPY --from=builder /app/_deps /app/_deps ENV PYTHONPATH=/app/_deps/lib/python3.11/site-packages:/app ENV PATH=/app/_deps/bin:$PATH -# Copy application code +# Copy application code and entrypoint COPY --from=builder /app/src /app - -# Copy entrypoint and make executable -COPY /entrypoint.sh /app/entrypoint.sh +COPY entrypoint.sh /app/entrypoint.sh RUN chmod +x /app/entrypoint.sh -# Ensure minimal runtime packages are present (curl used by healthcheck and some runtime scripts) -RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ - ca-certificates \ +# Install only runtime packages required (curl for healthcheck). keep packages minimal. +RUN apt-get update \ + && apt-get install -y --no-install-recommends curl ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /app/data \ && chown -R appuser:appgroup /app/data