v1

Dockerfile

@@ -0,0 +1,59 @@
+FROM python:3.11-slim AS builder
+
+WORKDIR /app
+
+# Install build deps
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements and install into a target directory
+COPY /requirements.txt /app/requirements.txt
+RUN python -m pip install --upgrade pip && \
+    # install into a prefix so console_scripts (gunicorn) are placed into /app/_deps/bin
+    python -m pip install --no-cache-dir --upgrade --prefix /app/_deps -r /app/requirements.txt
+
+COPY . /app/src
+
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Create non-root user
+RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
+
+# Copy installed deps from builder
+COPY --from=builder /app/_deps /app/_deps
+ENV PYTHONPATH=/app/_deps/lib/python3.11/site-packages:/app
+ENV PATH=/app/_deps/bin:$PATH
+
+# Copy application code
+COPY --from=builder /app/src /app
+
+# Copy entrypoint and make executable
+COPY /entrypoint.sh /app/entrypoint.sh
+RUN chmod +x /app/entrypoint.sh
+
+# Ensure minimal runtime packages are present (curl used by healthcheck and some runtime scripts)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /app/data \
+    && chown -R appuser:appgroup /app/data
+
+USER appuser
+
+ENV FLASK_APP=app.py
+ENV FLASK_RUN_HOST=0.0.0.0
+ENV PYTHONUNBUFFERED=1
+ENV GUNICORN_WORKERS=2
+ENV GUNICORN_TIMEOUT=30
+
+EXPOSE 5002
+
+# Docker HEALTHCHECK: check the /health endpoint
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -f http://localhost:5002/health || exit 1
+
+# Default to the entrypoint script which computes worker count if not provided
+ENTRYPOINT ["/app/entrypoint.sh"]