fix: optimize Dockerfile by refining build dependencies and improving caching strategy

.github/workflows/ci.yml

@@ -26,7 +26,10 @@ jobs:
 
       - name: Locate pip cache directory
         id: pip-cache-dir
-        run: echo "dir=$(python -m pip cache dir)" >> "$GITHUB_OUTPUT"
+        # extra output for debugging
+        run: |
+          echo "dir=$(python -m pip cache dir)" >> "$GITHUB_OUTPUT"
+          echo "dir=$(python -m pip cache dir)"
 
       - name: Cache pip
         uses: actions/cache@v4

Dockerfile

@@ -1,24 +1,38 @@
+# syntax=docker/dockerfile:1.5
 FROM python:3.11-slim AS builder
 
+ARG APT_PROXY=http://192.168.88.14:3142
+
 WORKDIR /app
 
-# Install build deps
+# Configure apt to use apt-cacher-ng (overrideable via --build-arg APT_PROXY="<url>")
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy
-    build-essential \
+
+# Install build deps (minimal)
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends build-essential ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy requirements and install into a target directory
+# Copy only what's needed for dependency resolution to leverage cache
-COPY /requirements.txt /app/requirements.txt
+COPY requirements.txt ./requirements.txt
-RUN python -m pip install --upgrade pip && \
-    # install into a prefix so console_scripts (gunicorn) are placed into /app/_deps/bin
-    python -m pip install --no-cache-dir --upgrade --prefix /app/_deps -r /app/requirements.txt
 
+# Use BuildKit cache mount for pip wheels/cache to speed up rebuilds when available
+RUN --mount=type=cache,target=/root/.cache/pip \
+    python -m pip install --upgrade pip \
+    && python -m pip install --prefix /app/_deps -r requirements.txt
+
+# Copy application source
 COPY . /app/src
 
 FROM python:3.11-slim
 
+ARG APT_PROXY=http://192.168.88.14:3142
+
 WORKDIR /app
 
+# Configure apt to use apt-cacher-ng in the runtime stage as well
+RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy
+
 # Create non-root user
 RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
 
@@ -27,17 +41,14 @@ COPY --from=builder /app/_deps /app/_deps
 ENV PYTHONPATH=/app/_deps/lib/python3.11/site-packages:/app
 ENV PATH=/app/_deps/bin:$PATH
 
-# Copy application code
+# Copy application code and entrypoint
 COPY --from=builder /app/src /app
-
+COPY entrypoint.sh /app/entrypoint.sh
-# Copy entrypoint and make executable
-COPY /entrypoint.sh /app/entrypoint.sh
 RUN chmod +x /app/entrypoint.sh
 
-# Ensure minimal runtime packages are present (curl used by healthcheck and some runtime scripts)
+# Install only runtime packages required (curl for healthcheck). keep packages minimal.
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get update \
-    curl \
+    && apt-get install -y --no-install-recommends curl ca-certificates \
-    ca-certificates \
     && rm -rf /var/lib/apt/lists/* \
     && mkdir -p /app/data \
     && chown -R appuser:appgroup /app/data