# syntax=docker/dockerfile:1.5 FROM python:3.11-slim AS builder ARG APT_PROXY=http://192.168.88.14:3142 WORKDIR /app # Configure apt to use apt-cacher-ng (overrideable via --build-arg APT_PROXY="") RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy # Install build deps (minimal) RUN apt-get update \ && apt-get install -y --no-install-recommends build-essential ca-certificates \ && rm -rf /var/lib/apt/lists/* # Copy only what's needed for dependency resolution to leverage cache COPY requirements.txt ./requirements.txt # Use BuildKit cache mount for pip wheels/cache to speed up rebuilds when available RUN --mount=type=cache,target=/root/.cache/pip \ python -m pip install --upgrade pip \ && python -m pip install --prefix /app/_deps -r requirements.txt # Copy application source COPY . /app/src FROM python:3.11-slim ARG APT_PROXY=http://192.168.88.14:3142 WORKDIR /app # Configure apt to use apt-cacher-ng in the runtime stage as well RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy # Create non-root user RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser # Copy installed deps from builder COPY --from=builder /app/_deps /app/_deps ENV PYTHONPATH=/app/_deps/lib/python3.11/site-packages:/app ENV PATH=/app/_deps/bin:$PATH # Copy application code and entrypoint COPY --from=builder /app/src /app COPY entrypoint.sh /app/entrypoint.sh RUN chmod +x /app/entrypoint.sh # Install only runtime packages required (curl for healthcheck). keep packages minimal. RUN apt-get update \ && apt-get install -y --no-install-recommends curl ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /app/data \ && chown -R appuser:appgroup /app/data USER appuser ENV FLASK_APP=app.py ENV FLASK_RUN_HOST=0.0.0.0 ENV PYTHONUNBUFFERED=1 ENV GUNICORN_WORKERS=2 ENV GUNICORN_TIMEOUT=30 EXPOSE 5002 # Docker HEALTHCHECK: check the /health endpoint HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -f http://localhost:5002/health || exit 1 # Default to the entrypoint script which computes worker count if not provided ENTRYPOINT ["/app/entrypoint.sh"]