contact.allucanget.biz/Dockerfile

# syntax=docker/dockerfile:1.5
FROM python:3.11-slim AS builder

ARG APT_PROXY=http://192.168.88.14:3142

WORKDIR /app

# Configure apt to use apt-cacher-ng (overrideable via --build-arg APT_PROXY="<url>")
RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy

# Install build deps (minimal)
RUN apt-get update \
    && apt-get install -y --no-install-recommends build-essential ca-certificates \
    && rm -rf /var/lib/apt/lists/*

# Copy only what's needed for dependency resolution to leverage cache
COPY requirements.txt ./requirements.txt

# Use BuildKit cache mount for pip wheels/cache to speed up rebuilds when available
RUN --mount=type=cache,target=/root/.cache/pip \
    python -m pip install --upgrade pip \
    && python -m pip install --prefix /app/_deps -r requirements.txt

# Copy application source
COPY . /app/src

FROM python:3.11-slim

ARG APT_PROXY=http://192.168.88.14:3142

WORKDIR /app

# Configure apt to use apt-cacher-ng in the runtime stage as well
RUN printf 'Acquire::http::Proxy "%s";\nAcquire::https::Proxy "%s";\n' "$APT_PROXY" "$APT_PROXY" > /etc/apt/apt.conf.d/01proxy

# Create non-root user
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser

# Copy installed deps from builder
COPY --from=builder /app/_deps /app/_deps
ENV PYTHONPATH=/app/_deps/lib/python3.11/site-packages:/app
ENV PATH=/app/_deps/bin:$PATH

# Copy application code and entrypoint
COPY --from=builder /app/src /app
COPY entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

# Install only runtime packages required (curl for healthcheck). keep packages minimal.
RUN apt-get update \
    && apt-get install -y --no-install-recommends curl ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    && mkdir -p /app/data \
    && chown -R appuser:appgroup /app/data

USER appuser

ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
ENV PYTHONUNBUFFERED=1
ENV GUNICORN_WORKERS=2
ENV GUNICORN_TIMEOUT=30

EXPOSE 5002

# Docker HEALTHCHECK: check the /health endpoint
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -f http://localhost:5002/health || exit 1

# Default to the entrypoint script which computes worker count if not provided
ENTRYPOINT ["/app/entrypoint.sh"]