forked from ruvnet/RuView
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (76 loc) · 2.07 KB
/
Dockerfile
File metadata and controls
104 lines (76 loc) · 2.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Multi-stage build for WiFi-DensePose production deployment
FROM python:3.11-slim as base
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Install system dependencies
RUN apt-get update && apt-get install -y \
build-essential \
curl \
git \
libopencv-dev \
python3-opencv \
&& rm -rf /var/lib/apt/lists/*
# Create app user
RUN groupadd -r appuser && useradd -r -g appuser appuser
# Set work directory
WORKDIR /app
# Copy requirements first for better caching
COPY requirements.txt .
# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Development stage
FROM base as development
# Install development dependencies
RUN pip install --no-cache-dir \
pytest \
pytest-asyncio \
pytest-mock \
pytest-benchmark \
black \
flake8 \
mypy
# Copy source code
COPY . .
# Change ownership to app user
RUN chown -R appuser:appuser /app
USER appuser
# Expose port
EXPOSE 8000
# Development command
CMD ["uvicorn", "src.api.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
# Production stage
FROM base as production
# Copy only necessary files
COPY requirements.txt .
COPY src/ ./src/
COPY assets/ ./assets/
# Create necessary directories
RUN mkdir -p /app/logs /app/data /app/models
# Change ownership to app user
RUN chown -R appuser:appuser /app
USER appuser
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Expose port
EXPOSE 8000
# Production command
CMD ["uvicorn", "src.api.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "4"]
# Testing stage
FROM development as testing
# Copy test files
COPY tests/ ./tests/
# Run tests
RUN python -m pytest tests/ -v
# Security scanning stage
FROM production as security
# Install security scanning tools
USER root
RUN pip install --no-cache-dir safety bandit
# Run security scans
RUN safety check
RUN bandit -r src/ -f json -o /tmp/bandit-report.json
USER appuser