|
1 | | -# This sample Dockerfile creates a production-ready container for a LiveKit voice AI agent |
2 | 1 | # syntax=docker/dockerfile:1 |
3 | 2 |
|
4 | | -# Use the official UV Python base image with Python 3.11 on Debian Bookworm |
5 | | -# UV is a fast Python package manager that provides better performance than pip |
6 | | -# We use the slim variant to keep the image size smaller while still having essential tools |
7 | | -FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim |
| 3 | +ARG PYTHON_VERSION=3.11 |
| 4 | +# Fast Python builds using uv on Debian bookworm-slim |
| 5 | +FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-bookworm-slim AS base |
8 | 6 |
|
9 | | -# Keeps Python from buffering stdout and stderr to avoid situations where |
10 | | -# the application crashes without emitting any logs due to buffering. |
11 | | -ENV PYTHONUNBUFFERED=1 |
| 7 | +ARG UID=10001 |
12 | 8 |
|
13 | | -# Define the program entrypoint file where your agent is started |
14 | | -ARG PROGRAM_MAIN="src/agent.py" |
15 | | -ENV PROGRAM_MAIN=${PROGRAM_MAIN} |
| 9 | +# Ensures that logs are captured in realtime |
| 10 | +ENV PYTHONUNBUFFERED=1 |
16 | 11 |
|
17 | | -# Create a non-privileged user that the app will run under. |
18 | | -# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user |
19 | | -ARG UID=10001 |
| 12 | +# Create unprivileged user |
20 | 13 | RUN adduser \ |
21 | 14 | --disabled-password \ |
22 | 15 | --gecos "" \ |
23 | | - --home "/home/appuser" \ |
| 16 | + --home "/app" \ |
24 | 17 | --shell "/sbin/nologin" \ |
25 | 18 | --uid "${UID}" \ |
26 | 19 | appuser |
27 | 20 |
|
28 | | -# Install build dependencies required for Python packages with native extensions |
29 | | -# gcc: C compiler needed for building Python packages with C extensions |
30 | | -# python3-dev: Python development headers needed for compilation |
31 | | -# We clean up the apt cache after installation to keep the image size down |
32 | | -RUN apt-get update && \ |
33 | | - apt-get install -y \ |
| 21 | +# System build deps for common Python wheels |
| 22 | +RUN apt-get update && apt-get install -y \ |
34 | 23 | gcc \ |
35 | 24 | python3-dev \ |
36 | | - && rm -rf /var/lib/apt/lists/* |
37 | | - |
38 | | -# Set the working directory to the user's home directory |
39 | | -# This is where our application code will live |
40 | | -WORKDIR /home/appuser |
41 | | - |
42 | | -# Copy all application files into the container |
43 | | -# This includes source code, configuration files, and dependency specifications |
44 | | -# (Excludes files specified in .dockerignore) |
45 | | -COPY . . |
46 | | - |
47 | | -# Change ownership of all app files to the non-privileged user |
48 | | -# This ensures the application can read/write files as needed |
49 | | -RUN chown -R appuser:appuser /home/appuser |
50 | | - |
51 | | -# Switch to the non-privileged user for all subsequent operations |
52 | | -# This improves security by not running as root |
53 | | -USER appuser |
| 25 | + && rm -rf /var/lib/apt/lists/* |
54 | 26 |
|
55 | | -# Create a cache directory for the user |
56 | | -# This is used by UV and Python for caching packages and bytecode |
57 | | -RUN mkdir -p /home/appuser/.cache |
| 27 | +WORKDIR /app |
58 | 28 |
|
59 | | -# Install Python dependencies using UV's lock file |
60 | | -# --locked ensures we use exact versions from uv.lock for reproducible builds |
61 | | -# This creates a virtual environment and installs all dependencies |
62 | | -# Ensure your uv.lock file is checked in for consistency across environments |
| 29 | +# Dependency install first for better caching |
| 30 | +COPY pyproject.toml uv.lock ./ |
| 31 | +RUN mkdir -p src |
63 | 32 | RUN uv sync --locked |
64 | 33 |
|
65 | | -# Pre-download any ML models or files the agent needs |
66 | | -# This ensures the container is ready to run immediately without downloading |
67 | | -# dependencies at runtime, which improves startup time and reliability |
68 | | -RUN uv run "$PROGRAM_MAIN" download-files |
| 34 | +# Copy application code |
| 35 | +COPY . . |
| 36 | +RUN chown -R appuser:appuser /app |
| 37 | +USER appuser |
69 | 38 |
|
70 | | -# Expose the healthcheck port |
71 | | -# This allows Docker and orchestration systems to check if the container is healthy |
72 | | -EXPOSE 8081 |
| 39 | +# Pre-download models/assets at build time |
| 40 | +RUN uv run src/agent.py download-files |
73 | 41 |
|
74 | | -# Run the application using UV |
75 | | -# UV will activate the virtual environment and run the agent |
76 | | -# The "start" command tells the worker to connect to LiveKit and begin waiting for jobs |
77 | | -CMD ["uv", "run", "$PROGRAM_MAIN", "start"] |
| 42 | +# Start the agent |
| 43 | +CMD ["uv", "run", "src/agent.py", "start"] |
0 commit comments