1- FROM ghcr .io/astral-sh/uv:alpine
1+ FROM quay .io/centos/centos:stream9
22
33# Set default MCP transport if not provided
44ENV MCP_TRANSPORT=stdio
55
6- # Install Python 3.11 and required build dependencies
7- RUN apk add --no-cache python3 python3-dev py3-pip build-base
6+ # Install Python 3.11, pip, and build dependencies
7+ RUN dnf -y install --setopt=install_weak_deps=False --setopt=tsflags=nodocs \
8+ python3.12 python3.12-devel python3.12-pip gcc make git && \
9+ dnf clean all
10+
11+ # Install uv (universal virtualenv/dependency manager)
12+ RUN pip3.12 install --no-cache-dir --upgrade pip && \
13+ pip3.12 install --no-cache-dir uv
14+
15+ # Copy project files to working directory
16+ WORKDIR /app
17+
18+ # Set ownership to the user we created. Group 0 (root) is important for OpenShift compatibility.
19+ RUN chown 1001:0 /app
20+
21+ # Switch to the non-root user *before* copying files and installing dependencies
22+ USER 1001
823
9- # Copy project files to user's home directory (no permission issues)
1024COPY pyproject.toml ./
1125COPY .python-version ./
1226COPY uv.lock ./
1327COPY README.md ./
1428# Copy application files (needed for editable install)
1529COPY ./src/ ./
1630
17- # Install dependencies - no permission changes needed
18- RUN uv sync --no-cache --locked
31+ # Install dependencies
32+ RUN uv sync --no-cache --locked && \
33+ chgrp -R 0 /app && \
34+ chmod -R g+rwX /app
1935
2036# Environment variables (set these when running the container)
2137# SNOWFLAKE_BASE_URL - Snowflake API base URL (optional, defaults to Red Hat's instance)
@@ -27,4 +43,4 @@ RUN uv sync --no-cache --locked
2743# Expose metrics port
2844EXPOSE 8000
2945
30- CMD ["uv" , "run" ,"--no-cache" , "python" , "mcp_server.py" ]
46+ CMD ["uv" , "run" , "--no-cache" , "python" , "mcp_server.py" ]
0 commit comments