-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
92 lines (72 loc) · 3.27 KB
/
Copy pathDockerfile
File metadata and controls
92 lines (72 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Backend Dockerfile — multi-stage build
# Stage 1 (builder): installs all deps including build tools
# Stage 2 (runtime): copies only what's needed → slim final image
# ─── Stage 1: Builder ────────────────────────────────────────────────────────
FROM python:3.10-slim AS builder
# Build arguments (injected by CI)
ARG BUILD_DATE
ARG GIT_SHA
ARG VERSION=dev
# Prevent .pyc files and buffered output
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
WORKDIR /build
# Install OS build dependencies (needed to compile some Python packages)
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
gcc \
g++ \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install Python dependencies into an isolated prefix
# This lets us copy just the installed packages to the final image
COPY requirements.txt .
RUN pip install --upgrade pip && \
pip install --prefix=/install --no-cache-dir -r requirements.txt
# ─── Stage 2: Runtime ────────────────────────────────────────────────────────
FROM python:3.10-slim AS runtime
ARG BUILD_DATE
ARG GIT_SHA
ARG VERSION=dev
# OCI standard image labels
LABEL org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.revision="${GIT_SHA}" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.title="PRISM Backend" \
org.opencontainers.image.description="Predictive Reliability & Intelligence for Smart Manufacturing — FastAPI backend" \
org.opencontainers.image.source="https://github.com/arcoder181105/manufacturing-intelligence"
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
# Tell Python where to find packages installed to /install
PYTHONPATH=/install/lib/python3.10/site-packages \
PATH=/install/bin:$PATH \
APP_VERSION=${VERSION}
# Install only runtime OS dependencies (no build tools)
RUN apt-get update && apt-get install -y --no-install-recommends \
# curl is needed for the HEALTHCHECK below
curl \
# libgomp is required by XGBoost
libgomp1 \
&& rm -rf /var/lib/apt/lists/*
# Copy installed Python packages from builder
COPY --from=builder /install /install
# Create a non-root user for security
RUN groupadd --gid 1001 appgroup && \
useradd --uid 1001 --gid appgroup --shell /bin/sh --create-home appuser
WORKDIR /app
# Copy application source
COPY --chown=appuser:appgroup api/ api/
COPY --chown=appuser:appgroup src/ src/
# Ensure model and data directories exist with correct ownership
# (actual files mounted at runtime via Docker volumes)
RUN mkdir -p data/raw data/processed data/simulated models reports/shap_plots && \
chown -R appuser:appgroup /app
USER appuser
EXPOSE 8000
# Health check — polls /api/health every 30s
# Gives 60s start_period for model loading before first check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8000/api/health || exit 1
CMD ["uvicorn", "api.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"]