Update docker build and compose

ElliottKasoar · ElliottKasoar · commit 14ecd5f4f5a5 · 2025-10-23T00:49:18.000+01:00
diff --git a/containers/.dockerignore b/containers/.dockerignore
@@ -0,0 +1 @@
+.venv
diff --git a/containers/Dockerfile b/containers/Dockerfile
@@ -1,31 +1,49 @@
-# Install uv
-FROM python:3.12-slim
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+# First, build the application in the `/app` directory
+FROM ghcr.io/astral-sh/uv:bookworm-slim AS builder
+ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy
 
-# Install git, gcc etc.
-RUN apt-get update && apt-get upgrade -y && apt-get install -y git build-essential
-
-# Change the working directory to the `app` directory
-WORKDIR /app
+# Configure the Python directory so it is consistent
+ENV UV_PYTHON_INSTALL_DIR=/python
 
-# Enable bytecode compilation
-ENV UV_COMPILE_BYTECODE=1
+# Only use the managed Python version
+ENV UV_PYTHON_PREFERENCE=only-managed
 
-# Copy from the cache instead of linking since it's a mounted volume
-ENV UV_LINK_MODE=copy
+# Install Python before the project for caching
+RUN uv python install 3.12
 
-# Install dependencies
+WORKDIR /app
 RUN --mount=type=cache,target=/root/.cache/uv \
     --mount=type=bind,source=uv.lock,target=uv.lock \
     --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
-    uv sync -v --locked --no-install-project
+    uv sync --locked --no-install-project --no-dev
+COPY . /app
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --locked --no-dev
 
-# Copy contents into the image
-ADD . /app
+# Then, use a final image without uv
+FROM debian:bookworm-slim
 
-# Sync the project
-RUN --mount=type=cache,target=/root/.cache/uv \
-    uv sync --locked
+# Install git, gcc etc.
+RUN apt-get update && apt-get upgrade -y && apt-get install -y git build-essential
+
+# Setup a non-root user
+RUN groupadd --system --gid 999 nonroot \
+ && useradd --system --gid 999 --uid 999 --create-home nonroot
+
+# Copy the Python version
+COPY --from=builder --chown=python:python /python /python
+
+# Copy the application from the builder
+COPY --from=builder --chown=nonroot:nonroot /app /app
+
+# Place executables in the environment at the front of the path
+ENV PATH="/app/.venv/bin:$PATH"
+
+# Use the non-root user to run our application
+USER nonroot
+
+# Use `/app` as the working directory
+WORKDIR /app
 
-# Run app.py
-CMD ["uv", "run", "run_app.py"]
+# Run the application
+CMD ["ml_peg", "app"]
diff --git a/containers/compose.yml b/containers/compose.yml
@@ -5,4 +5,4 @@ services:
       - 8050:8050
     working_dir: /app
     volumes:
-      - ./:/app
+      - ../ml_peg/app/data:/app/ml_peg/app/data
