feat: Add Dockerfile (#135)

* feat(dockerfile): add Dockerfile and usage example to Readme

* feat: pin container versions

Author: sttlr

Dockerfile

@@ -0,0 +1,23 @@
+FROM ghcr.io/astral-sh/uv:python3.13-trixie-slim@sha256:69ef6514bf9b7de044514258356fa68a2d94df2e5dc807b5bfbf88fbb35f3a58 AS builder
+
+ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy
+WORKDIR /app
+
+COPY src/ pyproject.toml MANIFEST.in ./
+RUN uv sync --no-dev --no-editable
+
+
+FROM python:3.13-slim-trixie@sha256:47b6eb1efcabc908e264051140b99d08ebb37fd2b0bf62273e2c9388911490c1 AS runtime
+
+RUN groupadd -r metisuser && useradd -r -g metisuser metisuser
+
+WORKDIR /app
+
+COPY --from=builder --chown=metisuser:metisuser /app/.venv /app/.venv
+
+ENV PATH="/app/.venv/bin:$PATH"
+
+WORKDIR /metis
+
+USER metisuser
+ENTRYPOINT ["metis"]

README.md

@@ -78,6 +78,16 @@ To install with **PostgreSQL (pgvector)** backend support:
 uv pip install '.[postgres]'
 ```
 
+### 1.1 **Docker**
+
+```bash
+git clone https://github.com/arm/metis.git
+
+cd metis
+
+docker build -t metis .
+```
+
 ### 2. **Set up LLM Provider**
 
 **OpenAI**
@@ -104,6 +114,24 @@ Finally, run the security analysis across the entire codebase with:
 ```
 review_code
 ```
+
+### 3.1 Docker
+
+Go to your codebase path and run:
+```bash
+docker run --rm -it -v `pwd`:/metis metis
+```
+
+To pass environment variables use `-e`:
+```bash
+docker run --rm -it -v `pwd`:/metis -e "OPENAI_API_KEY=${OPENAI_API_KEY}" metis
+```
+
+You can pass arguments to metis:
+```bash
+docker run --rm -it -v `pwd`:/metis metis --non-interactive --command 'review_code' --output-file results/review_code_results.json
+```
+
 ## Configuration
 
 **Metis Configuration (`metis.yaml`)**