2026-05-09 16:36:18 +02:00
|
|
|
FROM python:3.11-slim AS base
|
|
|
|
|
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
# Install dependencies
|
|
|
|
|
COPY requirements.txt .
|
|
|
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
|
|
|
|
|
|
# Copy app
|
|
|
|
|
COPY app/ app/
|
|
|
|
|
|
2026-05-09 16:40:36 +02:00
|
|
|
# Data dir (will be bind-mounted read-only in production) + non-root user
|
|
|
|
|
RUN mkdir -p /data && \
|
|
|
|
|
useradd -r -u 1001 appuser && \
|
|
|
|
|
chown -R appuser /app /data
|
2026-05-09 16:36:18 +02:00
|
|
|
USER appuser
|
|
|
|
|
|
|
|
|
|
EXPOSE 8001
|
|
|
|
|
|
|
|
|
|
ENV PORT=8001
|
|
|
|
|
|
|
|
|
|
CMD ["sh", "-c", "python -m uvicorn app.main:app --host 0.0.0.0 --port ${PORT}"]
|
