FROM python:3.12-slim AS builder ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ PIP_NO_CACHE_DIR=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 \ POETRY_VIRTUALENVS_IN_PROJECT=true \ POETRY_NO_INTERACTION=1 \ POETRY_HOME="/opt/poetry" ENV PATH="$POETRY_HOME/bin:$PATH" WORKDIR /app # build deps RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ curl \ git \ libpq-dev \ pkg-config \ libcairo2-dev \ && rm -rf /var/lib/apt/lists/* # poetry RUN curl -sSL https://install.python-poetry.org | python3 - COPY flowsint-core/pyproject.toml flowsint-core/poetry.lock* ./flowsint-core/ COPY flowsint-types/pyproject.toml flowsint-types/poetry.lock* ./flowsint-types/ COPY flowsint-enrichers/pyproject.toml flowsint-enrichers/poetry.lock* ./flowsint-enrichers/ COPY flowsint-api/pyproject.toml flowsint-api/poetry.lock* ./flowsint-api/ COPY flowsint-core ./flowsint-core COPY flowsint-types ./flowsint-types COPY flowsint-enrichers ./flowsint-enrichers COPY flowsint-api ./flowsint-api WORKDIR /app/flowsint-api RUN poetry install --no-root # DEV FROM python:3.12-slim AS dev ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ APP_ENV=development \ PATH="/app/flowsint-api/.venv/bin:$PATH" # Install runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ libpq5 \ libcairo2 \ curl \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # Copy virtual environment from builder COPY --from=builder /app/flowsint-api/.venv ./flowsint-api/.venv # Copy application code COPY flowsint-core ./flowsint-core COPY flowsint-types ./flowsint-types COPY flowsint-enrichers ./flowsint-enrichers COPY flowsint-api ./flowsint-api WORKDIR /app/flowsint-api # Make entrypoint executable RUN chmod +x entrypoint.sh EXPOSE 5001 ENTRYPOINT ["./entrypoint.sh"] # Dev command with hot-reload CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "5001", "--reload"] # PROD FROM python:3.12-slim AS production LABEL org.opencontainers.image.source="https://github.com/reconurge/flowsint" LABEL org.opencontainers.image.description="Flowsint API & Worker" LABEL org.opencontainers.image.licenses="Apache-2.0" ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ APP_ENV=production \ PATH="/app/flowsint-api/.venv/bin:$PATH" # Install runtime dependencies only RUN apt-get update && apt-get install -y --no-install-recommends \ libpq5 \ libcairo2 \ curl \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean # Create non-root user RUN groupadd -g 1001 flowsint && \ useradd -u 1001 -g flowsint -s /bin/bash -m flowsint WORKDIR /app # Copy virtual environment from builder (production deps only would require separate install) COPY --from=builder --chown=flowsint:flowsint /app/flowsint-api/.venv ./flowsint-api/.venv # Copy application code COPY --chown=flowsint:flowsint flowsint-core ./flowsint-core COPY --chown=flowsint:flowsint flowsint-types ./flowsint-types COPY --chown=flowsint:flowsint flowsint-enrichers ./flowsint-enrichers COPY --chown=flowsint:flowsint flowsint-api ./flowsint-api WORKDIR /app/flowsint-api # Make entrypoint executable RUN chmod +x entrypoint.sh # Switch to non-root user # USER flowsint EXPOSE 5001 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD curl -f http://localhost:5001/health || exit 1 ENTRYPOINT ["./entrypoint.sh"] # Production command (no reload) CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "5001"]