debug
Browse files- Dockerfile +37 -14
Dockerfile
CHANGED
|
@@ -1,34 +1,57 @@
|
|
| 1 |
# Use an official Python runtime as a parent image
|
| 2 |
FROM python:3.10-slim
|
| 3 |
|
| 4 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
WORKDIR /app
|
| 6 |
|
| 7 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
COPY requirements.txt .
|
| 9 |
|
| 10 |
-
# Install
|
| 11 |
-
|
| 12 |
-
|
|
|
|
| 13 |
|
| 14 |
-
# Copy
|
| 15 |
COPY main.py .
|
| 16 |
|
| 17 |
# --- Define Volumes ---
|
|
|
|
|
|
|
| 18 |
VOLUME /app/data
|
| 19 |
-
VOLUME /
|
| 20 |
# --- End Define Volumes ---
|
| 21 |
|
| 22 |
-
#
|
| 23 |
EXPOSE 8000
|
| 24 |
-
# Make DuckDB UI port 8080 available (default)
|
| 25 |
EXPOSE 8080
|
| 26 |
|
| 27 |
# Define environment variables
|
| 28 |
ENV PYTHONUNBUFFERED=1
|
| 29 |
ENV UI_EXPECTED_PORT=8080
|
| 30 |
-
|
| 31 |
-
|
| 32 |
-
#
|
| 33 |
-
|
| 34 |
-
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
# Use an official Python runtime as a parent image
|
| 2 |
FROM python:3.10-slim
|
| 3 |
|
| 4 |
+
# Define arguments for user/group IDs (optional, but good practice)
|
| 5 |
+
ARG USER_ID=1001
|
| 6 |
+
ARG GROUP_ID=1001
|
| 7 |
+
|
| 8 |
+
# Create a non-root user and group
|
| 9 |
+
# Use standard IDs > 1000. Don't use 'node' or common names if not applicable.
|
| 10 |
+
RUN groupadd --system --gid ${GROUP_ID} appgroup && \
|
| 11 |
+
useradd --system --uid ${USER_ID} --gid appgroup --shell /sbin/nologin --create-home appuser
|
| 12 |
+
|
| 13 |
+
# Set the working directory
|
| 14 |
WORKDIR /app
|
| 15 |
|
| 16 |
+
# Create essential directories and set ownership *before* copying files
|
| 17 |
+
# DuckDB UI often uses ~/.duckdb (which will be /home/appuser/.duckdb)
|
| 18 |
+
# Ensure these are owned by the user *before* VOLUME instruction
|
| 19 |
+
RUN mkdir -p /app/data /home/appuser/.duckdb && \
|
| 20 |
+
chown -R ${USER_ID}:${GROUP_ID} /app /home/appuser/.duckdb
|
| 21 |
+
|
| 22 |
+
# Switch context to the non-root user early for subsequent RUN/COPY commands
|
| 23 |
+
USER appuser
|
| 24 |
+
|
| 25 |
+
# Copy requirements file (as appuser)
|
| 26 |
COPY requirements.txt .
|
| 27 |
|
| 28 |
+
# Install dependencies (as appuser)
|
| 29 |
+
# This also ensures packages are installed in a user-context if applicable
|
| 30 |
+
RUN pip install --no-cache-dir --user --upgrade pip && \
|
| 31 |
+
pip install --no-cache-dir --user -r requirements.txt
|
| 32 |
|
| 33 |
+
# Copy application code (as appuser)
|
| 34 |
COPY main.py .
|
| 35 |
|
| 36 |
# --- Define Volumes ---
|
| 37 |
+
# These paths MUST match the directories the 'appuser' process will write to.
|
| 38 |
+
# Note: We created and chowned these earlier.
|
| 39 |
VOLUME /app/data
|
| 40 |
+
VOLUME /home/appuser/.duckdb
|
| 41 |
# --- End Define Volumes ---
|
| 42 |
|
| 43 |
+
# Expose ports
|
| 44 |
EXPOSE 8000
|
|
|
|
| 45 |
EXPOSE 8080
|
| 46 |
|
| 47 |
# Define environment variables
|
| 48 |
ENV PYTHONUNBUFFERED=1
|
| 49 |
ENV UI_EXPECTED_PORT=8080
|
| 50 |
+
# Ensure Python user packages are in the path
|
| 51 |
+
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 52 |
+
# Set HOME so things like ~/.duckdb resolve correctly
|
| 53 |
+
ENV HOME=/home/appuser
|
| 54 |
+
|
| 55 |
+
# Command to run the application (now runs as appuser)
|
| 56 |
+
# No chmod needed here. Ownership was handled during build.
|
| 57 |
+
CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
|