| 1234567891011121314151617181920212223242526272829303132333435 |
- FROM python:3.11-slim
- # Install runtime tools for healthcheck and clean signal handling
- RUN apt-get update && apt-get install -y --no-install-recommends \
- curl tini \
- && rm -rf /var/lib/apt/lists/*
- WORKDIR /app
- # Python/env knobs
- ENV PYTHONDONTWRITEBYTECODE=1 \
- PYTHONUNBUFFERED=1 \
- PIP_NO_CACHE_DIR=1
- # Create a non-root user
- RUN useradd -m -u 10001 appuser
- # Install deps first for better layer caching
- COPY requirements.txt .
- RUN python -m pip install --upgrade pip && \
- pip install --no-cache-dir -r requirements.txt
- # App code
- COPY . .
- # Drop privileges
- USER appuser
- EXPOSE 8000
- # Use tini as PID 1 to handle signals/reaping
- ENTRYPOINT ["tini", "--"]
- # Run uvicorn via module so it’s always found
- CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000"]
|
