-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
131 lines (101 loc) · 3.29 KB
/
Dockerfile
File metadata and controls
131 lines (101 loc) · 3.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Multi-stage Dockerfile for Pixelated Empathy AI
# Optimized for production deployment with security and performance
# Build arguments
ARG BASE_IMAGE=nvcr.io/nvidia/pytorch:26.01-py3
ARG BUILD_DATE
ARG GIT_COMMIT
ARG GIT_BRANCH
ARG VERSION
# Base image for Python dependencies
FROM ${BASE_IMAGE} AS python-base
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Install system dependencies
# NVIDIA image is Ubuntu-based, so apt-get is correct
RUN apt-get update && apt-get install -y \
build-essential \
curl \
git \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user if it doesn't exist
RUN id -u ubuntu >/dev/null 2>&1 || (groupadd -r ubuntu && useradd -m -r -g ubuntu -s /bin/bash ubuntu)
# Install uv for faster Python package management
RUN pip install uv
# Development stage
FROM python-base AS development
WORKDIR /app
# Copy dependency files
COPY pyproject.toml uv.lock ./
# Install dependencies with uv
# system base image has torch, but uv might try to reinstall if not careful.
# For now, we rely on uv sync to ensure consistent environment in .venv
RUN uv sync --dev
# Copy source code
COPY . .
# Production dependencies stage
FROM python-base AS deps
WORKDIR /app
# Copy dependency files
COPY pyproject.toml uv.lock ./
# Install production dependencies only
RUN uv sync --no-dev
# Production stage
FROM ${BASE_IMAGE} AS production
# Redeclare build arguments for this stage
ARG BUILD_DATE
ARG GIT_COMMIT
ARG GIT_BRANCH
ARG VERSION
# Build metadata
LABEL org.opencontainers.image.title="Pixelated Empathy AI" \
org.opencontainers.image.description="AI-powered empathetic conversation system" \
org.opencontainers.image.vendor="Pixelated Team" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.revision="${GIT_COMMIT}" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.source="https://github.com/pixelated/empathy-ai"
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PATH="/app/.venv/bin:$PATH" \
PYTHONPATH="/app" \
BUILD_DATE="${BUILD_DATE}" \
GIT_COMMIT="${GIT_COMMIT}" \
GIT_BRANCH="${GIT_BRANCH}" \
VERSION="${VERSION}"
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
curl \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Container runtime runs as a fixed non-root UID for deployment consistency.
RUN groupadd -g 42420 appuser && \
useradd -u 42420 -g 42420 -m -s /bin/bash appuser
# Create application directory
WORKDIR /app
# Copy virtual environment from deps stage
COPY --from=deps /app/.venv /app/.venv
# Copy application code
COPY --chown=ubuntu:ubuntu . .
# Switch to non-root runtime user
USER 42420
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Expose port
EXPOSE 8000
# Default command (using uv for all Python commands)
CMD ["uv", "run", "python", "-m", "ai.api.main"]
# Development override
FROM development AS dev
USER root
RUN apt-get update && apt-get install -y \
vim \
htop \
&& rm -rf /var/lib/apt/lists/*
USER ubuntu
CMD ["uv", "run", "python", "-m", "ai.api.main"]