-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.server
More file actions
122 lines (89 loc) · 4.19 KB
/
Dockerfile.server
File metadata and controls
122 lines (89 loc) · 4.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# AgentGate server image (Python 3.13, uv, non-root runtime)
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION=1.0.0
# Stage 1: dependency builder
FROM python:3.13-slim-bookworm AS builder
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY --from=ghcr.io/astral-sh/uv:0.9.27 /uv /bin/uv
COPY pyproject.toml uv.lock README.md ./
RUN uv sync --frozen --no-dev --no-install-project \
--extra server \
--extra redis \
--extra otel-otlp \
--extra postgres
# Install spacy models as wheels via uv (avoids ensurepip/pip dependency).
# Pin to 3.8.0 for spacy 3.8.x compatibility.
RUN uv pip install --python /app/.venv/bin/python \
"https://github.com/explosion/spacy-models/releases/download/en_core_web_lg-3.8.0/en_core_web_lg-3.8.0-py3-none-any.whl" \
"https://github.com/explosion/spacy-models/releases/download/xx_ent_wiki_sm-3.8.0/xx_ent_wiki_sm-3.8.0-py3-none-any.whl"
# Stage 2: development runtime
FROM python:3.13-slim-bookworm AS development
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --uid 1000 --create-home --shell /bin/bash appuser
COPY --from=builder /app/.venv /app/.venv
COPY --chown=appuser:appuser ea_agentgate/ ea_agentgate/
COPY --chown=appuser:appuser server/ server/
COPY --chown=appuser:appuser alembic/ alembic/
COPY --chown=appuser:appuser pyproject.toml README.md alembic.ini mcp_guardrails.yaml ./
RUN mkdir -p /app/state /app/.cache /tmp && \
chown -R appuser:appuser /app/state /app/.cache /tmp
ENV PATH="/app/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
AGENTGATE_STATE_DIR=/app/state
USER appuser
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/api/health').read()" || exit 1
CMD ["uvicorn", "server.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
# Stage 3: production runtime
FROM python:3.13-slim-bookworm AS production
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION
LABEL org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.authors="Erick Aleman" \
org.opencontainers.image.url="https://github.com/EaCognitive/agentgate" \
org.opencontainers.image.documentation="https://github.com/EaCognitive/agentgate#readme" \
org.opencontainers.image.source="https://github.com/EaCognitive/agentgate" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.revision="${VCS_REF}" \
org.opencontainers.image.vendor="AgentGate" \
org.opencontainers.image.title="AgentGate Server" \
org.opencontainers.image.description="Production infrastructure for AI agent tool execution"
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --uid 1000 --create-home --shell /usr/sbin/nologin appuser
COPY --from=builder /app/.venv /app/.venv
COPY --chown=appuser:appuser ea_agentgate/ ea_agentgate/
COPY --chown=appuser:appuser server/ server/
COPY --chown=appuser:appuser alembic/ alembic/
COPY --chown=appuser:appuser pyproject.toml README.md alembic.ini mcp_guardrails.yaml ./
RUN mkdir -p /app/state /app/.cache /tmp && \
chmod -R 550 /app/ea_agentgate /app/server /app/alembic && \
chmod 440 /app/pyproject.toml /app/README.md /app/alembic.ini /app/mcp_guardrails.yaml && \
chown -R appuser:appuser /app/state /app/.cache /tmp && \
chmod 700 /app/state /app/.cache /tmp
ENV PATH="/app/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONFAULTHANDLER=1 \
PYTHONHASHSEED=random \
AGENTGATE_ENV=production \
AGENTGATE_STATE_DIR=/app/state
USER appuser
EXPOSE 8000
EXPOSE 9090
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/api/health').read()" || exit 1
CMD ["sh", "-c", "exec uvicorn server.main:app --host 0.0.0.0 --port 8000 --workers ${WORKERS:-4} --log-level ${LOG_LEVEL:-info} --no-access-log"]