-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.api
More file actions
36 lines (26 loc) · 1.07 KB
/
Copy pathDockerfile.api
File metadata and controls
36 lines (26 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM python:3.14-slim AS base
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH=/app/.venv/bin:$PATH
WORKDIR /app
COPY --from=ghcr.io/astral-sh/uv:0.6 /uv /usr/local/bin/uv
COPY pyproject.toml uv.lock ./
RUN uv sync --no-dev --no-install-project
# Only the api-relevant source modules. The comdirect client lives in
# src/external/ for import-time wiring (rules → normalization → external
# models, services/portfolio_prices → yfinance), but the api pod never
# instantiates ComdirectClient — bank secrets are gated by ESO/Vault env
# vars on the worker pod and the NetworkPolicy, not by code presence.
COPY src/__init__.py src/__init__.py
COPY src/api/ src/api/
COPY src/core/ src/core/
COPY src/agents/ src/agents/
COPY src/services/ src/services/
COPY src/normalization/ src/normalization/
COPY src/external/ src/external/
RUN adduser --disabled-password --gecos "" appuser && \
mkdir -p /data/exports && \
chown -R appuser:appuser /app /data/exports
USER appuser
EXPOSE 8000
CMD ["uvicorn", "src.api.app:app", "--host", "0.0.0.0", "--port", "8000"]