-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathDockerfile
More file actions
69 lines (53 loc) · 2.3 KB
/
Dockerfile
File metadata and controls
69 lines (53 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# syntax=docker/dockerfile:1.7
FROM node:20-bookworm-slim AS build
WORKDIR /app
# onnxruntime-node may require native build tooling on some platforms.
RUN apt-get update \
&& apt-get install -y --no-install-recommends python3 make g++ ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
COPY cli ./cli
COPY src ./src
COPY scripts/preload-models.js ./scripts/preload-models.js
COPY README.md LICENSE ./
FROM node:20-bookworm-slim AS runtime
ARG PRELOAD_SEMANTIC_MODEL=true
ARG PRELOAD_MODEL_ID=Xenova/bert-base-NER
ARG PRELOAD_NEURAL_MODEL=true
ARG PRELOAD_NEURAL_MODEL_ID=Xenova/all-MiniLM-L6-v2
ENV NODE_ENV=production \
HOME=/home/sentinel \
SENTINEL_HOME=/var/lib/sentinel \
SENTINEL_PORT=8787 \
SENTINEL_AUDIT_STDOUT=true
WORKDIR /app
RUN groupadd --system sentinel \
&& useradd --system --gid sentinel --create-home --home-dir /home/sentinel sentinel \
&& mkdir -p /etc/sentinel "$SENTINEL_HOME" \
&& chown -R sentinel:sentinel /etc/sentinel "$SENTINEL_HOME"
COPY --from=build /app/node_modules ./node_modules
COPY --from=build /app/cli ./cli
COPY --from=build /app/src ./src
COPY --from=build /app/scripts ./scripts
COPY --from=build /app/package.json ./package.json
COPY --from=build /app/README.md ./README.md
COPY --from=build /app/LICENSE ./LICENSE
RUN cp ./src/config/default.yaml /etc/sentinel/sentinel.yaml \
&& sed -i '0,/host: 127.0.0.1/s//host: 0.0.0.0/' /etc/sentinel/sentinel.yaml \
&& chown sentinel:sentinel /etc/sentinel/sentinel.yaml
USER sentinel
# Default warmup: downloads semantic/neural models at build time to avoid first-request latency spikes.
RUN if [ "$PRELOAD_SEMANTIC_MODEL" = "true" ]; then \
node ./cli/sentinel.js models download --model-id "$PRELOAD_MODEL_ID" --cache-dir /home/sentinel/.sentinel/models ; \
else \
echo "Skipping semantic model preload (PRELOAD_SEMANTIC_MODEL=false)"; \
fi \
&& if [ "$PRELOAD_NEURAL_MODEL" = "true" ]; then \
node ./scripts/preload-models.js --model-id "$PRELOAD_NEURAL_MODEL_ID" --cache-dir /home/sentinel/.sentinel/models ; \
else \
echo "Skipping neural model preload (PRELOAD_NEURAL_MODEL=false)"; \
fi
EXPOSE 8787
ENTRYPOINT ["node", "./cli/sentinel.js"]
CMD ["start", "--config", "/etc/sentinel/sentinel.yaml", "--port", "8787"]