support deploy to docker, add auto-publish docker image workflow

Author: xiaoland

.dockerignore

@@ -0,0 +1,73 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+.venv
+venv
+env
+ENV
+.env
+.env.*
+!.env.example
+
+# PDM
+.pdm.toml
+.pdm-python
+pdm.lock
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+*~
+
+# Testing
+.pytest_cache
+.coverage
+htmlcov
+.tox
+.nox
+
+# Build
+build
+dist
+*.egg-info
+
+# Logs
+logs
+*.log
+
+# Documentation
+docs
+
+# CI/CD
+.github
+
+# Kubernetes
+k8s
+
+# Development
+*.md
+!README.md
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Migrations (include these, but exclude cache)
+migrations/__pycache__
+
+# Tests (optional - uncomment to include tests in image)
+tests
+
+# Temporary files
+*.tmp
+*.temp
+.cache

.github/workflows/publish-ghcr.yml

@@ -0,0 +1,58 @@
+name: Publish to GHCR
+
+on:
+  push:
+    branches:
+      - fastapi
+      - develop
+      - main
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix=
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          target: production
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -0,0 +1,70 @@
+# syntax=docker/dockerfile:1
+
+# ===== Build Stage =====
+FROM python:3.12-slim AS builder
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+WORKDIR /app
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install PDM
+RUN pip install pdm
+
+# Copy dependency files
+COPY pyproject.toml pdm.lock* ./
+
+# Export dependencies to requirements.txt and install
+# If pdm.lock exists, use it; otherwise install from pyproject.toml
+RUN pdm lock --prod 2>/dev/null || true && \
+    pdm export --prod -o requirements.txt --without-hashes && \
+    pip install --prefix=/install -r requirements.txt
+
+
+# ===== Production Stage =====
+FROM python:3.12-slim AS production
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONPATH=/app \
+    ENV=production
+
+WORKDIR /app
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq5 \
+    && rm -rf /var/lib/apt/lists/* \
+    && groupadd -r appgroup && useradd -r -g appgroup appuser
+
+# Copy installed packages from builder
+COPY --from=builder /install /usr/local
+
+# Copy application code
+COPY . .
+
+# Create logs directory for gunicorn
+RUN mkdir -p logs && chown -R appuser:appgroup /app
+
+# Switch to non-root user
+USER appuser
+
+# Expose port
+EXPOSE 8000
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/heartbeat')" || exit 1
+
+# Run the application with uvicorn
+CMD ["python", "-m", "uvicorn", "run:app", "--host", "0.0.0.0", "--port", "8000"]

gconfig.py

@@ -9,23 +9,23 @@
 debug = False
 reload = False
 
-reload_engine = 'inotify'
+reload_engine = "inotify"
 
-bind = '127.0.0.1:6000'  # ip binding (sock is optional)
-pidfile = 'logs/gunicorn.pid'
+bind = "127.0.0.1:6000"  # ip binding (sock is optional)
+pidfile = "logs/gunicorn.pid"
 
 workers = 1
 
-worker_class = 'uvicorn.workers.UvicornWorker'  
+worker_class = "uvicorn.workers.UvicornWorker"
 # http://www.uvicorn.org/deployment/#running-gunicorn-worker
 
-loglevel = 'debug'
-accesslog = 'logs/gunicorn_access.log'
-errorlog = 'logs/gunicorn_error.log'
+loglevel = "debug"
+accesslog = "logs/gunicorn_access.log"
+errorlog = "logs/gunicorn_error.log"
 
 access_log_format = '%(t)s %(p)s %(h)s "%(r)s" %(s)s %(L)s %(b)s %(f)s" "%(a)s"'
 
 
 # 执行命令
 # gunicorn -c gconfig.py main:app
-# gunicorn -c gconfig.py main:app -k uvicorn.workers.UvicornWorker
+# gunicorn -c gconfig.py main:app -k uvicorn.workers.UvicornWorker