-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile.api
More file actions
29 lines (20 loc) · 892 Bytes
/
Dockerfile.api
File metadata and controls
29 lines (20 loc) · 892 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
ARG PYTHON_VERSION=3.13
FROM python:${PYTHON_VERSION}-slim
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
WORKDIR /app
COPY pyproject.toml ./
RUN uv sync --no-dev
COPY api.py crawler.py ./
COPY web/ ./web/
# Drop privileges: create an unprivileged user, hand it ownership of /app,
# and run uvicorn as that user. Avoids running the public API process as
# root inside the container.
RUN useradd --system --no-create-home --shell /usr/sbin/nologin vmcrawl \
&& chown -R vmcrawl:vmcrawl /app
USER vmcrawl
# Don't write .pyc files into a read-only-friendly tree.
ENV PYTHONDONTWRITEBYTECODE=1
EXPOSE 8080
# Invoke uvicorn directly from the venv that `uv sync` created, so the
# runtime user doesn't need a home directory or a writable uv cache.
CMD [".venv/bin/uvicorn", "api:app", "--host", "0.0.0.0", "--port", "8080", "--proxy-headers", "--forwarded-allow-ips=*"]