# syntax=docker/dockerfile:1.7 ARG PYTHON_VERSION=3.12-slim FROM python:${PYTHON_VERSION} AS builder ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ PIP_NO_CACHE_DIR=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 WORKDIR /build RUN apt-get update \ && apt-get install -y --no-install-recommends build-essential libpq-dev \ && rm -rf /var/lib/apt/lists/* COPY pyproject.toml README.md ./ COPY app/ ./app/ RUN python -m venv /opt/venv \ && /opt/venv/bin/pip install --upgrade pip \ && /opt/venv/bin/pip install . FROM python:${PYTHON_VERSION} AS runtime ARG GIT_SHA=unknown ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ PATH="/opt/venv/bin:${PATH}" \ APP_GIT_SHA=${GIT_SHA} RUN apt-get update \ && apt-get install -y --no-install-recommends libpq5 curl \ && rm -rf /var/lib/apt/lists/* \ && useradd --create-home --shell /bin/sh --uid 1000 app COPY --from=builder /opt/venv /opt/venv WORKDIR /srv/app COPY app/ ./app/ COPY web/ /srv/web/ COPY scripts/entrypoint.sh /usr/local/bin/entrypoint.sh RUN chmod +x /usr/local/bin/entrypoint.sh \ && chown -R app:app /srv/app /srv/web USER app EXPOSE 8000 HEALTHCHECK --interval=15s --timeout=3s --start-period=5s --retries=3 \ CMD curl -fsS http://127.0.0.1:8000/health/${APP_ROLE:-gateway} || exit 1 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]