fleettickets/Dockerfile

38 lines
1.6 KiB
Docker
Raw Normal View History

2026-06-25 20:16:38 +00:00
# fleettickets — INC + CRQ ticket ingestion image (Coolify-deployable).
# A small batch/cron worker: it has no web server. Coolify keeps the container
2026-06-25 20:16:38 +00:00
# running (CMD below) and fires the ingests via two Scheduled Tasks:
# python -m inc.import_inc --from-bucket --apply (cron: */20 6-20 * * *)
# python -m crq.import_crq --from-bucket --apply (cron: */20 6-20 * * *)
# (run from /app so the inc/ and crq/ packages + pipeline.py/shared.py import.)
# Env (set in Coolify): DATABASE_URL, RUSTFS_*, GEOCODER_*. S3 is via boto3 — no
# aws CLI needed. psycopg2-binary ships its own libpq, so no build toolchain.
FROM python:3.12-slim
ENV PYTHONUNBUFFERED=1 \
PIP_NO_CACHE_DIR=1 \
TZ=Africa/Nairobi
RUN apt-get update \
&& apt-get install -y --no-install-recommends tzdata \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Pinned, reproducible installs from uv.lock (FT-SEC-02): uv export --frozen fails
# the build if the lockfile drifts from pyproject.toml. Runtime imports straight
# from /app via `python -m inc.import_inc` — the project itself needs no install.
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
COPY pyproject.toml uv.lock ./
RUN uv export --frozen --no-dev --no-emit-project --format requirements-txt -o /tmp/requirements.txt \
&& uv pip install --system -r /tmp/requirements.txt \
&& rm /tmp/requirements.txt
COPY . .
# Non-privileged runtime user (Coolify Scheduled Tasks exec as this user too).
RUN useradd -m tickets-user
USER tickets-user
# Keep the container alive so Coolify Scheduled Tasks can exec into it.
CMD ["tail", "-f", "/dev/null"]