# fleettickets — INC + CRQ ticket ingestion image (Coolify-deployable). # A small batch/cron worker: it has no web server. Coolify keeps the container # running (CMD below) and fires the ingests via two Scheduled Tasks: # python -m inc.import_inc --from-bucket --apply (cron: */20 6-20 * * *) # python -m crq.import_crq --from-bucket --apply (cron: */20 6-20 * * *) # (run from /app so the inc/ and crq/ packages + pipeline.py/shared.py import.) # Env (set in Coolify): DATABASE_URL, RUSTFS_*, GEOCODER_*. S3 is via boto3 — no # aws CLI needed. psycopg2-binary ships its own libpq, so no build toolchain. FROM python:3.12-slim ENV PYTHONUNBUFFERED=1 \ PIP_NO_CACHE_DIR=1 \ TZ=Africa/Nairobi RUN apt-get update \ && apt-get install -y --no-install-recommends tzdata \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # Pinned, reproducible installs from uv.lock (FT-SEC-02): uv export --frozen fails # the build if the lockfile drifts from pyproject.toml. Runtime imports straight # from /app via `python -m inc.import_inc` — the project itself needs no install. COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv COPY pyproject.toml uv.lock ./ RUN uv export --frozen --no-dev --no-emit-project --format requirements-txt -o /tmp/requirements.txt \ && uv pip install --system -r /tmp/requirements.txt \ && rm /tmp/requirements.txt COPY . . # Non-privileged runtime user (Coolify Scheduled Tasks exec as this user too). RUN useradd -m tickets-user USER tickets-user # Keep the container alive so Coolify Scheduled Tasks can exec into it. CMD ["tail", "-f", "/dev/null"]