The tg_ticket_geom trigger resolved feed coords -> cluster centroid -> none, never consulting tickets.geo_locations, so every 20-min delta ingest re-upserted changed rows and downgraded previously-resolved 'location' geoms back to the cluster centroid. Live effect: only 51 of 114k INC (and 0 of 42k CRQ) rows kept the precise geocode the LocationIQ budget paid for. - migration 18: trigger now resolves feed -> geo_locations (precise) -> cluster -> none, mirroring resolve_ticket_geoms() precedence; ends with one resolve pass to repair the backlog. Dry-run against the live DB (rolled back) repaired 7,481 rows: INC location 51 -> 5,339, CRQ 0 -> 2,193. - pipeline.ingest(): re-resolve after every applied run that ingested files, so geoms self-heal even before migration 18 lands. - run_ingest.sh: chain an incremental --geocode-clusters pass (0 API calls when no new clusters) so new clusters map without a manual command (FT-BUG-02). - Dockerfile/.dockerignore: pinned installs from uv.lock, non-root user (FT-SEC-02). - 20260618_bug.txt removed (stale review of a since-rewritten file). Numbered 18 to coexist with 17_drop_unused_geo_indexes.sql (parallel 260702 change). Audit + plan + work log in docs/260702_*. Local only; not applied to prod. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
37 lines
1.6 KiB
Docker
37 lines
1.6 KiB
Docker
# fleettickets — INC + CRQ ticket ingestion image (Coolify-deployable).
|
|
# A small batch/cron worker: it has no web server. Coolify keeps the container
|
|
# running (CMD below) and fires the ingests via two Scheduled Tasks:
|
|
# python -m inc.import_inc --from-bucket --apply (cron: */20 6-20 * * *)
|
|
# python -m crq.import_crq --from-bucket --apply (cron: */20 6-20 * * *)
|
|
# (run from /app so the inc/ and crq/ packages + pipeline.py/shared.py import.)
|
|
# Env (set in Coolify): DATABASE_URL, RUSTFS_*, GEOCODER_*. S3 is via boto3 — no
|
|
# aws CLI needed. psycopg2-binary ships its own libpq, so no build toolchain.
|
|
FROM python:3.12-slim
|
|
|
|
ENV PYTHONUNBUFFERED=1 \
|
|
PIP_NO_CACHE_DIR=1 \
|
|
TZ=Africa/Nairobi
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends tzdata \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
# Pinned, reproducible installs from uv.lock (FT-SEC-02): uv export --frozen fails
|
|
# the build if the lockfile drifts from pyproject.toml. Runtime imports straight
|
|
# from /app via `python -m inc.import_inc` — the project itself needs no install.
|
|
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
|
|
COPY pyproject.toml uv.lock ./
|
|
RUN uv export --frozen --no-dev --no-emit-project --format requirements-txt -o /tmp/requirements.txt \
|
|
&& uv pip install --system -r /tmp/requirements.txt \
|
|
&& rm /tmp/requirements.txt
|
|
|
|
COPY . .
|
|
|
|
# Non-privileged runtime user (Coolify Scheduled Tasks exec as this user too).
|
|
RUN useradd -m tickets-user
|
|
USER tickets-user
|
|
|
|
# Keep the container alive so Coolify Scheduled Tasks can exec into it.
|
|
CMD ["tail", "-f", "/dev/null"]
|