ARG PYTHON_VERSION=3.12.7 FROM python:${PYTHON_VERSION}-slim as base # Prevents Python from writing pyc files. ENV PYTHONDONTWRITEBYTECODE=1 # Keeps Python from buffering stdout and stderr to avoid situations where # the application crashes without emitting any logs due to buffering. ENV PYTHONUNBUFFERED=1 # Create directory for patched packages and set permissions RUN mkdir -p /app/patched_packages && \ chmod 777 /app/patched_packages # Ensure patches are applied to the application. ENV PYTHONPATH=/app/patched_packages:$PYTHONPATH WORKDIR /app # Create a non-privileged user that the app will run under. # See https://docs.docker.com/go/dockerfile-user-best-practices/ ARG UID=10001 RUN adduser \ --disabled-password \ --gecos "" \ --home "/nonexistent" \ --shell "/bin/bash" \ --no-create-home \ --uid "${UID}" \ appuser # Install necessary packages and build tools RUN apt-get update && apt-get install -y \ build-essential \ gcc \ postgresql-client \ curl \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # Create logs directory and set permissions RUN mkdir -p /app/logs && chown -R appuser:appuser /app/logs # Download dependencies as a separate step to take advantage of Docker's caching. # Leverage a cache mount to /root/.cache/pip to speed up subsequent builds. # Leverage a bind mount to requirements.txt to avoid having to copy them into # into this layer. COPY requirements.txt /app/ RUN python -m pip install -r /app/requirements.txt # Copy the source code into the container. COPY eveai_app /app/eveai_app COPY common /app/common COPY config /app/config COPY migrations /app/migrations COPY scripts /app/scripts COPY patched_packages /app/patched_packages # Set permissions for entrypoint script RUN chmod 777 /app/scripts/entrypoint.sh # Set ownership of the application directory to the non-privileged user RUN chown -R appuser:appuser /app # Expose the port that the application listens on. EXPOSE 5001 # Set entrypoint and command ENTRYPOINT ["/app/scripts/entrypoint.sh"] CMD ["/app/scripts/start_eveai_app.sh"]