Created
January 6, 2025 09:42
-
-
Save Goldziher/cebccdd3d6652f57663b3e5cd5a7dbac to your computer and use it in GitHub Desktop.
Example dockerfile using UV and security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim AS base | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| libpq-dev \ | |
| pandoc \ | |
| && apt-get clean && rm -rf /var/lib/apt/lists/* | |
| FROM base AS install | |
| WORKDIR /app/ | |
| ENV UV_COMPILE_BYTECODE=1 | |
| ENV UV_LINK_MODE=copy | |
| ENV SANIC_NO_UJSON=true | |
| COPY pyproject.toml uv.lock ./ | |
| RUN --mount=type=cache,target=/root/.cache/uv \ | |
| --mount=type=bind,source=uv.lock,target=uv.lock \ | |
| --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ | |
| uv sync --verbose --frozen --no-install-project --no-editable --no-dev | |
| FROM base AS app | |
| WORKDIR /app/ | |
| COPY --from=install /app/.venv/ /app/.venv | |
| COPY src src | |
| ENV PATH="/app/.venv/bin:$PATH" | |
| RUN groupadd -r appuser && useradd -r -g appuser -d /app -s /sbin/nologin appuser && \ | |
| chown -R appuser:appuser /app && \ | |
| chmod -R u+x /app/.venv && \ | |
| chmod -R u+x /app/src | |
| USER appuser | |
| CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--log-level", "info"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment