Dockerfile

FROM python:3.12
# As per https://docs.astral.sh/uv/guides/integration/docker/#installing-uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv

ARG USER_NAME=app
ARG GROUP_NAME=app
ARG UID=10001
ARG PORT=8003

# explicitly set user/group IDs
RUN <<EOR
    set -eux
    groupadd -r $GROUP_NAME --gid=1005
    useradd  --gid $GROUP_NAME --uid=$UID --create-home $USER_NAME
EOR
USER $USER_NAME:$GROUP_NAME
WORKDIR /home/$USER_NAME/

# Install dependencies
ENV VIRTUAL_ENV=/home/$USER_NAME/venv
ENV PIP_CACHE_DIR=/home/$USER_NAME/cache
ARG PIP_INSTALL="/bin/uv pip install --cache-dir $PIP_CACHE_DIR"

RUN --mount=type=cache,uid=$UID,target=$PIP_CACHE_DIR <<EOR
    uv venv venv
    $PIP_INSTALL gunicorn
    $PIP_INSTALL debugpy
EOR
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
COPY --chown=$USER_NAME:$GROUP_NAME \
    pyproject.toml \
    setup.cfg \
    requirements.txt \
    Readme.md \
    ./
COPY --chown=$USER_NAME:$GROUP_NAME src src
RUN --mount=type=cache,uid=$UID,target=$PIP_CACHE_DIR <<EOR
    $PIP_INSTALL --requirements requirements.txt
    $PIP_INSTALL --editable .
EOR

# Create instance structure
RUN mkdir -p bin etc log var

# Setup runtime environment
COPY --chown=$USER_NAME:$GROUP_NAME etc/config.cfg etc/config.cfg
# glob makes copy optional, ok if all settings are done via environment variables
COPY --chown=$USER_NAME:$GROUP_NAME etc/secrets.cf[g] etc/secrets.cfg

ENV CONFIG_FILE=/home/$USER/etc/config.cfg

# Copy in rest of the code
COPY --chown=$USER_NAME:$GROUP_NAME src src

EXPOSE 8003/tcp
CMD gunicorn \
    --capture-output \
    --access-logfile=- \
    --error-logfile=- \
    --bind=0.0.0.0:$PORT \
    --keep-alive=60 \
    --workers=4 \
    some_package:main