-
Notifications
You must be signed in to change notification settings - Fork 284
Expand file tree
/
Copy pathDockerfile
More file actions
71 lines (51 loc) · 2.09 KB
/
Copy pathDockerfile
File metadata and controls
71 lines (51 loc) · 2.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# syntax=docker/dockerfile:1.7
FROM ghcr.io/astral-sh/uv:0.11.19 AS uv-bin
FROM oven/bun:1.3.14-alpine AS frontend-build
WORKDIR /app/frontend
COPY frontend/package.json frontend/bun.lock ./
RUN --mount=type=cache,target=/root/.bun/install/cache \
bun install --frozen-lockfile
COPY frontend ./
RUN bun run build
FROM python:3.14-slim AS python-build
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
UV_PROJECT_ENVIRONMENT=/opt/venv \
UV_LINK_MODE=copy
WORKDIR /app
COPY --from=uv-bin /uv /uvx /usr/local/bin/
RUN python -m venv --without-pip /opt/venv
ENV PATH="/opt/venv/bin:/usr/local/bin:$PATH"
COPY pyproject.toml uv.lock ./
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev --no-install-project --extra metrics --extra tracing
FROM python:3.14-slim AS runtime
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH="/opt/venv/bin:$PATH"
WORKDIR /app
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --only-upgrade \
libc-bin libc6 libcap2 libsystemd0 libudev1 sed \
&& rm -rf /var/lib/apt/lists/*
RUN python -m pip uninstall -y pip setuptools wheel || true \
&& rm -f /usr/local/bin/pip /usr/local/bin/pip3 /usr/local/bin/pip3.13 \
&& rm -rf /usr/local/lib/python*/site-packages/pip* \
/usr/local/lib/python*/site-packages/setuptools* \
/usr/local/lib/python*/site-packages/wheel*
RUN adduser --disabled-password --gecos "" app \
&& mkdir -p /var/lib/codex-lb \
&& chown -R app:app /var/lib/codex-lb
COPY --from=python-build /opt/venv /opt/venv
COPY app app
COPY config config
COPY scripts scripts
COPY --from=frontend-build /app/app/static app/static
# The runtime image copies source files instead of installing the project, so
# recreate the console-script entry point that pyproject would normally install.
RUN chmod +x /app/scripts/docker-entrypoint.sh \
&& printf '%s\n' '#!/bin/sh' 'exec python -m app.cli "$@"' > /usr/local/bin/codex-lb \
&& chmod +x /usr/local/bin/codex-lb
USER app
EXPOSE 2455 1455
CMD ["/app/scripts/docker-entrypoint.sh"]