phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01dcaba86b5a30fc30ef97b3b34dfc4d3cbfa3b7
Gondulf/Dockerfile
Phil Skentelbery 01dcaba86b feat(deploy): merge Phase 5a deployment configuration 
Complete containerized deployment system with Docker/Podman support.

Key features:
- Multi-stage Dockerfile with Python 3.11-slim base
- Docker Compose configurations for production and development
- Nginx reverse proxy with security headers and rate limiting
- Systemd service units for Docker, Podman, and docker-compose
- Backup/restore scripts with integrity verification
- Podman compatibility (ADR-009)

All tests pass including Podman verification testing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 19:16:54 -07:00

89 lines
2.5 KiB
Docker
Raw Blame History

# Gondulf IndieAuth Server - OCI-Compliant Containerfile/Dockerfile
# Compatible with both Podman and Docker
# Optimized for rootless Podman deployment
# Build stage - includes test dependencies
FROM python:3.12-slim-bookworm AS builder
# Install uv package manager (must match version used to create uv.lock)
RUN pip install --no-cache-dir uv==0.9.8
# Set working directory
WORKDIR /app
# Copy dependency files and README (required by hatchling build)
COPY pyproject.toml uv.lock README.md ./
# Install all dependencies including test dependencies
RUN uv sync --frozen --extra test
# Copy source code and tests
COPY src/ ./src/
COPY tests/ ./tests/
# Run tests (fail build if tests fail)
RUN uv run pytest tests/ --tb=short -v
# Production runtime stage
FROM python:3.12-slim-bookworm
# Copy a marker file from builder to ensure tests ran
# This creates a dependency on the builder stage so it cannot be skipped
COPY --from=builder /app/pyproject.toml /tmp/build-marker
RUN rm /tmp/build-marker
# Create non-root user with UID 1000 (compatible with rootless Podman)
RUN groupadd -r -g 1000 gondulf && \
useradd -r -u 1000 -g gondulf -m -d /home/gondulf gondulf
# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
wget \
sqlite3 \
&& rm -rf /var/lib/apt/lists/*
# Set working directory
WORKDIR /app
# Install uv in runtime (needed for running the app)
RUN pip install --no-cache-dir uv==0.9.8
# Copy pyproject.toml, lock file, and README (required by hatchling build)
COPY pyproject.toml uv.lock README.md ./
# Install production dependencies only (no dev/test)
RUN uv sync --frozen --no-dev
# Copy application code from builder
COPY --chown=gondulf:gondulf src/ ./src/
# Copy entrypoint script
COPY --chown=gondulf:gondulf deployment/docker/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# Create directories for data and backups
RUN mkdir -p /data /data/backups && \
chown -R gondulf:gondulf /data
# Set environment variables
ENV PATH="/app/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONPATH=/app/src
# Expose port
EXPOSE 8000
# Health check using wget
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8000/health || exit 1
# Switch to non-root user
USER gondulf
# Set entrypoint and default command
ENTRYPOINT ["/entrypoint.sh"]
CMD ["uvicorn", "gondulf.main:app", "--host", "0.0.0.0", "--port", "8000"]
Reference in New Issue View Git Blame Copy Permalink