60 lines
1.3 KiB
Docker
60 lines
1.3 KiB
Docker
# ---------- Base image ----------
|
|
FROM python:3.12-slim AS base
|
|
|
|
# Evita pyc, mejora logs
|
|
ENV PYTHONDONTWRITEBYTECODE=1
|
|
ENV PYTHONUNBUFFERED=1
|
|
|
|
# Dependencias del sistema necesarias para crypto / PDFs
|
|
RUN apt-get update && apt-get install -y \
|
|
build-essential \
|
|
libssl-dev \
|
|
libffi-dev \
|
|
ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
# ---------- Dependencies ----------
|
|
FROM base AS deps
|
|
|
|
# Copiamos solo metadatos para aprovechar cache
|
|
COPY ./pyproject.toml ./
|
|
|
|
# Instalamos dependencias
|
|
RUN pip install --upgrade pip \
|
|
&& pip install .
|
|
|
|
|
|
# ---------- Runtime ----------
|
|
FROM base AS runtime
|
|
|
|
# Copiamos dependencias instaladas
|
|
COPY --from=deps /usr/local /usr/local
|
|
|
|
# Copiamos código fuente
|
|
COPY src/ ./
|
|
|
|
# Puerto FastAPI
|
|
EXPOSE 8000
|
|
|
|
# Usuario no-root (buena práctica)
|
|
RUN useradd -m appuser
|
|
USER appuser
|
|
|
|
# Comando de arranque
|
|
CMD ["sh", "-c", "\
|
|
if [ \"$UVICORN_RELOAD\" = \"true\" ]; then \
|
|
uvicorn signing_service.main:app --host 0.0.0.0 --port 8000 --reload; \
|
|
else \
|
|
uvicorn signing_service.main:app --host 0.0.0.0 --port 8000 --workers ${UVICORN_WORKERS:-1}; \
|
|
fi"]
|
|
|
|
# Healthcheck
|
|
|
|
#RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
|
|
|
|
#HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
|
# CMD curl -f http://127.0.0.1:8000/health || exit 1
|