Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f565dfdb1574539989edfd21d2811ad110cfad23
breakpilot-core/backend-core/Dockerfile
Sharang Parnerkar 5d1c837f49
Some checks failed
Deploy to Coolify / deploy (push) Has been cancelled
Details
Fix backend-core TARGETARCH: auto-detect instead of hardcoded arm64 
The Dockerfile hardcoded TARGETARCH=arm64 for Mac Mini. Coolify server
is x86_64, causing exit code 126 (wrong binary arch). Now uses Docker
BuildKit's auto-detected TARGETARCH with dpkg fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 23:37:59 +01:00

85 lines
2.7 KiB
Docker
Raw Blame History

# ============================================================
# BreakPilot Core Backend -- Multi-stage Docker build
# ============================================================
# ---------- Build stage ----------
FROM python:3.12-slim-bookworm AS builder
WORKDIR /app
# Build-time system libs (needed for asyncpg / psycopg2)
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt .
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir semgrep bandit
# ---------- Runtime stage ----------
FROM python:3.12-slim-bookworm
WORKDIR /app
# Runtime system libs
# - libpango / libgdk-pixbuf / shared-mime-info -> WeasyPrint (pdf_service)
# - libgl1 / libglib2.0-0 -> OpenCV (file_processor)
# - curl -> healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends \
libpango-1.0-0 \
libpangocairo-1.0-0 \
libgdk-pixbuf-2.0-0 \
libffi-dev \
shared-mime-info \
libgl1 \
libglib2.0-0 \
curl \
git \
&& rm -rf /var/lib/apt/lists/*
# Install DevSecOps tools (gitleaks, trivy, grype, syft)
ARG TARGETARCH
RUN set -eux; \
ARCH="${TARGETARCH:-$(dpkg --print-architecture)}"; \
# Gitleaks
GITLEAKS_VERSION=8.21.2; \
if [ "$ARCH" = "arm64" ]; then GITLEAKS_ARCH=arm64; else GITLEAKS_ARCH=x64; fi; \
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_${GITLEAKS_ARCH}.tar.gz" \
| tar xz -C /usr/local/bin gitleaks; \
# Trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin; \
# Grype
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin; \
# Syft
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin; \
# Verify
gitleaks version && trivy --version && grype version && syft version
# Copy virtualenv from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
# Non-root user
RUN useradd --create-home --shell /bin/bash appuser
# Copy application code
COPY --chown=appuser:appuser . .
USER appuser
# Python tweaks
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://127.0.0.1:8000/health || exit 1
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Reference in New Issue View Git Blame Copy Permalink