wooo/2026FIFAWorldCup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aa7e3bba7629b2608f8553021d931d6aee630b9c
2026FIFAWorldCup/platform/backend/Dockerfile
QuantBot aa7e3bba76
Some checks failed
2026 World Cup Quant Platform - Production Deployment / Code Quality & Testing (push) Failing after 1m49s
Details
2026 World Cup Quant Platform - Production Deployment / Deploy to Production VM via Rsync (push) Has been skipped
Details
chore: migrate deployment to Gitea Actions with zero-trust rsync
2026-06-16 19:06:50 +08:00

40 lines
1.2 KiB
Docker
Raw Blame History

FROM python:3.11-slim AS builder
ENV POETRY_NO_INTERACTION=1 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
WORKDIR /build
COPY requirements.txt .
RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
# ── runtime (hardened) ─────────────────────────────────────────────────────────
FROM python:3.11-slim AS runtime
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PATH="/usr/local/bin:$PATH"
# Security: only install curl for healthcheck, then remove pkg cache
RUN apt-get update \
&& apt-get install -y --no-install-recommends curl \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& rm -f /usr/bin/wget /usr/bin/gcc /usr/bin/make
# Security: create non-root user
RUN groupadd -g 1001 appgroup \
&& useradd -r -u 1001 -g appgroup -s /sbin/nologin -d /app appuser
WORKDIR /app
COPY --from=builder /install /usr/local
COPY app /app/app
# Lock down ownership
RUN chown -R appuser:appgroup /app \
&& chmod -R o-rwx /app
USER appuser
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "2"]
Reference in New Issue View Git Blame Copy Permalink