wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
93bcfb4ce85c9d3abc87f9f9fe6160bdfd09e72f
awoooi/apps/api/Dockerfile
OG T 4762ad924d ci(cd): 首席架構師 Review Phase 25 全批修正 (C1-C4 / S1-S4 / I1-I4) 
修正項目:
  C1: DOCKER_BUILDKIT=1 + ARG BUILDKIT_INLINE_CACHE + syntax directive (兩個 Dockerfile)
  C2: Alert Chain Smoke Test 修正 pass/fail 輸出邏輯 (不再無條件 pass)
  C3: API Dockerfile builder stage 先 pip install 後 COPY src/ (deps cache 正確失效)
  C4: Deploy step 自行管理 SSH key + ssh-keyscan 取代 StrictHostKeyChecking=no
  S1/S2: 統一 SSH 連線方式,移除 StrictHostKeyChecking=no
  S3: API Dockerfile HEALTHCHECK 改用 curl 取代 httpx (確保 image 有該工具)
  S4: type-sync-check.yaml python → python3
  I1: 建立 .dockerignore 防止無關檔案污染 build context
  I2: 加入 Setup Python Tools 共用步驟
  I3: deploy-alerts job 移至獨立 deploy-alerts.yaml workflow (paths trigger)
  I4: E2E Smoke Test 加入 pnpm install + PLAYWRIGHT_BASE_URL 公網域名

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 12:42:37 +08:00

71 lines
2.6 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# AWOOOI API - Production Dockerfile
# Phase 6.4i: 支援 monorepo 本地 packages (lewooogo-brain, lewooogo-data)
#
# 使用方式 (從 monorepo 根目錄):
# docker build -f apps/api/Dockerfile -t awoooi-api:v1.0.0 .
#
# 注意: 必須從 monorepo 根目錄執行,否則無法存取 packages/
# syntax=docker/dockerfile:1
# 首席架構師 Review C1 (2026-04-05 Claude Code): BuildKit inline cache 需要 syntax 宣告
# BUILDKIT_INLINE_CACHE=1 才能真正把 cache metadata 寫入 image
ARG BUILDKIT_INLINE_CACHE=0
FROM python:3.11-slim AS builder
WORKDIR /app
# Install uv (固定版本,禁止 :latest)
COPY --from=ghcr.io/astral-sh/uv:0.6.9 /uv /bin/uv
# Phase 6.4i: 複製本地 packages 到 Docker context
COPY packages/lewooogo-data/ /packages/lewooogo-data/
COPY packages/lewooogo-brain/ /packages/lewooogo-brain/
# 複製 API 依賴文件(只複製 metadata不含 src/
COPY apps/api/pyproject.toml apps/api/README.md ./
# 首席架構師 Review C3 (2026-04-05 Claude Code):
# 原始問題COPY src/ 在 pip install 之前src 任何變更都讓 deps layer 失效
# 修復:先安裝 local packages再用 --no-build-isolation 只安裝 pyproject 的依賴項
# (不 build wheel不需要 src/src/ 在之後才 COPY
# 注意:--no-sources 不被 uv 支援,改用建立 stub src 讓 hatchling 可以解析
RUN mkdir -p src/awoooi_api && \
touch src/awoooi_api/__init__.py && \
uv pip install --system --no-cache /packages/lewooogo-data && \
uv pip install --system --no-cache /packages/lewooogo-brain && \
uv pip install --system --no-cache .
# deps 安裝完後才複製真正的 src使 deps layer 可 cache
COPY apps/api/src/ ./src/
# Production stage
FROM python:3.11-slim
WORKDIR /app
# Copy installed packages from builder
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
# 2026-04-01 ogt: CACHE_BUST 強制失效 src/ 和 models.json 層
# deps 層 (pip install) 仍可 cache代碼/配置變更必須重建
ARG CACHE_BUST=none
COPY apps/api/src/ ./src/
COPY apps/api/models.json ./models.json
# Create non-root user
RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
USER appuser
# Expose port
EXPOSE 8000
# 首席架構師 Review S3 (2026-04-05 Claude Code):
# httpx 可能只在 dev deps生產 image 不保證有。改用 curlpython:3.11-slim 內建)
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -sf http://localhost:8000/api/v1/health || exit 1
# Run application
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000"]
Reference in New Issue View Git Blame Copy Permalink