wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
c132fd423ad7dd43ae1db246caa5dd973802d316
awoooi/apps/api/Dockerfile
OG T c132fd423a
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
Details
fix(drift): COPY k8s/ 進 API image — drift_detector Git state 比對 
drift_detector 的 GitStateReader 需要讀 k8s/*.yaml 來比對 K8s 實際狀態,
但 API Pod 沒有此目錄導致 k8s_dir_not_found,掃描結果永遠為空。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 00:23:54 +08:00

79 lines
3.1 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# AWOOOI API - Production Dockerfile
# Phase 6.4i: 支援 monorepo 本地 packages (lewooogo-brain, lewooogo-data)
#
# 使用方式 (從 monorepo 根目錄):
# docker build -f apps/api/Dockerfile -t awoooi-api:v1.0.0 .
#
# 注意: 必須從 monorepo 根目錄執行,否則無法存取 packages/
# syntax=docker/dockerfile:1
# 首席架構師 Review C1 (2026-04-05 Claude Code): BuildKit inline cache 需要 syntax 宣告
# BUILDKIT_INLINE_CACHE=1 才能真正把 cache metadata 寫入 image
ARG BUILDKIT_INLINE_CACHE=0
FROM python:3.11-slim AS builder
WORKDIR /app
# Install uv (固定版本,禁止 :latest)
COPY --from=ghcr.io/astral-sh/uv:0.6.9 /uv /bin/uv
# Phase 6.4i: 複製本地 packages 到 Docker context
COPY packages/lewooogo-data/ /packages/lewooogo-data/
COPY packages/lewooogo-brain/ /packages/lewooogo-brain/
# 複製 API 依賴文件(只複製 metadata不含 src/
COPY apps/api/pyproject.toml apps/api/README.md ./
# 首席架構師 Review C3 (2026-04-05 Claude Code):
# 原始問題COPY src/ 在 pip install 之前src 任何變更都讓 deps layer 失效
# 修復:先安裝 local packages再用 --no-build-isolation 只安裝 pyproject 的依賴項
# (不 build wheel不需要 src/src/ 在之後才 COPY
# 注意:--no-sources 不被 uv 支援,改用建立 stub src 讓 hatchling 可以解析
RUN mkdir -p src/awoooi_api && \
touch src/awoooi_api/__init__.py && \
uv pip install --system --no-cache /packages/lewooogo-data && \
uv pip install --system --no-cache /packages/lewooogo-brain && \
uv pip install --system --no-cache .
# deps 安裝完後才複製真正的 src使 deps layer 可 cache
COPY apps/api/src/ ./src/
# Production stage
FROM python:3.11-slim
WORKDIR /app
# Copy installed packages from builder
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
# 2026-04-01 ogt: CACHE_BUST 強制失效 src/ 和 models.json 層
# deps 層 (pip install) 仍可 cache代碼/配置變更必須重建
ARG CACHE_BUST=none
COPY apps/api/src/ ./src/
COPY apps/api/models.json ./models.json
# 2026-04-09 ogt: 規則引擎配置 — alert_rule_engine.py 從此檔載入規則
COPY apps/api/alert_rules.yaml ./alert_rules.yaml
# 2026-04-10 Claude Sonnet 4.6: drift_detector 需要 k8s/ YAML 做 Git state 比對
COPY k8s/ ./k8s/
# Install openssh-client — SSH_COMMAND Playbook 執行路徑需要 ssh binary
# (2026-04-09 Claude Sonnet 4.6 Asia/Taipei, Bug #6 修正 — python:3.11-slim 無 openssh-client)
RUN apt-get update && apt-get install -y --no-install-recommends openssh-client && rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
USER appuser
# Expose port
EXPOSE 8000
# 首席架構師 Review S3 (2026-04-05 Claude Code):
# httpx 可能只在 dev deps生產 image 不保證有。改用 curlpython:3.11-slim 內建)
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -sf http://localhost:8000/api/v1/health || exit 1
# Run application
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000"]
Reference in New Issue View Git Blame Copy Permalink