chore: fixed Dockerfile

epam · Feb 19, 2025 · fa34bdb · fa34bdb
1 parent 51c02b4
commit fa34bdb
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 19 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -18,5 +18,4 @@
 **/*.pyc
 Dockerfile
 dist
-embeddings_model
-README.md
+embeddings_model
diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,32 @@
-# dep-builder: builds venv with all deps
-FROM ubuntu:24.04 AS dep-builder
+FROM ubuntu:24.04 AS builder
 
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
+WORKDIR /app
+
 RUN apt-get update && \
     apt-get install -y python3 \
                     python3-venv \
                     python3-dev \
-                    python3-pip && \
-    pip install "poetry==1.6.1" && \
-    python3 -m venv /opt/venv
+                    python3-pip
 
-ENV PATH="/opt/venv/bin:$PATH"
+RUN python3 -m venv .venv
 
-COPY pyproject.toml poetry.lock .
-RUN poetry export -f requirements.txt --without-hashes | pip install -r /dev/stdin
+ENV PATH="/app/.venv/bin:$PATH"
 
-RUN pip install --upgrade setuptools==70.0.0
+RUN pip install poetry==1.6.1 --quiet
+# fix CVE-2024-6345
+RUN pip install setuptools==70.0.0 --quiet
 
+# Install split into two steps (the dependencies and the sources)
+# in order to leverage the Docker caching
+COPY pyproject.toml poetry.lock poetry.toml README.md ./
+RUN poetry install --no-interaction --no-ansi --no-cache --only main \
+    --no-root --no-directory
 
+COPY . .
+RUN poetry install --no-interaction --no-ansi --no-cache --only main
 
 FROM ubuntu:24.04
 
@@ -34,19 +41,17 @@ ENV MODEL_RATES='{"gpt-4":{"unit":"token","prompt_price":"0.00003","completion_p
 ENV TOPIC_MODEL="davanstrien/chat_topics"
 ENV TOPIC_EMBEDDINGS_MODEL="all-mpnet-base-v2"
 
-# Create a non-root user with an explicit UID
-RUN useradd -m -u 1001 -s /bin/bash appuser
-
-WORKDIR /
-
 # Install ca-certificates is required for https connection to InfluxDB
 RUN apt-get update && \
     apt-get install -y python3 ca-certificates
 
-COPY --from=dep-builder --chown=appuser /opt/venv /opt/venv
-COPY --chown=appuser ./aidial_analytics_realtime /aidial_analytics_realtime
+WORKDIR /app
+
+# Create a non-root user with an explicit UID
+RUN useradd -m -u 1001 -s /bin/bash appuser
+COPY --chown=appuser --from=builder /app .
 
-ENV PATH="/opt/venv/bin:$PATH"
+ENV PATH="/app/.venv/bin:$PATH"
 
 USER appuser