mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
0c93be417ab71956d5c7adf6ff7ee91f5ba49b32
stack/apps/coordinator/Dockerfile
Jason Woltje 0c93be417a
Some checks failed
ci/woodpecker/push/coordinator Pipeline failed
Details
ci/woodpecker/push/api Pipeline failed
Details
ci/woodpecker/push/orchestrator Pipeline failed
Details
ci/woodpecker/push/web Pipeline failed
Details
fix: clear stale APT lists before apt-get update in Dockerfiles 
Kaniko's layer extraction can leave base-image APT metadata with
expired GPG signatures, causing "invalid signature" failures during
apt-get update in CI builds. Adding rm -rf /var/lib/apt/lists/*
before apt-get update ensures a clean state.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 19:44:36 -06:00

62 lines
1.7 KiB
Docker
Raw Blame History

# Multi-stage build for mosaic-coordinator
FROM python:3.11-slim AS builder
WORKDIR /app
# Install build dependencies
# Clear stale APT lists first — Kaniko's layer extraction can leave
# base-image metadata with expired GPG signatures (bookworm InRelease).
RUN rm -rf /var/lib/apt/lists/* \
&& apt-get update \
&& apt-get install -y --no-install-recommends build-essential \
&& rm -rf /var/lib/apt/lists/*
# Copy dependency files and private registry config
COPY pyproject.toml .
COPY pip.conf /etc/pip.conf
# Create virtual environment and install dependencies
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
COPY src/ ./src/
RUN pip install --no-cache-dir "pip>=25.3" && \
pip install --no-cache-dir . && \
pip install --no-cache-dir "setuptools>=80.9" "wheel>=0.46.2"
# Production stage
FROM python:3.11-slim
WORKDIR /app
# Fix system-level CVEs in setuptools and wheel (base image ships vulnerable versions)
RUN pip install --no-cache-dir "setuptools>=80.9" "wheel>=0.46.2"
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
# Copy application code
COPY src/ ./src/
# Create non-root user
RUN useradd -m -u 1000 coordinator && \
chown -R coordinator:coordinator /app
USER coordinator
# Environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
HOST=0.0.0.0 \
PORT=8000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')"
# Expose port
EXPOSE 8000
# Run application
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000"]
Reference in New Issue View Git Blame Copy Permalink