FoodBot/Dockerfile at main · Brunsben/FoodBot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Multi-stage build für kleinere Image-Größe
FROM python:3.14-slim as builder

# Build-Dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc \
    libc6-dev \
    && rm -rf /var/lib/apt/lists/*

# Virtual Environment erstellen
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

# Requirements installieren (lock-Datei für reproduzierbare Builds)
COPY requirements.lock .
RUN pip install --no-cache-dir -r requirements.lock

# ============================================
# Production Stage
# ============================================
FROM python:3.14-slim

# Runtime-Dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    libusb-1.0-0 \
    && rm -rf /var/lib/apt/lists/*

# Nicht-Root User erstellen
RUN useradd -m -u 1000 foodbot

# Virtual Environment von Builder kopieren
COPY --from=builder /opt/venv /opt/venv

# Arbeitsverzeichnis
WORKDIR /app

# Python-Pfad setzen
ENV PATH="/opt/venv/bin:$PATH"
ENV PYTHONUNBUFFERED=1

# Application Code kopieren
COPY --chown=foodbot:foodbot app/ ./app/
COPY --chown=foodbot:foodbot templates/ ./templates/
COPY --chown=foodbot:foodbot static/ ./static/
COPY --chown=foodbot:foodbot scripts/backup_db.py scripts/clear_registrations.py ./

# Verzeichnisse für Daten erstellen
RUN mkdir -p /app/backups /app/logs /app/data && \
    chown -R foodbot:foodbot /app

# User wechseln
USER foodbot

# Port exposen
EXPOSE 5001

# Healthcheck
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5001/api/status')" || exit 1

# Gunicorn starten
CMD ["gunicorn", "-c", "python:app.gunicorn_config", "app:create_app()"]