diff --git a/Dockerfile b/Dockerfile index dd9749d..3deaed3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,26 +8,16 @@ FROM defradigital/python-development:${PARENT_VERSION} AS development ENV PATH="/home/nonroot/.venv/bin:${PATH}" ENV LOG_CONFIG="logging-dev.json" -USER root - -# curl is required for CDP health checks -# Install curl via Debian 13 (trixie) backport to patch CVE-2025-0725 -RUN echo "deb https://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/bookworm-backports.list \ - && apt update \ - && apt install -t bookworm-backports -y --no-install-recommends \ - curl \ - && rm -rf /var/lib/apt/lists/* - -USER nonroot - WORKDIR /home/nonroot COPY --chown=nonroot:nonroot pyproject.toml . +COPY --chown=nonroot:nonroot README.md . COPY --chown=nonroot:nonroot uv.lock . +COPY --chown=nonroot:nonroot app/ ./app/ -RUN uv sync --frozen --no-cache +RUN --mount=type=cache,target=/home/nonroot/.cache/uv,uid=1000,gid=1000 \ + uv sync --locked --link-mode=copy -COPY --chown=nonroot:nonroot app/ ./app/ COPY --chown=nonroot:nonroot logging-dev.json . ARG PORT=8085 @@ -44,21 +34,23 @@ ENV LOG_CONFIG="logging.json" USER root -# CDP requires a shell and curl to run health checks -COPY --from=development /bin/sh /bin/sh - -# Copy curl from the development stage to production -COPY --from=development /lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/ -COPY --from=development /bin/curl /bin/curl +RUN apt update && \ + apt install -y curl USER nonroot WORKDIR /home/nonroot -COPY --chown=nonroot:nonroot --from=development /home/nonroot/.venv .venv/ +COPY --from=development /home/nonroot/pyproject.toml . +COPY --chown=nonroot:nonroot README.md . +COPY --from=development /home/nonroot/uv.lock . +COPY --from=development /home/nonroot/app ./app + +COPY logging.json . -COPY --chown=nonroot:nonroot --from=development /home/nonroot/app/ ./app/ -COPY --chown=nonroot:nonroot logging.json . +RUN --mount=type=cache,target=/home/nonroot/.cache/uv,uid=1000,gid=1000 \ + --mount=from=development,source=/home/nonroot/.local/bin/uv,target=/home/nonroot/.local/bin/uv \ + uv sync --locked --compile-bytecode --link-mode=copy --no-dev ARG PORT ENV PORT=${PORT} diff --git a/pyproject.toml b/pyproject.toml index d48c1c9..77d9b97 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,26 +5,26 @@ description = "CDP Python Backend Template" readme = "README.md" requires-python = ">=3.12" dependencies = [ - "asgi-logger>=0.1.0", - "aws-embedded-metrics>=3.3.0", - "dnspython>=2.7.0", - "ecs-logging>=2.2.0", - "fastapi>=0.115.12", - "httpx>=0.28.1", - "pydantic-settings>=2.9.1", - "pymongo[aws,encryption,snappy,zstd]>=4.13.1", - "uvicorn>=0.34.3", + "asgi-logger==0.1.0", + "aws-embedded-metrics==3.3.0", + "dnspython==2.7.0", + "ecs-logging==2.2.0", + "fastapi==0.115.12", + "httpx==0.28.1", + "pydantic-settings==2.9.1", + "pymongo[aws,encryption,snappy,zstd]==4.13.1", + "uvicorn==0.34.3", ] [dependency-groups] dev = [ - "httpx>=0.28.1", - "pre-commit>=4.2.0", - "pytest>=8.4.0", - "pytest-asyncio>=1.0.0", - "pytest-cov>=6.2.1", - "ruff>=0.11.13", - "taskipy>=1.14.1", + "httpx==0.28.1", + "pre-commit==4.2.0", + "pytest==8.4.0", + "pytest-asyncio==1.0.0", + "pytest-cov==6.2.1", + "ruff==0.11.13", + "taskipy==1.14.1", ] [tool.taskipy.tasks] diff --git a/uv.lock b/uv.lock index 2776071..21bbf9d 100644 --- a/uv.lock +++ b/uv.lock @@ -1,5 +1,5 @@ version = 1 -revision = 2 +revision = 3 requires-python = ">=3.12" [[package]] @@ -196,26 +196,26 @@ dev = [ [package.metadata] requires-dist = [ - { name = "asgi-logger", specifier = ">=0.1.0" }, - { name = "aws-embedded-metrics", specifier = ">=3.3.0" }, - { name = "dnspython", specifier = ">=2.7.0" }, - { name = "ecs-logging", specifier = ">=2.2.0" }, - { name = "fastapi", specifier = ">=0.115.12" }, - { name = "httpx", specifier = ">=0.28.1" }, - { name = "pydantic-settings", specifier = ">=2.9.1" }, - { name = "pymongo", extras = ["aws", "encryption", "snappy", "zstd"], specifier = ">=4.13.1" }, - { name = "uvicorn", specifier = ">=0.34.3" }, + { name = "asgi-logger", specifier = "==0.1.0" }, + { name = "aws-embedded-metrics", specifier = "==3.3.0" }, + { name = "dnspython", specifier = "==2.7.0" }, + { name = "ecs-logging", specifier = "==2.2.0" }, + { name = "fastapi", specifier = "==0.115.12" }, + { name = "httpx", specifier = "==0.28.1" }, + { name = "pydantic-settings", specifier = "==2.9.1" }, + { name = "pymongo", extras = ["aws", "encryption", "snappy", "zstd"], specifier = "==4.13.1" }, + { name = "uvicorn", specifier = "==0.34.3" }, ] [package.metadata.requires-dev] dev = [ - { name = "httpx", specifier = ">=0.28.1" }, - { name = "pre-commit", specifier = ">=4.2.0" }, - { name = "pytest", specifier = ">=8.4.0" }, - { name = "pytest-asyncio", specifier = ">=1.0.0" }, - { name = "pytest-cov", specifier = ">=6.2.1" }, - { name = "ruff", specifier = ">=0.11.13" }, - { name = "taskipy", specifier = ">=1.14.1" }, + { name = "httpx", specifier = "==0.28.1" }, + { name = "pre-commit", specifier = "==4.2.0" }, + { name = "pytest", specifier = "==8.4.0" }, + { name = "pytest-asyncio", specifier = "==1.0.0" }, + { name = "pytest-cov", specifier = "==6.2.1" }, + { name = "ruff", specifier = "==0.11.13" }, + { name = "taskipy", specifier = "==1.14.1" }, ] [[package]] @@ -1131,7 +1131,7 @@ dependencies = [ { name = "colorama" }, { name = "mslex", marker = "sys_platform == 'win32'" }, { name = "psutil" }, - { name = "tomli", marker = "python_full_version < '4.0'" }, + { name = "tomli", marker = "python_full_version < '4'" }, ] sdist = { url = "https://files.pythonhosted.org/packages/c7/44/572261df3db9c6c3332f8618fafeb07a578fd18b06673c73f000f3586749/taskipy-1.14.1.tar.gz", hash = "sha256:410fbcf89692dfd4b9f39c2b49e1750b0a7b81affd0e2d7ea8c35f9d6a4774ed", size = 14475, upload-time = "2024-11-26T16:37:46.155Z" } wheels = [