-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile
More file actions
149 lines (116 loc) · 4.67 KB
/
Dockerfile
File metadata and controls
149 lines (116 loc) · 4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# =============================================================================
# Myanmar Spell Checker - Production Dockerfile
# Multi-stage build with security hardening
# =============================================================================
# Build arguments
ARG PYTHON_VERSION=3.11
ARG APP_ENV=production
# =============================================================================
# Stage 1: Builder - Compile Cython extensions and install dependencies
# =============================================================================
FROM python:${PYTHON_VERSION}-slim AS builder
# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
WORKDIR /build
# Install build dependencies (including OpenMP for parallel processing)
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
gcc \
g++ \
libgomp1 \
&& rm -rf /var/lib/apt/lists/*
# Install Python build tools
RUN pip install --upgrade pip setuptools wheel Cython>=3.0.0
# Copy dependency files and source code
COPY pyproject.toml ./
COPY setup.py ./
COPY src/ ./src/
# Install package with Cython extensions
# Note: pyyaml is now a core dependency (no need for .[config])
RUN pip install --prefix=/install .
# =============================================================================
# Stage 2: Runtime - Minimal production image
# =============================================================================
FROM python:${PYTHON_VERSION}-slim AS runtime
# Labels for container metadata
LABEL org.opencontainers.image.title="Myanmar Spell Checker" \
org.opencontainers.image.description="High-performance Myanmar spell checker with syllable-first architecture" \
org.opencontainers.image.source="https://github.com/thettwe/my-spellchecker" \
org.opencontainers.image.licenses="MIT"
# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
APP_HOME=/app \
APP_USER=appuser \
APP_GROUP=appgroup
WORKDIR ${APP_HOME}
# Create non-root user for security
RUN groupadd --gid 1000 ${APP_GROUP} && \
useradd --uid 1000 --gid ${APP_GROUP} --shell /bin/bash --create-home ${APP_USER}
# Install runtime dependencies (including libgomp for OpenMP parallel processing)
RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
libgomp1 \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Copy installed packages from builder (includes compiled Cython extensions,
# .py source, YAML rules, schemas, and all package data)
COPY --from=builder /install /usr/local
# Create data directory for database files (to be mounted as volume)
RUN mkdir -p ${APP_HOME}/data && \
chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME}
# Switch to non-root user
USER ${APP_USER}
# Default command (can be overridden)
CMD ["python", "-m", "myspellchecker", "--help"]
# =============================================================================
# Stage 3: Development image (optional, for docker-compose)
# =============================================================================
FROM runtime AS development
USER root
# Install development dependencies (testing + linting, excludes heavy training deps)
RUN pip install --no-cache-dir \
pytest>=7.0.0 \
pytest-cov>=4.0.0 \
pytest-benchmark>=4.0.0 \
pytest-xdist>=3.0.0 \
pytest-timeout>=2.2.0 \
hypothesis>=6.0.0 \
ruff>=0.3.0 \
mypy>=1.0.0
# Copy test files
COPY --chown=${APP_USER}:${APP_GROUP} tests/ ./tests/
# Switch back to non-root user
USER ${APP_USER}
# Override command for development
CMD ["python", "-m", "myspellchecker", "--help"]
# =============================================================================
# Stage 4: CLI-only image (minimal, no web server)
# =============================================================================
FROM python:${PYTHON_VERSION}-slim AS cli
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
APP_HOME=/app \
APP_USER=appuser
WORKDIR ${APP_HOME}
# Create non-root user
RUN groupadd --gid 1000 appgroup && \
useradd --uid 1000 --gid appgroup --shell /bin/bash --create-home ${APP_USER}
# Install runtime dependencies (including libgomp for OpenMP parallel processing)
RUN apt-get update && apt-get install -y --no-install-recommends \
libgomp1 \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Copy installed packages from builder
COPY --from=builder /install /usr/local
# Create data directory
RUN mkdir -p ${APP_HOME}/data && \
chown -R ${APP_USER}:appgroup ${APP_HOME}
USER ${APP_USER}
# Default to CLI help
ENTRYPOINT ["python", "-m", "myspellchecker"]
CMD ["--help"]