ARG NODE_VERSION=24 ARG PYTHON_VERSION=3.14 ############ # build ui # ############ ARG NODE_VERSION FROM node:${NODE_VERSION} AS build-ui # env setup WORKDIR /usr/local/src/advent22_ui # install advent22_ui dependencies RUN --mount=type=bind,source=ui/package.json,target=package.json \ --mount=type=bind,source=ui/yarn.lock,target=yarn.lock \ set -ex; \ \ corepack enable; \ yarn install --frozen-lockfile; # copy and build advent22_ui COPY ui ./ RUN set -ex; \ \ yarn dlx update-browserslist-db@latest; \ yarn build --dest /tmp/advent22_ui; \ # exclude webpack-bundle-analyzer output rm -f /tmp/advent22_ui/report.html; ############### # install app # ############### ARG PYTHON_VERSION FROM dhi.io/python:${PYTHON_VERSION}-dev AS install-app # env setup WORKDIR /opt/advent22 ENV UV_WORKING_DIR="api/" \ UV_COMPILE_BYTECODE=1 \ UV_NO_DEV=1 \ UV_LINK_MODE="copy" RUN --mount=from=ghcr.io/astral-sh/uv,source=/uv,target=/bin/uv \ --mount=type=cache,target=/root/.cache/uv \ --mount=type=bind,source=api/uv.lock,target=api/uv.lock \ --mount=type=bind,source=api/pyproject.toml,target=api/pyproject.toml \ set -ex; \ \ # prepare data directory mkdir data; \ chown nobody:nobody data; \ chmod u=rwx,g=rx,o=rx data; \ \ # install advent22_api deps uv sync \ --locked \ --no-install-project \ --no-editable \ ; # install advent22_api COPY api api/ RUN --mount=from=ghcr.io/astral-sh/uv,source=/uv,target=/bin/uv \ --mount=type=cache,target=/root/.cache/uv \ \ uv sync \ --locked \ --no-editable \ ; # add prepared advent22_ui COPY --from=build-ui /tmp/advent22_ui ui/ #################### # production image # #################### ARG PYTHON_VERSION FROM dhi.io/python:${PYTHON_VERSION} AS production ENV PATH="/opt/advent22/api/.venv/bin:$PATH" EXPOSE 8000 CMD [ "advent22" ] ARG PYTHON_VERSION COPY --from=install-app /opt/python/lib/python${PYTHON_VERSION} /opt/python/lib/python${PYTHON_VERSION}/ COPY --from=install-app /opt/advent22 /opt/advent22/ WORKDIR /opt/advent22/data VOLUME [ "/opt/advent22/data" ] # run as unprivileged user USER nobody