diff --git a/application/Dockerfile b/application/Dockerfile index 92860c20..305bca44 100644 --- a/application/Dockerfile +++ b/application/Dockerfile @@ -1,31 +1,70 @@ -FROM python:3.11-slim-bullseye as builder +# Builder Stage +FROM ubuntu:mantic as builder -# Tiktoken requires Rust toolchain, so build it in a separate stage -RUN apt-get update && apt-get install -y gcc curl -RUN apt-get install -y wget unzip -RUN wget https://d3dg1063dc54p9.cloudfront.net/models/embeddings/mpnet-base-v2.zip -RUN unzip mpnet-base-v2.zip -d model -RUN rm mpnet-base-v2.zip -RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && apt-get install --reinstall libc6-dev -y -ENV PATH="/root/.cargo/bin:${PATH}" -RUN pip install --upgrade pip && pip install tiktoken==0.5.2 +# Install necessary packages +RUN apt-get update && \ + apt-get install -y --no-install-recommends gcc curl wget unzip libc6-dev python3.11 python3-pip python3-venv && \ + ln -s /usr/bin/python3.11 /usr/bin/python && \ + ln -sf /usr/bin/pip3 /usr/bin/pip + +# Download and unzip the model +RUN wget https://d3dg1063dc54p9.cloudfront.net/models/embeddings/mpnet-base-v2.zip && \ + unzip mpnet-base-v2.zip -d model && \ + rm mpnet-base-v2.zip + +# Install Rust +RUN curl https://sh.rustup.rs -sSf | sh -s -- -y + +# Clean up to reduce container size +RUN apt-get remove --purge -y wget unzip && apt-get autoremove -y && rm -rf /var/lib/apt/lists/* + +# Copy requirements.txt COPY requirements.txt . -RUN pip install -r requirements.txt +# Setup Python virtual environment +RUN python3 -m venv /venv +ENV PATH="/venv/bin:$PATH" +# Install Python packages +RUN pip install --no-cache-dir --upgrade pip && \ + pip install --no-cache-dir tiktoken && \ + pip install --no-cache-dir -r requirements.txt -FROM python:3.11-slim-bullseye +# Final Stage +FROM ubuntu:mantic as final -# Copy pre-built packages and binaries from builder stage -COPY --from=builder /usr/local/ /usr/local/ +# Install Python +RUN apt-get update && apt-get install -y --no-install-recommends python3.11 python3-pip && \ + ln -s /usr/bin/python3.11 /usr/bin/python && \ + rm -rf /var/lib/apt/lists/* +# Set working directory WORKDIR /app + +# Create a non-root user: `appuser` (Feel free to choose a name) +RUN groupadd -r appuser && \ + useradd -r -g appuser -d /app -s /sbin/nologin -c "Docker image user" appuser + +# Copy the virtual environment and model from the builder stage +COPY --from=builder /venv /venv COPY --from=builder /model /app/model +# Copy your application code COPY . /app/application -ENV FLASK_APP=app.py -ENV FLASK_DEBUG=true +# Change the ownership of the /app directory to the appuser +RUN chown -R appuser:appuser /app + +# Set environment variables +ENV FLASK_APP=app.py \ + FLASK_DEBUG=true \ + PATH="/venv/bin:$PATH" + +# Expose the port the app runs on EXPOSE 7091 -CMD ["gunicorn", "-w", "2", "--timeout", "120", "--bind", "0.0.0.0:7091", "application.wsgi:app"] +# Switch to non-root user +USER appuser + +# Start Gunicorn +CMD ["gunicorn", "-w", "2", "--timeout", "120", "--bind", "0.0.0.0:7091", "application.wsgi:app"] \ No newline at end of file diff --git a/application/requirements.txt b/application/requirements.txt index dbde5668..f9048b50 100644 --- a/application/requirements.txt +++ b/application/requirements.txt @@ -10,7 +10,7 @@ escodegen==1.0.11 esprima==4.0.1 faiss-cpu==1.7.4 Flask==3.0.1 -gunicorn==21.2.0 +gunicorn==22.0.0 html2text==2020.1.16 javalang==0.13.0 langchain==0.1.4 @@ -27,8 +27,8 @@ redis==5.0.1 Requests==2.31.0 retry==0.9.2 sentence-transformers -tiktoken==0.5.2 -torch==2.1.2 +tiktoken +torch tqdm==4.66.1 transformers==4.36.2 unstructured==0.12.2