# Build stage - for compiling dependencies FROM python:3.12-slim as builder ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 # Install build dependencies RUN apt-get update \ && apt-get install -y --no-install-recommends \ build-essential \ libpq-dev \ libjpeg-dev \ zlib1g-dev \ libcairo2-dev \ libpango1.0-dev \ libgdk-pixbuf-xlib-2.0-dev \ libxml2-dev \ libxslt1-dev \ libffi-dev \ pkg-config \ gcc \ g++ \ && rm -rf /var/lib/apt/lists/* # Create virtual environment RUN python -m venv /opt/venv ENV PATH="/opt/venv/bin:$PATH" # Install Python dependencies COPY requirements.txt . RUN pip install --upgrade pip \ && pip install --no-cache-dir -r requirements.txt gunicorn psycopg2-binary # Production stage - minimal runtime image FROM python:3.12-slim as production ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ PATH="/opt/venv/bin:$PATH" # Install only runtime dependencies RUN apt-get update \ && apt-get install -y --no-install-recommends \ libpq5 \ libjpeg62-turbo \ zlib1g \ libcairo2 \ libpango-1.0-0 \ libgdk-pixbuf-xlib-2.0-0 \ libxml2 \ libxslt1.1 \ libffi8 \ curl \ netcat-openbsd \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean # Create non-root user FIRST RUN useradd --create-home --uid 1000 appuser # Copy virtual environment from builder stage WITH correct ownership COPY --from=builder --chown=appuser:appuser /opt/venv /opt/venv WORKDIR /app # Copy application code COPY --chown=appuser:appuser . . # Copy entrypoint script COPY --chown=appuser:appuser docker/entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh # Create necessary directories and set permissions RUN mkdir -p staticfiles media \ && chown -R appuser:appuser /app USER appuser EXPOSE 8000 HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \ CMD curl -f http://localhost:8000/health/ || exit 1 ENTRYPOINT ["/entrypoint.sh"] CMD ["gunicorn", "horilla.wsgi:application", "--config", "docker/gunicorn.conf.py"]