851dd4f265
- Backend (Go): Use scratch image (~5MB), add build cache for modules - Backoffice (NestJS): Add pnpm cache, alpine image, fix Prisma client copy - BFF (Python): Add multi-stage with virtualenv, pip cache, optimized env vars - All: Add non-root users for security
44 lines
1,003 B
Docker
44 lines
1,003 B
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# ===== STAGE 1: Builder =====
|
|
FROM python:3.12-slim AS builder
|
|
|
|
WORKDIR /build
|
|
|
|
# Instala dependências em virtualenv isolado
|
|
RUN python -m venv /opt/venv
|
|
ENV PATH="/opt/venv/bin:$PATH"
|
|
|
|
COPY requirements.txt .
|
|
|
|
# Cache de pip para builds mais rápidas
|
|
RUN --mount=type=cache,target=/root/.cache/pip \
|
|
pip install --upgrade pip && \
|
|
pip install -r requirements.txt
|
|
|
|
# ===== STAGE 2: Production =====
|
|
FROM python:3.12-slim AS production
|
|
|
|
# Variáveis de ambiente Python otimizadas
|
|
ENV PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1 \
|
|
PATH="/opt/venv/bin:$PATH"
|
|
|
|
WORKDIR /app
|
|
|
|
# Copia virtualenv do builder
|
|
COPY --from=builder /opt/venv /opt/venv
|
|
|
|
# Copia código fonte
|
|
COPY src ./src
|
|
|
|
# Cria usuário não-root
|
|
RUN useradd --system --no-create-home --uid 1001 appuser && \
|
|
chown -R appuser:appuser /app
|
|
|
|
USER appuser
|
|
|
|
EXPOSE 8000
|
|
|
|
# Uvicorn com workers otimizados
|
|
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"]
|