# Dockerfile for Agent Media # Multi-stage build for smaller image size # =========================================== # Stage 1: Builder # =========================================== FROM python:3.12.7-slim as builder # STFU (please) ENV DEBIAN_FRONTEND=noninteractive # Install build dependencies (needs root) RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ && rm -rf /var/lib/apt/lists/* # Install Poetry globally (needs root) RUN pip install --no-cache-dir poetry # Copy dependency files (as root for now) COPY pyproject.toml poetry.lock* /tmp/ # Install dependencies as root (to avoid permission issues with system packages) WORKDIR /tmp RUN poetry config virtualenvs.create false \ && poetry install --only main --no-root --no-cache # Create non-root user RUN useradd -m -u 1000 -s /bin/bash appuser # Switch to non-root user USER appuser # Set working directory (owned by appuser) WORKDIR /home/appuser/app # =========================================== # Stage 2: Runtime # =========================================== FROM python:3.12.7-slim as runtime # Install runtime dependencies (needs root) RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean # Create non-root user RUN useradd -m -u 1000 -s /bin/bash appuser # Create data directories (needs root for /data) RUN mkdir -p /data/memory /data/logs \ && chown -R appuser:appuser /data # Switch to non-root user USER appuser # Set working directory (owned by appuser) WORKDIR /home/appuser/app # Copy Python packages from builder stage COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages COPY --from=builder /usr/local/bin /usr/local/bin # Copy application code (already owned by appuser) COPY --chown=appuser:appuser agent/ ./agent/ COPY --chown=appuser:appuser application/ ./application/ COPY --chown=appuser:appuser domain/ ./domain/ COPY --chown=appuser:appuser infrastructure/ ./infrastructure/ COPY --chown=appuser:appuser app.py . # Create volumes for persistent data VOLUME ["/data/memory", "/data/logs"] # Expose port EXPOSE 8000 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD curl -f http://localhost:8000/health || exit 1 # Environment variables (can be overridden) ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ PYTHONPATH=/home/appuser/app \ LLM_PROVIDER=deepseek \ MEMORY_STORAGE_DIR=/data/memory # Run the application CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000"]