# Ultra-minimal Docker image using distroless FROM python:3.13-slim AS builder # Install build dependencies and Python RUN apt-get update && apt-get install -y --no-install-recommends \ python3-venv \ gcc \ libc6-dev \ zlib1g \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # Create virtual environment in /usr/local RUN python3 -m venv /usr/local ENV PATH="/usr/local/bin:$PATH" # Install hatch and generate requirements RUN pip install --no-cache-dir hatch COPY pyproject.toml ./ RUN hatch dep show requirements > requirements.txt RUN pip install --no-cache-dir --compile -r requirements.txt # Copy source and build COPY src/ ./src/ COPY templates/ ./templates/ COPY LICENSE README.md ./ RUN hatch build -t wheel RUN pip install --no-cache-dir --compile dist/*.whl # Clean up build artifacts and unnecessary files RUN find /usr/local -name "*.pyc" -delete && \ find /usr/local -name "__pycache__" -type d -exec rm -rf {} + && \ find /usr/local -name "*.pyo" -delete && \ find /usr/local -name "tests" -type d -exec rm -rf {} + && \ find /usr/local -name "test" -type d -exec rm -rf {} + && \ find /usr/local -name "*.egg-info" -type d -exec rm -rf {} + && \ find /usr/local -name "*.dist-info" -type d -exec rm -rf {} + && \ rm -rf /usr/local/share/man /usr/local/share/doc RUN rm -rf /usr/local/lib/python3.13/site-packages/pip* && \ rm -rf /usr/local/lib/python3.13/site-packages/virtualenv* && \ rm -rf /usr/local/lib/python3.13/site-packages/hatch* && \ rm -rf /usr/local/lib/python3.13/site-packages/hatchling RUN rm -rf /usr/local/bin/uv # Using distroless as a main runtime image FROM gcr.io/distroless/cc-debian12:nonroot # Copy Python interpreter and the package from the builder stage COPY --from=builder /usr/local /usr/local COPY --from=builder /usr/lib/x86_64-linux-gnu/libz.so.1.2.13 /usr/lib/x86_64-linux-gnu/libz.so.1 COPY --from=builder /usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6 /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 COPY --from=builder /app/templates /app/templates/ # Set environment variables ENV PATH="/usr/local/bin:$PATH" ENV PYTHONPATH="/usr/local/lib/python3.13/site-packages" ENV PYTHONUNBUFFERED=1 # Run as non-root USER nonroot # Expose port EXPOSE 80 # Run the application ENTRYPOINT ["/usr/local/bin/python", "-m", "uvicorn", "random_access.main:app", "--host", "0.0.0.0", "--port", "80"]