Some checks are pending
AI PR Review / ai-review (pull_request) Waiting to run
CI / lint (pull_request) Waiting to run
CI / test (pull_request) Waiting to run
CI / security (pull_request) Waiting to run
CI / pre-commit (pull_request) Waiting to run
CI / license (pull_request) Waiting to run
CI / ai-review (pull_request) Waiting to run
#1 requirements.lock was incomplete (missing python-multipart, mcp, chain deps) - Switch Dockerfile to use requirements.txt (loose pins) - Add python-multipart>=0.0.9 and mcp>=1.25.0 to requirements.txt #2 main.py wrong import: AuditTrail does not exist - core/audit.py defines AuditLog, not AuditTrail - Updated import + usage #3 main.py wrong import path: _PersistentStore doesn't exist - Actual class is PersistentStore (no underscore prefix) - Lives in routers/_persistent_store.py (not routers/chain_vault.py) - Updated import path + name #4 DB volume permissions broken - Added entrypoint.sh that chowns /data to walletpress:walletpress as root - Reordered Dockerfile: COPY entrypoint + chmod before USER directive - Added /data mkdir + chown in Dockerfile for build-time setup After fixes: - walletpress-backend container Up (healthy) - 112 API endpoints accessible at /backend/* - Tailscale access works, direct IP requires basic auth
44 lines
1.4 KiB
Docker
44 lines
1.4 KiB
Docker
FROM python:3.12-slim AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends gcc libffi-dev libssl-dev && rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY requirements.txt ./
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
FROM python:3.12-slim AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
# Install runtime deps (no gcc needed)
|
|
RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev && rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy Python deps from builder
|
|
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
|
|
COPY --from=builder /usr/local/bin /usr/local/bin
|
|
|
|
# Copy app code
|
|
COPY . .
|
|
|
|
# Create data dir + set perms (as root)
|
|
RUN mkdir -p /data && chmod 755 /data
|
|
|
|
# Add entrypoint (as root) that fixes data perms then drops to walletpress user
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
# Create non-root user
|
|
RUN groupadd -r walletpress && useradd -r -g walletpress -d /app -s /sbin/nologin walletpress
|
|
|
|
# Chown app + data dirs to walletpress
|
|
RUN chown -R walletpress:walletpress /app /data
|
|
|
|
USER walletpress
|
|
|
|
EXPOSE 8010
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8010/health')" || exit 1
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8010"]
|