Oliver/loreal-utilisation-dept
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
loreal-utilisation-dept/backend/Dockerfile
DJP 04edbfdd2c Initial commit: dockerised FastAPI backend + React/Vite frontend rewrite 
Replaces a static SPA that shipped an Airtable PAT in the JS bundle.
The new architecture holds all secrets server-side, fronts the app
behind Apache on optical-dev with the shared-vhost split-build pattern,
and is designed for a later Azure AD/MSAL swap-in.

- backend/   FastAPI + uvicorn, local auth (Azure AD stub), Airtable
             proxy with TTL cache, Zoho .xlsx/.csv parser, merge
             service for utilisation summaries. 28 pytest tests.
- frontend/  React + Vite + TS + Tailwind + Recharts SPA. Login entry
             chunk 12.83 KB gzipped; Recharts lazy-loaded. No tokens
             or Airtable URLs in the built bundle.
- deploy/    Idempotent deploy.sh (port auto-pick 8200-8299,
             .env-persisted) + split-build Apache include template.
- docker-compose.yml pins name: utilisation-dept and binds 127.0.0.1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 12:37:04 -04:00

48 lines
1.4 KiB
Docker
Raw Blame History

# utilisation-dept backend
# Decisions:
# - Use python:3.12-slim for small footprint with broad wheel availability.
# - Install tini in the image so PID 1 reaps zombies and forwards signals
# (uvicorn + passlib bcrypt subprocesses behave better under tini).
# - Run as non-root `appuser`. /app/logs is chowned so the mounted volume
# from docker-compose remains writable.
# - No HEALTHCHECK here — docker-compose.yml owns the healthcheck.
FROM python:3.12-slim AS base
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# tini for clean PID 1 behaviour; libffi/openssl already in slim base.
RUN apt-get update \
&& apt-get install -y --no-install-recommends tini \
&& rm -rf /var/lib/apt/lists/*
# Non-root user
RUN groupadd --system appuser \
&& useradd --system --gid appuser --home /app --shell /usr/sbin/nologin appuser
WORKDIR /app
# Install deps first for better layer caching.
COPY requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir -r /app/requirements.txt
# Copy app code
COPY app /app/app
# Ensure logs dir exists and is writable by appuser (compose mounts a volume here).
RUN mkdir -p /app/logs && chown -R appuser:appuser /app
USER appuser
EXPOSE 8000
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["uvicorn", "app.main:app", \
"--host", "0.0.0.0", \
"--port", "8000", \
"--workers", "1", \
"--proxy-headers", \
"--forwarded-allow-ips=*"]
Reference in a new issue View git blame Copy permalink