72 lines
1.9 KiB
Docker
72 lines
1.9 KiB
Docker
# ===========================================
|
||
# NJUPT MCP Server - Dockerfile
|
||
# ===========================================
|
||
|
||
# ---- 阶段 1: 构建依赖 ----
|
||
FROM python:3.12-slim AS builder
|
||
|
||
# 安装构建工具
|
||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||
build-essential \
|
||
&& rm -rf /var/lib/apt/lists/*
|
||
|
||
# 使用 uv 加速依赖安装(可选但推荐)
|
||
RUN pip install --no-cache-dir uv
|
||
|
||
# 设置工作目录
|
||
WORKDIR /build
|
||
|
||
# 创建虚拟环境
|
||
RUN uv venv /opt/venv
|
||
ENV PATH="/opt/venv/bin:$PATH"
|
||
|
||
# 复制项目文件
|
||
COPY pyproject.toml .
|
||
COPY README.md .
|
||
COPY src/ ./src/
|
||
|
||
# 安装依赖和包(非 editable 模式)
|
||
RUN uv pip install .
|
||
|
||
# ---- 阶段 2: 运行镜像 ----
|
||
FROM python:3.12-slim AS runtime
|
||
|
||
# 设置环境变量
|
||
ENV PYTHONDONTWRITEBYTECODE=1 \
|
||
PYTHONUNBUFFERED=1 \
|
||
PIP_NO_CACHE_DIR=1 \
|
||
PIP_DISABLE_PIP_VERSION_CHECK=1 \
|
||
PYTHON_ENV=production
|
||
|
||
# 创建非 root 用户(安全最佳实践)
|
||
RUN groupadd --gid 1000 appgroup && \
|
||
useradd --uid 1000 --gid appgroup --shell /bin/bash --create-home appuser
|
||
|
||
# 从 builder 复制虚拟环境
|
||
COPY --from=builder /opt/venv /opt/venv
|
||
ENV PATH="/opt/venv/bin:$PATH"
|
||
|
||
# 设置工作目录
|
||
WORKDIR /app
|
||
|
||
# 包已经在 builder 阶段安装到虚拟环境,无需重新安装
|
||
# 但如果需要,可以复制源码供参考(可选)
|
||
COPY src/ ./src/
|
||
|
||
# 创建数据目录并设置权限
|
||
RUN mkdir -p /app/data && chown -R appuser:appgroup /app
|
||
|
||
# 切换到非 root 用户
|
||
USER appuser
|
||
|
||
# 暴露端口(SSE 模式默认 8000)
|
||
EXPOSE 8000
|
||
|
||
# 健康检查
|
||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/sse')" 2>/dev/null || exit 1
|
||
|
||
# 默认启动命令(SSE 模式)
|
||
ENTRYPOINT ["njupt-mcp"]
|
||
CMD ["--transport", "sse", "--host", "0.0.0.0", "--port", "8000"]
|