admin/WerkoutAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ffabf35e22b4d96d1adc20815aaa6f95cfa4a86
WerkoutAPI/Dockerfile
Trey t 3ffabf35e2 Complete all deferred hardening items 
1. PII in git: Removed 324MB AI/ directory (1012 files of user workout
   data) from git history via git-filter-repo. Added AI/ to .gitignore.

2. Python 3.9 EOL: Upgraded Dockerfile from python:3.9.13 to
   python:3.12-slim. Added build-essential and libpq-dev for C
   extension compilation. Changed netcat to netcat-openbsd (slim compat).

3. Stale dependencies: Updated all packages from 2023 pins to latest
   compatible versions. Django 4.2→5.2 LTS, celery 5.3→5.4+,
   gunicorn 20→23+, redis 4.6→5.0+, DRF 3.14→3.15+, whitenoise 6.4→6.7+,
   debug-toolbar 4.1→4.4+. Switched to >= ranges with upper bounds on
   major versions for celery, kombu, redis, and Django.

4. Retry loop cap: Reduced FINAL_CONFORMANCE_MAX_RETRIES from 4 to 2,
   capping worst-case recursive calls from 15 (3×5) to 9 (3×3).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 22:48:30 -06:00

51 lines
1.4 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# ---- Stage 1: Build Next.js frontend ----
FROM node:20-slim AS frontend-build
WORKDIR /frontend
COPY werkout-frontend/package.json werkout-frontend/package-lock.json ./
RUN npm ci
COPY werkout-frontend/ ./
ENV NEXT_PUBLIC_API_URL=
RUN rm -rf .next && npm run build
# ---- Stage 2: Final image (Python + Node runtime) ----
FROM python:3.12-slim
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
# System deps
RUN apt-get update && apt-get install -y \
build-essential libpq-dev \
swig libssl-dev dpkg-dev netcat-openbsd ffmpeg \
supervisor curl \
&& rm -rf /var/lib/apt/lists/*
# Install Node.js 20 for Next.js runtime
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs \
&& rm -rf /var/lib/apt/lists/*
# Python deps
RUN pip install -U pip
WORKDIR /code
COPY requirements.txt /code/
RUN pip install -r requirements.txt
# Copy Django project
COPY . /code/
# Copy built frontend (overwrite source with built version)
COPY --from=frontend-build /frontend/.next /code/werkout-frontend/.next
COPY --from=frontend-build /frontend/node_modules /code/werkout-frontend/node_modules
# Collect static files
RUN /code/manage.py collectstatic --noinput || true
# Supervisor config
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
EXPOSE 8000 3000
CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
Reference in New Issue View Git Blame Copy Permalink