| # Use Python 3.11 base image | |
| FROM python:3.11 | |
| # Create a non-root user for security | |
| RUN useradd -m -u 1000 user | |
| # Set environment variables and paths | |
| ENV PATH="/home/user/.local/bin:/app/prompt_order_experiment:$PATH" | |
| # Set work directory | |
| WORKDIR /app | |
| # Install necessary tools and dependencies as root | |
| RUN apt-get update -y && apt-get install -y \ | |
| caddy \ | |
| redis-server \ | |
| && apt-get clean && rm -rf /var/lib/apt/lists/* | |
| # Install Python requirements as root | |
| COPY ./requirements.txt requirements.txt | |
| RUN pip install --no-cache-dir --upgrade -r requirements.txt | |
| # Switch to the non-root user | |
| USER user | |
| # Copy application code | |
| COPY --chown=user . . | |
| # Switch back to root to perform privileged operations | |
| USER root | |
| # Compile frontend assets and move to /srv | |
| RUN reflex export --frontend-only --no-zip && mv .web/_static/* /srv/ && rm -rf .web | |
| # Ensure non-root user has access to /srv | |
| RUN chown -R user:user /srv | |
| # Needed until Reflex properly passes SIGTERM on backend. | |
| STOPSIGNAL SIGKILL | |
| # Ensure the non-root user has ownership of the app directory | |
| RUN chown -R user:user /app | |
| # Revert to non-root user for running the app | |
| USER user | |
| # Apply migrations before starting the backend (if applicable) | |
| RUN [ -d alembic ] && reflex db migrate || true | |
| # Expose the default port | |
| EXPOSE 8080 | |
| # Set the entry point for the container | |
| ENTRYPOINT ["reflex", "run", "--env", "dev", "--loglevel", "debug"] |