-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathDockerfile
More file actions
62 lines (54 loc) · 3 KB
/
Copy pathDockerfile
File metadata and controls
62 lines (54 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# syntax=docker/dockerfile:1
# CodeRAG container images — two build targets share one base:
# docker build --target server -t coderag . # HTTP/REST API (port 8000)
# docker build --target ui -t coderag-ui . # Web UI (port 8501)
# Published to GHCR as :beta / :beta-ui by .github/workflows/docker-beta.yml.
ARG PYTHON_VERSION=3.12
# ---------- shared base ----------
# Digest-pinned for reproducible, tamper-evident builds. The digest is the
# authoritative reference; the trailing tag is a human-readable reminder only.
# Re-resolve with: docker buildx imagetools inspect python:${PYTHON_VERSION}-slim
FROM python:${PYTHON_VERSION}-slim@sha256:d764629ce0ddd8c71fd371e9901efb324a95789d2315a47db7e4d27e78f1b0e9 AS base
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
CODERAG_STORE_DIR=/data \
CODERAG_WATCHED_DIR=/workspace
LABEL org.opencontainers.image.source="https://github.com/Neverdecel/CodeRAG" \
org.opencontainers.image.description="CodeRAG — local-first semantic code-search engine" \
org.opencontainers.image.licenses="Apache-2.0"
# uv for fast, reproducible installs (copied from the official image).
# Digest-pinned (re-resolve with: docker buildx imagetools inspect ghcr.io/astral-sh/uv:0.8.17).
COPY --from=ghcr.io/astral-sh/uv:0.8.17@sha256:e4644cb5bd56fdc2c5ea3ee0525d9d21eed1603bccd6a21f887a938be7e85be1 /uv /uvx /usr/local/bin/
WORKDIR /app
# pyproject reads README.md and LICENSE, so both are needed to build the wheel.
COPY pyproject.toml README.md LICENSE ./
COPY coderag ./coderag
# Non-root runtime user; writable mount points for the index and the codebase.
RUN useradd --create-home --uid 10001 --shell /usr/sbin/nologin coderag \
&& mkdir -p /data /workspace \
&& chown -R coderag:coderag /data /workspace
# ---------- HTTP/REST API image ----------
FROM base AS server
# Include the LLM answer backends (openai covers self-hosted OpenAI-compatible
# servers like Ollama/vLLM too) so `--answer` works out of the box.
RUN uv pip install --system --no-cache ".[server,openai,anthropic]"
USER coderag
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
CMD ["python", "-c", "import sys,urllib.request as u; sys.exit(0 if u.urlopen('http://127.0.0.1:8000/status').status==200 else 1)"]
ENTRYPOINT ["coderag"]
CMD ["serve", "--host", "0.0.0.0", "--port", "8000"]
# ---------- Web UI image ----------
FROM base AS ui
# Include the LLM answer backends (openai covers self-hosted OpenAI-compatible
# servers like Ollama/vLLM too) so the UI's "Generate LLM answer" works.
RUN uv pip install --system --no-cache ".[ui,openai,anthropic]"
# `coderag ui` serves the FastAPI/Jinja UI via uvicorn; host/port come from env.
ENV CODERAG_UI_HOST=0.0.0.0 \
CODERAG_UI_PORT=8501
USER coderag
EXPOSE 8501
HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
CMD ["python", "-c", "import sys,urllib.request as u; sys.exit(0 if u.urlopen('http://127.0.0.1:8501/healthz').status==200 else 1)"]
CMD ["coderag", "ui"]