44# $ docker build -t docbuild:latest .
55# -- or --
66# $ docker buildx build -t docbuild:latest .
7+ #
8+ # If you want to skip the jing installation step, use:
9+ # $ docker build --build-arg WITH_JING=false -t docbuild:latest .
710
811ARG PYTHON_VERSION=3.13-slim
912
@@ -24,20 +27,40 @@ WORKDIR /app
2427RUN --mount=type=cache,target=/root/.cache/uv \
2528 --mount=type=bind,source=uv.lock,target=uv.lock \
2629 --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
27- uv sync --locked --no-install-project --no-editable
30+ uv sync --frozen --no-install-project --no-editable
2831
2932# Copy the project into the intermediate image
3033ADD --chown=app:app . /app
3134
3235# Sync the project
3336RUN --mount=type=cache,target=/root/.cache/uv \
34- uv sync --no-editable
37+ uv sync --frozen -- no-editable
3538
3639# ------- Stage 2: Build/provide the application --------
3740FROM python:${PYTHON_VERSION}
3841
42+ # Allow conditional installation of jing for XML validation
43+ ARG WITH_JING=true
44+
45+ # Install runtime dependencies like jing for XML validation
46+ RUN if [ "$WITH_JING" = "true" ]; then \
47+ apt-get update && apt-get install -y --no-install-recommends jing && rm -rf /var/lib/apt/lists/*; \
48+ fi
49+
50+ # Create a non-root user to match the builder stage
51+ RUN useradd -m app
52+
3953# Copy the environment, but not the source code
4054COPY --from=builder --chown=app:app /app/.venv /app/.venv
4155
56+ # Set the working directory
57+ WORKDIR /app
58+
59+ # Add the virtual environment's bin directory to the PATH
60+ ENV PATH="/app/.venv/bin:${PATH}"
61+
62+ # Switch to the non-root user for security
63+ USER app
64+
4265# Run the application
43- CMD ["/app/.venv/bin/ docbuild" ]
66+ CMD ["docbuild" ]
0 commit comments