Last active
October 30, 2025 09:02
-
-
Save szeyu/f3883f16c1fc041118721d039153d5ed to your computer and use it in GitHub Desktop.
Dockerfile for UV Based Project
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # trixie version is fixed | |
| FROM astral/uv:0.9-python3.13-trixie AS builder | |
| WORKDIR /builder | |
| ENV UV_COMPILE_BYTECODE=1 \ | |
| UV_LINK_MODE=copy \ | |
| UV_PYTHON_DOWNLOADS=0 \ | |
| UV_HTTP_TIMEOUT=240 \ | |
| UV_LOCKED=1 | |
| # Copy dependencies files and source code | |
| COPY pyproject.toml uv.lock ./ | |
| COPY src src | |
| RUN --mount=type=cache,target=/root/.cache/uv \ | |
| uv sync | |
| # trixie version is fixed | |
| FROM python:3.13-slim-trixie AS runtime | |
| RUN groupadd nonroot_group \ | |
| && useradd --gid nonroot_group --home-dir /home/nonroot --create-home nonroot | |
| WORKDIR /app | |
| RUN chown nonroot:nonroot_group /app | |
| COPY --from=builder /builder/.venv .venv | |
| COPY src src | |
| ENV PATH="/app/.venv/bin:$PATH" \ | |
| PYTHONPATH="/app" \ | |
| PYTHONUNBUFFERED=True | |
| USER nonroot | |
| CMD ["python", "-m", "src.main"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # trixie version is fixed | |
| FROM astral/uv:0.9-python3.13-trixie AS builder | |
| WORKDIR /builder | |
| ENV UV_COMPILE_BYTECODE=1 \ | |
| UV_LINK_MODE=copy \ | |
| UV_PYTHON_DOWNLOADS=0 \ | |
| UV_HTTP_TIMEOUT=240 \ | |
| UV_LOCKED=1 | |
| # Copy dependencies files and source code | |
| COPY pyproject.toml uv.lock ./ | |
| COPY src src | |
| # overwrite the internal dependencies with git token in front to make it discoverable | |
| RUN --mount=type=cache,target=/root/.cache/uv \ | |
| --mount=type=secret,id=git_token \ | |
| GIT_TOKEN=$(cat /run/secrets/git_token) && \ | |
| sed -i "s|github.com|${GIT_TOKEN}@github.com|g" uv.lock pyproject.toml && \ | |
| uv sync | |
| # trixie version is fixed | |
| FROM python:3.13-slim-trixie AS runtime | |
| RUN groupadd nonroot_group \ | |
| && useradd --gid nonroot_group --home-dir /home/nonroot --create-home nonroot | |
| WORKDIR /app | |
| RUN chown nonroot:nonroot_group /app | |
| COPY --from=builder /builder/.venv .venv | |
| COPY src src | |
| ENV PATH="/app/.venv/bin:$PATH" \ | |
| PYTHONPATH="/app" \ | |
| PYTHONUNBUFFERED=True | |
| USER nonroot | |
| CMD ["python", "-m", "src.main"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| install: | |
| uv sync | |
| install-dev: | |
| uv sync --dev | |
| # no internal dependencies | |
| docker-build: install | |
| docker build \ | |
| -t docker-image-name . | |
| # have internal dependencies | |
| docker-build: install | |
| @export GIT_TOKEN=$$(gh auth token); \ | |
| docker build \ | |
| --secret id=git_token,env=GIT_TOKEN \ | |
| -t docker-image-name . | |
| docker-run: docker-build | |
| docker run \ | |
| --env-file .env \ | |
| docker-image-name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment