-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
128 lines (103 loc) · 4.25 KB
/
Dockerfile
File metadata and controls
128 lines (103 loc) · 4.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# HomeSec Dockerfile
# Multi-stage build for minimal image size
#
# Build: docker build -t homesec .
# Run: docker run \
# -v ./config.yaml:/config/config.yaml \
# -v ./.env:/config/.env \
# -v ./recordings:/data/recordings \
# -v ./storage:/data/storage \
# -v ./yolo_cache:/app/yolo_cache \
# -p 8081:8081 homesec
# =============================================================================
# Stage 1: Builder
# =============================================================================
FROM python:3.14-slim-bookworm AS builder
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install uv for fast dependency management
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
WORKDIR /app
# Copy dependency files first for better caching
COPY pyproject.toml uv.lock* LICENSE README.md ./
# Install dependencies into a virtual environment
RUN uv venv /app/.venv
ENV VIRTUAL_ENV=/app/.venv
ENV PATH="/app/.venv/bin:$PATH"
RUN uv sync --frozen --no-dev --no-install-project
# Copy source code
COPY src/ ./src/
COPY alembic/ ./alembic/
COPY alembic.ini ./
# Install the project (ensure homesec is in site-packages)
RUN uv pip install --no-deps .
# =============================================================================
# Stage 2: UI Builder
# =============================================================================
FROM node:22-bookworm-slim AS ui-builder
WORKDIR /app/ui
# Use pinned package manager from ui/package.json via corepack.
RUN corepack enable
# Copy lockfile first for better build caching.
COPY ui/package.json ui/pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
# Copy UI sources and build static assets.
COPY ui/ ./
RUN pnpm build
# =============================================================================
# Stage 3: Runtime
# =============================================================================
FROM python:3.14-slim-bookworm AS runtime
# Install runtime dependencies
# - ffmpeg: required for RTSP source video processing
# - libgl1: required by OpenCV
# - libglib2.0-0: required by OpenCV
# - postgresql-client-16: pg_dump/pg_restore version compatible with docker-compose postgres:16
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gnupg \
&& install -d -m 0755 /usr/share/postgresql-common/pgdg \
&& curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc \
| gpg --dearmor -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg \
&& echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg] https://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" \
> /etc/apt/sources.list.d/pgdg.list \
&& apt-get update && apt-get install -y --no-install-recommends \
ffmpeg \
libgl1 \
libglib2.0-0 \
postgresql-client-16 \
&& apt-get purge -y --auto-remove curl gnupg \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user for security
RUN useradd --create-home --shell /bin/bash homesec
WORKDIR /app
# Copy virtual environment from builder
COPY --from=builder /app/.venv /app/.venv
COPY --from=builder /app/alembic /app/alembic
COPY --from=builder /app/alembic.ini /app/alembic.ini
COPY --from=ui-builder /app/ui/dist /app/ui/dist
# Copy entrypoint script
COPY docker-entrypoint.sh /app/docker-entrypoint.sh
# Set up environment
ENV VIRTUAL_ENV=/app/.venv
ENV PATH="/app/.venv/bin:$PATH"
ENV PYTHONUNBUFFERED=1
ENV HOMESEC_SERVER_UI_DIST_DIR=/app/ui/dist
# Create directories for volume mounts and make entrypoint executable
RUN chmod +x /app/docker-entrypoint.sh \
&& mkdir -p /config /data/recordings /data/storage /app/yolo_cache \
&& chown -R homesec:homesec /config /data /app
# Switch to non-root user
USER homesec
# Health check endpoint
EXPOSE 8081
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8081/health')" || exit 1
# Entrypoint runs migrations then starts app
# Config and env are expected to be mounted at /config/
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["run", "--config", "/config/config.yaml", "--log_level", "INFO"]