From 47ab5525846e8da5f8a6f97a06c3f0db8047030a Mon Sep 17 00:00:00 2001 From: Ben Cherry Date: Tue, 10 Mar 2026 11:56:27 -0700 Subject: [PATCH] dockerfile updates --- .dockerignore | 35 ++++++++++++++++++++++++++++++----- .gitignore | 22 +++++++++++++++++++++- Dockerfile | 49 +++++++++++++++++++++++++++++-------------------- 3 files changed, 80 insertions(+), 26 deletions(-) diff --git a/.dockerignore b/.dockerignore index b01251e..27fb03d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,9 @@ +# Project tests +test/ +tests/ +eval/ +evals/ + # Python bytecode and artifacts __pycache__/ *.py[cod] @@ -39,10 +45,29 @@ coverage/ # Project docs and misc README.md +CONTRIBUTING.md LICENSE -# Project tests -test/ -tests/ -eval/ -evals/ \ No newline at end of file +# Coding agent files +.claude/ +.codex/ +.cursor/ +.windsurf/ +.gemini/ +.cline/ +.clinerules +.clinerules/ +.aider* +.cursorrules +.cursorignore +.cursorindexingignore +.clineignore +.codeiumignore +.geminiignore +.windsurfrules +CLAUDE.md +AGENTS.md +GEMINI.md +.github/copilot-instructions.md +.github/personal-instructions.md +.github/instructions/ diff --git a/.gitignore b/.gitignore index 7cbea9e..6a5c495 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,24 @@ KMS *.egg-info .pytest_cache .ruff_cache -.claude/settings.local.json \ No newline at end of file + +# Claude Code +.claude/settings.local.json +.claude/worktrees/ + +# OpenAI Codex +.codex/config.local.toml + +# Gemini CLI +.gemini/history/ +.gemini/tmp/ +.gemini/google_accounts.json +.gemini/installation_id +.gemini/oauth_creds.json + +# Cursor +.cursor/chat/ +.cursor/rules/*.local.mdc + +# GitHub CLI +.github/personal-instructions.md diff --git a/Dockerfile b/Dockerfile index 61de813..1b77cae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,19 +10,13 @@ FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-bookworm-slim AS base # the application crashes without emitting any logs due to buffering. ENV PYTHONUNBUFFERED=1 -# Create a non-privileged user that the app will run under. -# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user -ARG UID=10001 -RUN adduser \ - --disabled-password \ - --gecos "" \ - --home "/app" \ - --shell "/sbin/nologin" \ - --uid "${UID}" \ - appuser +# --- Build stage --- +# Install dependencies, build native extensions, and prepare the application +FROM base AS build # Install build dependencies required for Python packages with native extensions # gcc: C compiler needed for building Python packages with C extensions +# g++: C++ compiler needed for building Python packages with C++ extensions # python3-dev: Python development headers needed for compilation # We clean up the apt cache after installation to keep the image size down RUN apt-get update && apt-get install -y \ @@ -50,20 +44,35 @@ RUN uv sync --locked # (Excludes files specified in .dockerignore) COPY . . -# Change ownership of all app files to the non-privileged user -# This ensures the application can read/write files as needed -RUN chown -R appuser:appuser /app +# Pre-download any ML models or files the agent needs +# This ensures the container is ready to run immediately without downloading +# dependencies at runtime, which improves startup time and reliability +RUN uv run "src/agent.py" download-files + +# --- Production stage --- +# Build tools (gcc, g++, python3-dev) are not included in the final image +FROM base + +# Create a non-privileged user that the app will run under. +# See https://docs.docker.com/build/building/best-practices/#user +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/app" \ + --shell "/sbin/nologin" \ + --uid "${UID}" \ + appuser + +# Copy the application and virtual environment with correct ownership in a single layer +# This avoids expensive recursive chown and excludes build tools from the final image +COPY --from=build --chown=appuser:appuser /app /app # Switch to the non-privileged user for all subsequent operations # This improves security by not running as root USER appuser -# Pre-download any ML models or files the agent needs -# This ensures the container is ready to run immediately without downloading -# dependencies at runtime, which improves startup time and reliability -RUN uv run src/agent.py download-files - -# Run the application using UV +# Run the AgentServer using UV # UV will activate the virtual environment and run the agent. -# The "start" command tells the worker to connect to LiveKit and begin waiting for jobs. +# The "start" command tells the AgentServer to connect to LiveKit and begin waiting for jobs. CMD ["uv", "run", "src/agent.py", "start"]