legal-doc-masker/Dockerfile

# Build stage
FROM python:3.12-slim AS builder

WORKDIR /app

# Install build dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# Copy requirements first to leverage Docker cache
COPY requirements.txt .
RUN pip wheel --no-cache-dir --no-deps --wheel-dir /app/wheels -r requirements.txt

# Final stage
FROM python:3.12-slim

WORKDIR /app

# Create non-root user
RUN useradd -m -r appuser && \
    chown appuser:appuser /app

# Copy wheels from builder
COPY --from=builder /app/wheels /wheels
COPY --from=builder /app/requirements.txt .

# Install dependencies
RUN pip install --no-cache /wheels/*

# Copy application code
COPY src/ ./src/

# Create directories for mounted volumes
RUN mkdir -p /data/input /data/output && \
    chown -R appuser:appuser /data

# Switch to non-root user
USER appuser

# Environment variables
ENV PYTHONPATH=/app \
    OBJECT_STORAGE_PATH=/data/input \
    TARGET_DIRECTORY_PATH=/data/output

# Run the application
CMD ["python", "src/main.py"]