Dockerfile

FROM python:3.11.6-slim-bookworm as base

# Install poetry and git
RUN apt-get update && apt-get install -y git
RUN pip install pipx
RUN python3 -m pipx ensurepath
RUN pipx install poetry
ENV PATH="/root/.local/bin:$PATH"

# https://python-poetry.org/docs/configuration/#virtualenvsin-project
ENV POETRY_VIRTUALENVS_IN_PROJECT=true

FROM base as dependencies
WORKDIR /home/worker/app
COPY pyproject.toml poetry.lock ./

# Explicitly copy the project files before running poetry install
COPY pyproject.toml poetry.lock ./
RUN poetry config installer.max-workers 10
RUN poetry lock --no-update
RUN poetry install --extras chroma
RUN pip install fastapi uvicorn

FROM base as app

ENV PYTHONUNBUFFERED=1
ENV PORT=7860
EXPOSE 7860

# Create the worker user with the appropriate UID and GID
RUN useradd -m -u 1000 -U worker

# Ensure the worker user has the necessary permissions
RUN mkdir -p local_data/private_gpt/chromadb && chown -R worker:worker local_data/private_gpt
RUN mkdir -p /models && chown worker:worker /models

# Copy only the necessary files for the app
COPY --chown=worker --from=dependencies /home/worker/app/.venv/ .venv
COPY --chown=worker private_gpt/ private_gpt
COPY --chown=worker docs/ docs
COPY --chown=worker *.yaml *.md ./

USER worker


# Get secret EXAMPLE and output it to /home/worker/test at buildtime
RUN --mount=type=secret,id=OPENAI_API_KEY,mode=0444,required=true \
   cat /run/secrets/OPENAI_API_KEY > /home/worker/test

RUN --mount=type=secret,id=PASSWORD,mode=0444,required=true \
   cat /run/secrets/PASSWORD > /home/worker/test

RUN --mount=type=secret,id=USER_HASH,mode=0444,required=true \
   cat /run/secrets/USER_HASH > /home/worker/test

RUN --mount=type=secret,id=ADMIN_HASH,mode=0444,required=true \
   cat /run/secrets/ADMIN_HASH > /home/worker/test

# Activate the virtual environment and run uvicorn
CMD [".venv/bin/python", "-m", "uvicorn", "private_gpt.main:app", "--host", "0.0.0.0", "--port", "7860"]