# Multi-stage build for WiFi-DensePose production deployment FROM python:3.11-slim as base # Set environment variables ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ PIP_NO_CACHE_DIR=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 # Install system dependencies RUN apt-get update && apt-get install -y \ build-essential \ curl \ git \ libopencv-dev \ python3-opencv \ && rm -rf /var/lib/apt/lists/* # Create app user RUN groupadd -r appuser && useradd -r -g appuser appuser # Set work directory WORKDIR /app # Copy requirements first for better caching COPY requirements.txt . # Install Python dependencies RUN pip install --no-cache-dir -r requirements.txt # Development stage FROM base as development # Install development dependencies RUN pip install --no-cache-dir \ pytest \ pytest-asyncio \ pytest-mock \ pytest-benchmark \ black \ flake8 \ mypy # Copy source code COPY . . # Change ownership to app user RUN chown -R appuser:appuser /app USER appuser # Expose port EXPOSE 8000 # Development command CMD ["uvicorn", "src.api.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"] # Production stage FROM base as production # Copy only necessary files COPY requirements.txt . COPY src/ ./src/ COPY assets/ ./assets/ # Create necessary directories RUN mkdir -p /app/logs /app/data /app/models # Change ownership to app user RUN chown -R appuser:appuser /app USER appuser # Health check HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \ CMD curl -f http://localhost:8000/health || exit 1 # Expose port EXPOSE 8000 # Production command CMD ["uvicorn", "src.api.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "4"] # Testing stage FROM development as testing # Copy test files COPY tests/ ./tests/ # Run tests RUN python -m pytest tests/ -v # Security scanning stage FROM production as security # Install security scanning tools USER root RUN pip install --no-cache-dir safety bandit # Run security scans RUN safety check RUN bandit -r src/ -f json -o /tmp/bandit-report.json USER appuser