sandbox connected and streaming
This commit is contained in:
96
sandbox/Dockerfile
Normal file
96
sandbox/Dockerfile
Normal file
@@ -0,0 +1,96 @@
|
||||
# Multi-stage build for DexOrder user container
|
||||
FROM continuumio/miniconda3:latest AS builder
|
||||
|
||||
WORKDIR /build
|
||||
|
||||
# Install build dependencies including protobuf compiler
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
gcc \
|
||||
g++ \
|
||||
protobuf-compiler \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Copy dependency specifications
|
||||
COPY setup.py .
|
||||
COPY environment.yml .
|
||||
COPY dexorder/ dexorder/
|
||||
|
||||
# Copy protobuf definitions (copied by bin/build from canonical /protobuf/)
|
||||
COPY protobuf/ protobuf/
|
||||
|
||||
# Compile protobufs to Python
|
||||
RUN mkdir -p dexorder/generated && \
|
||||
protoc --python_out=dexorder/generated --proto_path=protobuf protobuf/*.proto && \
|
||||
touch dexorder/generated/__init__.py
|
||||
|
||||
# Create conda environment and install dependencies
|
||||
RUN conda env create -f environment.yml -p /build/env && \
|
||||
conda clean -afy
|
||||
|
||||
# Install the local package into the conda environment
|
||||
RUN /build/env/bin/pip install --no-cache-dir .
|
||||
|
||||
# =============================================================================
|
||||
# Runtime stage
|
||||
# =============================================================================
|
||||
FROM continuumio/miniconda3:latest
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Install runtime dependencies only
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
libzmq5 \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user
|
||||
RUN groupadd -r dexorder && useradd -r -g dexorder -u 1000 dexorder
|
||||
|
||||
# Copy conda environment from builder
|
||||
COPY --from=builder /build/env /opt/conda/envs/dexorder
|
||||
|
||||
# Copy application code
|
||||
COPY dexorder/ /app/dexorder/
|
||||
COPY main.py /app/
|
||||
|
||||
# Copy generated protobuf code from builder
|
||||
COPY --from=builder /build/dexorder/generated/ /app/dexorder/generated/
|
||||
|
||||
# Create directories for config, secrets, and data
|
||||
# Note: /app will be read-only at runtime except for /app/data (mounted volume)
|
||||
RUN mkdir -p /app/config /app/secrets /app/data && \
|
||||
chown -R root:root /app && \
|
||||
chmod -R 755 /app && \
|
||||
chown dexorder:dexorder /app/data && \
|
||||
chmod 700 /app/data
|
||||
|
||||
# Create writable tmp directory (read-only rootfs requirement)
|
||||
RUN mkdir -p /tmp && chmod 1777 /tmp
|
||||
|
||||
# Copy entrypoint script
|
||||
COPY entrypoint.sh /app/
|
||||
RUN chmod 755 /app/entrypoint.sh && chown root:root /app/entrypoint.sh
|
||||
|
||||
# Switch to non-root user
|
||||
USER dexorder
|
||||
|
||||
# Environment variables (can be overridden in k8s)
|
||||
ENV PYTHONUNBUFFERED=1 \
|
||||
MPLCONFIGDIR=/tmp \
|
||||
LOG_LEVEL=INFO \
|
||||
CONFIG_PATH=/app/config/config.yaml \
|
||||
SECRETS_PATH=/app/config/secrets.yaml \
|
||||
ZMQ_XPUB_PORT=5570 \
|
||||
ZMQ_GATEWAY_ENDPOINT=tcp://gateway:5571 \
|
||||
MCP_SERVER_NAME=dexorder-user \
|
||||
MCP_TRANSPORT=sse \
|
||||
MCP_HTTP_PORT=3000 \
|
||||
MCP_HTTP_HOST=0.0.0.0 \
|
||||
IDLE_TIMEOUT_MINUTES=15 \
|
||||
ENABLE_IDLE_SHUTDOWN=true
|
||||
|
||||
# Health check endpoint (simple check if process is running)
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
||||
CMD /opt/conda/envs/dexorder/bin/python -c "import sys; sys.exit(0)"
|
||||
|
||||
# Run the main application using conda environment via entrypoint
|
||||
ENTRYPOINT ["/app/entrypoint.sh"]
|
||||
Reference in New Issue
Block a user