-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile.agent
More file actions
107 lines (84 loc) · 3.96 KB
/
Dockerfile.agent
File metadata and controls
107 lines (84 loc) · 3.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# ═══════════════════════════════════════════════════════════════════════
# Dockerfile.agent — Shared base image for ALL agent microservices
# Multi-stage build: builder → runtime (slim, non-root, production-safe)
# Works on: linux/amd64 · linux/arm64 (Apple M1/M2/M3, Raspberry Pi)
# ═══════════════════════════════════════════════════════════════════════
# ── Stage 1: Builder ────────────────────────────────────────────────────
FROM python:3.12-slim AS builder
# Build args for image metadata
ARG BUILD_DATE
ARG GIT_COMMIT
ARG AGENT_ROLE=generic
WORKDIR /build
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create standard python virtual environment for safe multi-stage transfer
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
# Copy only requirements first — Docker layer cache optimization
COPY requirements.txt .
# Install dependencies into virtual environment
RUN pip install --upgrade pip && \
pip install --no-cache-dir -r requirements.txt
# Copy application source explicitly for pruning
COPY agents/ ./source/agents/
COPY messaging/ ./source/messaging/
COPY observability/ ./source/observability/
COPY tools/ ./source/tools/
COPY utils/ ./source/utils/
COPY orchestrator/ ./source/orchestrator/
# Prune unneeded agent roles to minimize attack surface and image size
RUN if [ "$AGENT_ROLE" != "generic" ]; then \
find ./source/agents/ -name '*_agent.py' ! -name 'base_agent.py' ! -name "${AGENT_ROLE}_agent.py" -delete; \
fi
# ── Stage 2: Runtime ────────────────────────────────────────────────────
FROM python:3.12-slim AS runtime
ARG BUILD_DATE
ARG GIT_COMMIT
ARG AGENT_ROLE=generic
# OCI image labels
LABEL org.opencontainers.image.created="${BUILD_DATE}"
LABEL org.opencontainers.image.revision="${GIT_COMMIT}"
LABEL org.opencontainers.image.title="ai-org-agent-${AGENT_ROLE}"
LABEL org.opencontainers.image.description="Autonomous AI Organization — ${AGENT_ROLE} Agent"
WORKDIR /app
# Runtime system deps only (no build tools)
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 \
curl \
dumb-init \
&& rm -rf /var/lib/apt/lists/* \
&& useradd --system --uid 1001 --gid 0 --home /app aiorg
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv
# Activate virtual environment
ENV PATH="/opt/venv/bin:$PATH"
# Copy exactly what we need from builder source
COPY --from=builder /build/source/agents/ ./agents/
COPY --from=builder /build/source/messaging/ ./messaging/
COPY --from=builder /build/source/observability/ ./observability/
COPY --from=builder /build/source/tools/ ./tools/
COPY --from=builder /build/source/utils/ ./utils/
COPY --from=builder /build/source/orchestrator/ ./orchestrator/
# Set ownership
RUN chown -R 1001:0 /app
# Non-root user (security best practice)
USER 1001
# Environment defaults (overridden by docker-compose)
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONPATH=/app \
AGENT_ROLE=${AGENT_ROLE} \
KAFKA_MOCK=false \
ENVIRONMENT=development
# Health check — agents expose a simple /health endpoint
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Use dumb-init to handle signals correctly (PID 1 problem)
ENTRYPOINT ["dumb-init", "--"]
# Default command — runs the agent service
CMD ["python", "-m", "agents.agent_service"]