curo1305
00466a9801
Introduces a manifest contract so feature containers self-describe their settings (JSON Schema + access rules). Backend and frontend gain generic plugin proxy and dynamic Extensions UI with zero feature-specific code. Doc-service is the first plugin consumer: exposes /plugin/manifest and /plugin/settings, adds a watchdog-based file watcher that auto-ingests PDFs from a mounted directory, maps subfolders to categories, supports AI-suggested folder/filename (user-confirmed), and enforces a no-remove policy. Access is gated by is_superuser or doc-service-admin group. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
35 lines
1.2 KiB
Docker
35 lines
1.2 KiB
Docker
# ── Stage 1: dependency installation ─────────────────────────────────────────
|
|
FROM python:3.12-slim AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
RUN pip install --upgrade pip
|
|
|
|
COPY pyproject.toml .
|
|
RUN pip install --prefix=/install .
|
|
|
|
# ── Stage 2: runtime ──────────────────────────────────────────────────────────
|
|
FROM python:3.12-slim
|
|
|
|
# Create non-root user (UID/GID 1001)
|
|
RUN groupadd --gid 1001 appuser && \
|
|
useradd --uid 1001 --gid 1001 --no-create-home --shell /bin/sh appuser
|
|
|
|
# Pre-create data and config dirs with correct ownership.
|
|
# Named volumes mounted over these paths will inherit ownership on first creation.
|
|
RUN mkdir -p /data/documents /data/watch /config && chown -R appuser:appuser /data /config
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=builder /install /usr/local
|
|
COPY --chown=appuser:appuser app ./app
|
|
COPY --chown=appuser:appuser alembic ./alembic
|
|
COPY --chown=appuser:appuser alembic.ini .
|
|
COPY --chown=appuser:appuser scripts ./scripts
|
|
|
|
USER appuser
|
|
|
|
EXPOSE 8001
|
|
|
|
CMD ["sh", "scripts/start.sh"]
|