From 74d04bc98a5c73bb5eeae96bc174f90c13f703e6 Mon Sep 17 00:00:00 2001
From: Verum <whyverum@gmail.com>
Date: Sat, 7 Mar 2026 01:30:03 +0700
Subject: [PATCH] =?UTF-8?q?=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=BD=D0=B8?=
 =?UTF-8?q?=D0=B5=20Docker=20=D0=BA=D0=BE=D0=BD=D1=82=D0=B5=D0=B9=D0=BD?=
 =?UTF-8?q?=D0=B5=D1=80=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..280cc98
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,74 @@
+# syntax=docker/dockerfile:1.7
+
+# ============================================================
+# Stage 1 — builder
+# ============================================================
+FROM python:3.13-slim AS builder
+
+# Metadata arguments (для CI/CD)
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION=dev
+
+# Python runtime оптимизация
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+# Установка uv (копируем бинарник напрямую — быстрее pip)
+COPY --from=ghcr.io/astral-sh/uv:0.10.8 /uv /uvx /bin/
+
+# Копируем только файлы зависимостей (Docker cache layer)
+COPY pyproject.toml uv.lock* ./
+
+# Установка зависимостей
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --no-dev --frozen
+
+# ============================================================
+# Stage 2 — runtime
+# ============================================================
+FROM python:3.13-slim
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION=dev
+
+WORKDIR /app
+
+# Python runtime оптимизация
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PATH="/app/.venv/bin:$PATH" \
+    PYTHONPATH="/app"
+
+# Создание non-root пользователя
+RUN groupadd -g 1000 app \
+ && useradd -u 1000 -g app -m -s /usr/sbin/nologin app
+
+# Копируем виртуальное окружение
+COPY --from=builder /app/.venv /app/.venv
+
+# Копируем код приложения
+COPY --chown=app:app . .
+
+# Создаём runtime директории
+RUN mkdir -p logs data \
+ && chown -R app:app /app
+
+USER app
+
+# OCI image metadata
+LABEL org.opencontainers.image.title="Python Application" \
+      org.opencontainers.image.description="Production Python container" \
+      org.opencontainers.image.version="${VERSION}" \
+      org.opencontainers.image.created="${BUILD_DATE}" \
+      org.opencontainers.image.revision="${VCS_REF}"
+
+# Healthcheck (опционально)
+HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
+    CMD python -c "import socket; s=socket.socket(); s.connect(('127.0.0.1',8000)); s.close()" || exit 1
+
+# Default command
+CMD ["python", "main.py"]