broker-sync/Dockerfile

FROM python:3.12-slim AS builder

ENV POETRY_VERSION=1.8.4 \
    POETRY_VIRTUALENVS_IN_PROJECT=true \
    PIP_NO_CACHE_DIR=1

# `pip install` puts poetry on PATH (/usr/local/bin/poetry) — don't bother
# with POETRY_HOME indirection.
RUN pip install --no-cache-dir "poetry==${POETRY_VERSION}"

WORKDIR /app
COPY pyproject.toml poetry.lock ./
RUN poetry install --only main --no-root

COPY broker_sync ./broker_sync
RUN poetry install --only main


FROM python:3.12-slim

WORKDIR /app

RUN useradd --system --uid 10001 --home /app --shell /usr/sbin/nologin broker && \
    mkdir -p /data && chown -R broker:broker /data

COPY --from=builder --chown=broker:broker /app /app

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONUNBUFFERED=1

USER broker
ENTRYPOINT ["broker-sync"]
CMD ["version"]