-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
92 lines (71 loc) · 3.92 KB
/
Dockerfile
File metadata and controls
92 lines (71 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# SpineFrame — multi-stage container
# Default target: MCP server (for registry inspection)
# Web target: docker build --target web -t spineframe .
# docker run -p 8741:8741 -v spineframe-runs:/data/runs spineframe
# ── Stage 1: MCP server (default — used by Glama/registry inspection) ──
FROM python:3.12-slim AS mcp
WORKDIR /app
COPY pyproject.toml README.md LICENSE ./
COPY src/ src/
RUN pip install --no-cache-dir ".[mcp]"
ENTRYPOINT ["spineframe-mcp"]
CMD ["--help"]
# ── Stage 2: Full web deployment (Railway / self-hosted) ──
FROM python:3.12-slim AS base
# Avoid bytecode + buffered output
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
WORKDIR /app
# Install system deps needed by cryptography (signing) and uvicorn
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential libffi-dev \
&& rm -rf /var/lib/apt/lists/*
# Install Python package with all optional deps
COPY pyproject.toml .
COPY src/ src/
RUN pip install --no-cache-dir -e ".[all]"
# Frontend is pre-built — static assets are already in src/spineframe/web/static/
# (built by `cd src/spineframe/web/frontend && npm run build` before docker build)
# Copy example evidence data + seed script (for pre-populating demo runs)
COPY examples/ examples/
COPY deploy/seed.py deploy/seed.py
# Stage filesystem evidence for compliance demo (configs, logs)
# NOTE: /data is a Railway persistent volume mount — files there get replaced.
# Use /app/evidence so evidence survives volume mounts.
RUN mkdir -p /app/evidence/configs /app/evidence/logs && \
cp examples/compliance_evidence/configs/*.json /app/evidence/configs/ && \
cp examples/compliance_evidence/logs/*.jsonl /app/evidence/logs/
# Install Node.js 20 for MCP servers (GitHub, filesystem)
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl gnupg \
&& mkdir -p /etc/apt/keyrings \
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
| gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
&& echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" \
> /etc/apt/sources.list.d/nodesource.list \
&& apt-get update && apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
# Pre-install MCP servers so npx doesn't download at runtime
RUN npm install -g @modelcontextprotocol/server-github @modelcontextprotocol/server-filesystem
# Bundle default minimal provider config (dummy model, stub search)
# Override at runtime by mounting a real config or setting SPINEFRAME_CONFIG
RUN mkdir -p /app/config
COPY examples/providers_minimal.json /app/config/providers.json
# Default runs directory (Railway/Fly.io: use /data/runs; override via env)
ENV SPINEFRAME_RUNS_DIR=/data/runs
# Default provider config path (mount or override at runtime)
ENV SPINEFRAME_CONFIG=/app/config/providers.json
# CORS origins for split deployment (Cloudflare Pages + VPS backend)
# Set to your Cloudflare Pages URL, e.g.: https://spineframe.pages.dev
ENV CORS_ORIGINS=""
# Expose the web server port
EXPOSE 8741
# Health check
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD python -c "import os,urllib.request; urllib.request.urlopen(f'http://localhost:{os.environ.get(\"PORT\",8741)}/api/health')" || exit 1
# Entrypoint: run the web server
# Override SPINEFRAME_CONFIG to point to your providers.json
# Override SPINEFRAME_RUNS_DIR to change the runs directory
# PORT env: Railway/Fly.io set this automatically; defaults to 8741
ENV PORT=8741
# If SPINEFRAME_PROVIDER_JSON is set, write it to the config file (overrides baked-in default)
CMD ["sh", "-c", "[ -n \"$SPINEFRAME_PROVIDER_JSON\" ] && echo \"$SPINEFRAME_PROVIDER_JSON\" > ${SPINEFRAME_CONFIG}; spineframe web --host 0.0.0.0 --port ${PORT} --runs-dir ${SPINEFRAME_RUNS_DIR} --config ${SPINEFRAME_CONFIG} --no-open ${CORS_ORIGINS:+--cors-origins $CORS_ORIGINS}"]