-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathDockerfile.importer
More file actions
39 lines (32 loc) · 1.38 KB
/
Dockerfile.importer
File metadata and controls
39 lines (32 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
FROM python:3.13-slim
WORKDIR /app
# SECURITY: CVE-2025-58050 mitigation - PCRE2 heap buffer overflow
# SECURITY: CVE-2025-7709 mitigation - SQLite3 vulnerability
# TODO: Remove explicit upgrades when base image includes patched versions
RUN apt-get update && \
(apt-get install -y --only-upgrade libpcre2-8-0 2>/dev/null || \
echo "Warning: PCRE2 10.46+ not yet available") && \
(apt-get install -y --only-upgrade libsqlite3-0 sqlite3 2>/dev/null || \
echo "Warning: SQLite3 patch not yet available") && \
apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
# Install dependencies directly (avoids file path issues with global npm installs)
RUN pip install --no-cache-dir \
qdrant-client==1.15.0 \
openai==1.97.1 \
mcp-server-qdrant==0.8.0 \
backoff==2.2.1 \
tqdm==4.67.1 \
humanize==4.12.3 \
fastembed==0.7.1 \
voyageai==0.3.4 \
tenacity==9.1.2
# Copy src and shared modules into the image for npm package compatibility
# This ensures code is available even without volume mounts
COPY src/ /app/src/
COPY shared/ /app/shared/
# Set PYTHONPATH for proper module imports
ENV PYTHONPATH=/app
# Note: Volume mounts in docker-compose.yaml will override these files in local development
# This provides compatibility for both local development and global npm installs
# Default command (can be overridden by docker-compose)
CMD ["python", "--version"]