-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
73 lines (59 loc) · 2.94 KB
/
Containerfile
File metadata and controls
73 lines (59 loc) · 2.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# =============================================================================
# Agent Loop — Immutable Container Image
# =============================================================================
# Multi-stage build producing a minimal production image.
# Everything that defines agent behavior (code, tools, prompts, skills, rules)
# is baked in. Only env-specific config is injected at deploy time via
# OpenShift ConfigMaps and Secrets.
#
# =============================================================================
# ---------------------------------------------------------------------------
# Stage 1: Builder — install Python dependencies
# ---------------------------------------------------------------------------
FROM registry.redhat.io/ubi9/python-311:latest AS builder
# Prevent bytecode files and enable unbuffered output during build
ENV PYTHONDONTWRITEBYTECODE=1
WORKDIR /opt/app-root/src
# Install dependencies only (layer caching: deps change less than source).
# We copy src/ here solely so setuptools can resolve the package; the actual
# source files used at runtime come from the COPY in the runtime stage.
COPY pyproject.toml .
COPY src/ src/
USER 0
RUN pip install --no-cache-dir --upgrade pip \
&& pip install --no-cache-dir .
# ---------------------------------------------------------------------------
# Stage 2: Runtime — copy only what the agent needs
# ---------------------------------------------------------------------------
FROM registry.redhat.io/ubi9/python-311:latest AS runtime
LABEL io.opencontainers.image.title="fbi-crime-analyst-agent" \
io.opencontainers.image.version="0.4.0" \
io.opencontainers.image.description="BaseAgent framework — production-ready AI agent for OpenShift" \
io.opencontainers.image.source="https://github.com/OWNER/fbi-crime-analyst-agent" \
io.opencontainers.image.vendor="Red Hat"
# Unbuffered stdout/stderr so container logs appear immediately
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1
WORKDIR /opt/app-root/src
# Bring installed packages from the builder stage
COPY --from=builder /opt/app-root/lib /opt/app-root/lib
# Copy agent artifacts — the full immutable set
COPY src/ src/
COPY tools/ tools/
COPY prompts/ prompts/
COPY skills/ skills/
COPY rules/ rules/
COPY agent.yaml agent.yaml
COPY AGENTS.md ./
# MemoryHub: /add-memory will add "COPY .memoryhub.yaml ./" here when configured.
# Ensure all copied files are readable by the non-root runtime user.
# UBI s2i images run as UID 1001 by default; group 0 (root) has read
# access by OpenShift convention.
USER 0
RUN chmod -R g=u,o=r src/ tools/ prompts/ skills/ rules/ agent.yaml \
&& find src/ tools/ prompts/ skills/ rules/ -type d -exec chmod g=u,o=rx {} +
USER 1001
# The agent serves OpenAI-compatible HTTP on port 8080 by default.
# If you switch to batch mode (see src/agent.py comments), remove this line.
EXPOSE 8080
CMD ["python", "-m", "src.agent"]