Dockerfile

# ============================================
# Base stage for shared configuration
# ============================================
FROM python:3.10-slim-bookworm AS base

# Configure build environment with optimized settings
ENV NODE_OPTIONS="--max_old_space_size=4096" \
    NEXT_TELEMETRY_DISABLED=1 \
    NODE_ENV=production \
    PYTHONDONTWRITEBYTECODE=1 \
    TZ=UTC \
    STORAGE_DIR=/storage \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

# Install base system dependencies
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        tzdata \
        git \
        curl \
        redis-server \
        build-essential \
        gcc \
        g++ \
        libc-dev \
        libffi-dev \
        libgmp-dev \
        libmpfr-dev \
        libmpc-dev \
        libssl-dev \
        make \
        pkg-config && \
    rm -f /etc/localtime && \
    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
    echo $TZ > /etc/timezone && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Split package installation into smaller chunks
RUN pip install --no-cache-dir \
    gunicorn gevent grpcio pydantic-settings protobuf grpcio-tools && \
    pip install --no-cache-dir \
    flask flask-cors Flask-SQLAlchemy==3.1.1 Flask-Migrate==4.0.7 && \
    pip install --no-cache-dir \
    flask-login flask-restful flask-limiter flask-caching flask-jwt-extended flask-socketio && \
    pip install --no-cache-dir \
    PyYAML celery redis psycopg2-binary sqlalchemy alembic

# Install ML-related packages separately
RUN pip install --no-cache-dir \
    numpy pandas scikit-learn scipy && \
    pip install --no-cache-dir \
    torch --index-url https://download.pytorch.org/whl/cpu && \
    pip install --no-cache-dir \
    tensorflow-cpu

# Install AI service packages
RUN pip install --no-cache-dir \
    openai==1.14.0 anthropic==0.23.1 cohere==4.43 && \
    pip install --no-cache-dir \
    langchain langchain-community langchain-core langchain-openai

# Install NLTK and download required data
RUN pip install --no-cache-dir nltk && \
    python -m nltk.downloader punkt averaged_perceptron_tagger

# ============================================
# Web builder stage - optimized
# ============================================
FROM base AS web-builder

# Install Node.js and build tools
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
    apt-get update && \
    apt-get install -y nodejs && \
    npm install -g yarn

WORKDIR /app

# Copy web directory first
COPY web/ web/

WORKDIR /app/web

# Install dependencies and build
RUN yarn install --frozen-lockfile && \
    yarn add --dev autoprefixer postcss tailwindcss code-inspector-plugin && \
    NEXT_TELEMETRY_DISABLED=1 yarn build && \
    mkdir -p .next/standalone && \
    cp -r .next/static .next/standalone/.next/ && \
    cp -r public .next/standalone/ && \
    yarn cache clean

# ============================================
# Python builder stage - optimized
# ============================================
FROM base AS python-builder

WORKDIR /app

# Copy api directory
COPY api/ api/

WORKDIR /app/api

# Install core dependencies first
RUN pip install --no-cache-dir poetry==1.8.3 && \
    poetry config virtualenvs.create false && \
    poetry install --no-dev --no-interaction --no-ansi

# ============================================
# Final stage - minimal runtime
# ============================================
FROM base

# Create non-root user and storage directory
RUN apt-get update && \
    useradd -m -u 1000 user && \
    mkdir -p /storage/files /storage/cache /storage/logs && \
    chown -R user:user /storage && \
    mkdir -p /app/api && \
    chown -R user:user /app

# Install runtime dependencies with proper repository update
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        build-essential \
        nodejs \
        npm \
        libgmp-dev \
        libmpfr-dev \
        libmpc-dev \
        libssl-dev \
        postgresql-client \
        redis-tools && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    pip install --no-cache-dir \
        gunicorn \
        gevent \
        grpcio \
        pydantic-settings \
        protobuf \
        grpcio-tools \
        flask \
        flask-cors \
        Flask-SQLAlchemy==3.1.1 \
        Flask-Migrate==4.0.7 \
        flask-login \
        flask-restful \
        flask-limiter \
        flask-caching \
        flask-jwt-extended \
        flask-socketio \
        PyYAML \
        celery \
        redis \
        psycopg2-binary \
        sqlalchemy \
        alembic \
        pyjwt \
        requests \
        numpy \
        pandas \
        python-dotenv \
        pycryptodome \
        cryptography \
        bcrypt \
        python-jose[cryptography] \
        passlib \
        python-multipart \
        gmpy2 \
        transformers \
        torch \
        tensorflow \
        sentencepiece \
        tokenizers \
        nltk \
        openai==1.14.0 \
        anthropic==0.23.1 \
        flask-migrate==4.0.5 \
        Pillow \
        opencv-python-headless \
        scikit-learn \
        scipy \
        google-cloud-aiplatform \
        google-generativeai \
        vertexai \
        google-cloud-core \
        google-api-core \
        yarl \
        aiohttp \
        tritonclient[all] \
        cohere==4.43 \
        anthropic \
        replicate \
        aleph-alpha-client \
        stability-sdk \
        huggingface_hub \
        langchain \
        langchain-community \
        langchain-core \
        langchain-openai \
        openai==1.14.0 \
        Flask-Migrate==4.0.7 \
        Flask-SQLAlchemy==3.1.1 && \
    python -m nltk.downloader punkt averaged_perceptron_tagger

# Set up directory structure
WORKDIR /app
RUN mkdir -p api web && chown -R user:user /app

# Copy Python environment and files
COPY --from=python-builder --chown=user /usr/local/lib/python3.10/site-packages /usr/local/lib/python3.10/site-packages
COPY --chown=user api/ /app/api/

# Copy Next.js files with explicit directory creation
RUN mkdir -p /app/web/.next/standalone /app/web/.next/static
COPY --from=web-builder --chown=user /app/web/.next/standalone /app/web/.next/standalone
COPY --from=web-builder --chown=user /app/web/.next/static /app/web/.next/static
COPY --from=web-builder --chown=user /app/web/public /app/web/public

# Set environment variables for HF Spaces compatibility
ENV FLASK_APP=app.py \
    EDITION=SELF_HOSTED \
    DEPLOY_ENV=PRODUCTION \
    PYTHONPATH=/app/api \
    PATH="/usr/local/bin:${PATH}" \
    STORAGE_DIR=/storage \
    # Database configuration - match docker-compose.yaml
    DB_USERNAME=postgres \
    DB_PASSWORD=difyai123456 \
    DB_HOST=db \
    DB_PORT=5432 \
    DB_DATABASE=dify \
    SQLALCHEMY_POOL_SIZE=30 \
    SQLALCHEMY_POOL_RECYCLE=3600 \
    # Redis configuration - match docker-compose.yaml
    REDIS_HOST=redis \
    REDIS_PORT=6379 \
    REDIS_PASSWORD=difyai123456 \
    REDIS_DB=0

# Copy entrypoint script
COPY docker/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

# Switch to non-root user
USER user

# HF Spaces uses port 7860
EXPOSE 7860 3000

# Set up storage volumes
VOLUME ["/storage/files", "/storage/cache", "/storage/logs"]

WORKDIR /app
CMD ["./entrypoint.sh"]