-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathDockerfile.worker-cpu-only
More file actions
121 lines (99 loc) · 3.88 KB
/
Dockerfile.worker-cpu-only
File metadata and controls
121 lines (99 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# VLog Remote Transcoding Worker (CPU-only)
# Containerized worker for distributed video transcoding
#
# Build: docker build -f Dockerfile.worker-cpu-only -t vlog-worker --build-arg CODE_VERSION=$(git rev-parse --short HEAD) .
# Run: docker run -e VLOG_WORKER_API_KEY=<key> -e VLOG_WORKER_API_URL=http://host:9002 vlog-worker
# Pin base image version for reproducible builds
# python:3.12-slim-bookworm is Debian Bookworm (12) based
ARG PYTHON_VERSION=3.12-slim-bookworm
# Code version for worker compatibility checking
# Set this during build: docker build --build-arg CODE_VERSION=$(git rev-parse --short HEAD) ...
ARG CODE_VERSION=dev
ARG BUILD_TIMESTAMP=""
# =============================================================================
# Stage 1: Builder - Install Python dependencies
# =============================================================================
FROM python:${PYTHON_VERSION} AS builder
# Install build dependencies for packages with C extensions (argon2-cffi)
# These are only needed in the builder stage, not runtime
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc \
libffi-dev \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /build
# Copy package files for dependency installation
COPY pyproject.toml ./
# Install Python dependencies to a specific location for copying
RUN pip install --no-cache-dir --prefix=/install \
fastapi>=0.100.0 \
uvicorn>=0.23.0 \
python-multipart>=0.0.6 \
asyncpg>=0.29.0 \
"databases[postgresql]>=0.8.0" \
psycopg2-binary>=2.9.0 \
sqlalchemy>=2.0.0 \
alembic>=1.13.0 \
python-slugify>=8.0.0 \
aiofiles>=23.0.0 \
httpx>=0.25.0 \
watchdog>=3.0.0 \
slowapi>=0.1.9 \
limits>=3.0.0
# Copy source code and install the package
COPY config.py ./
COPY code_version.py ./
COPY api/ api/
COPY worker/ worker/
COPY cli/ cli/
RUN pip install --no-cache-dir --prefix=/install .
# =============================================================================
# Stage 2: Runtime - Minimal production image
# =============================================================================
FROM python:${PYTHON_VERSION} AS runtime
# Install FFmpeg and curl (for health checks)
RUN apt-get update && apt-get install -y --no-install-recommends \
ffmpeg \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user for security
RUN useradd -m -u 1000 -s /bin/bash vlog
WORKDIR /app
# Copy installed Python packages from builder
COPY --from=builder /install /usr/local
# Ensure security-patched packages are at correct versions
RUN pip install --no-cache-dir --upgrade \
"filelock>=3.20.3" \
"jaraco-context>=6.1.0" \
"wheel>=0.46.2"
# Copy source code
COPY --chown=vlog:vlog pyproject.toml ./
COPY --chown=vlog:vlog config.py ./
COPY --chown=vlog:vlog code_version.py ./
COPY --chown=vlog:vlog api/ api/
COPY --chown=vlog:vlog worker/ worker/
COPY --chown=vlog:vlog cli/ cli/
# Re-declare build args for use in this stage (args don't persist across stages)
ARG CODE_VERSION=dev
ARG BUILD_TIMESTAMP=""
# Switch to non-root user
USER vlog
# Create work directory
RUN mkdir -p /tmp/vlog-worker
# Environment variables with defaults
# VLOG_CODE_VERSION and VLOG_BUILD_TIMESTAMP are used for worker compatibility checking
ENV VLOG_WORKER_API_URL=http://vlog-worker-api:9002 \
VLOG_WORKER_WORK_DIR=/tmp/vlog-worker \
VLOG_WORKER_HEARTBEAT_INTERVAL=30 \
VLOG_WORKER_POLL_INTERVAL=10 \
VLOG_CODE_VERSION=${CODE_VERSION} \
VLOG_BUILD_TIMESTAMP=${BUILD_TIMESTAMP} \
PYTHONUNBUFFERED=1
# Health check - verify worker's health server is responding
# The worker exposes /health on port 8080 which verifies:
# - Worker process is alive
# - API connection is working
# - FFmpeg is available
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1
# Run the remote transcoder
CMD ["python", "-m", "worker.remote_transcoder"]