Update containerization (#10)

This PR:

* Updates the Docker containerization to use our tooling (UV and Python 3.13).
* Updates the Dockerfile to use build stages.
* Adds Compose Watch support to the docker containerization, which enables seamless containerized DX.

Author: SaschaCowley

.Dockerignore

@@ -0,0 +1,16 @@
+# Git
+.git
+.gitignore
+# Python
+.venv/
+__pycache__/
+# Temporary unit testing artefacts
+_trial_temp/
+.coverage
+*.py,cover
+# Docker
+.Dockerignore
+Dockerfile
+compose.yml
+# Documentation
+readme.md

.dockerignore

@@ -1,27 +1,35 @@
-FROM ubuntu:focal
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get -y update && apt-get -y upgrade
-
-RUN apt-get install -y -q tini curl python3 python3-pip
-
-ENV PYTHONDONTWRITEBYTECODE 1
-
-ENV PYTHONUNBUFFERED 1
-
-WORKDIR /usr/src/app
-
-ADD requirements.txt /usr/src/app
-
-RUN pip3 install --no-cache-dir -r requirements.txt
-
-ADD . /usr/src/app
-
-RUN useradd remote
-
-USER remote
-
-EXPOSE 6837
-
-ENTRYPOINT ["tini", "--", "python3", "server.py", "--certificate=certificate/cert", "--privkey=certificate/key", "--chain=certificate/chain"]
+FROM ghcr.io/astral-sh/uv:0.8.2-python3.13-alpine
+
+# We need to set this here even though it is default,
+# because if watch is enabled, this part of the Dockerfile may be re-run as remoteUser
+# which doesn't have the necessary permissions to update bind mounts.
+USER root
+
+# Increases performance, but slows down start-up time
+ENV UV_COMPILE_BYTECODE=1
+# Keeps Python from buffering stdout and stderr
+# to avoid situations where the application crashes without emitting any logs due to buffering.
+ENV PYTHONUNBUFFERED=1
+# Copy from the cache instead of linking since it's a mounted volume
+ENV UV_LINK_MODE=copy
+
+WORKDIR /app
+
+# Install dependencies
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --locked --no-install-project --no-dev
+
+# Copy over the server
+COPY . /app
+
+# Make sure everything is synched
+RUN --mount=type=cache,target=/root/.cache/uv \ 
+    uv sync --locked
+
+RUN addgroup -S remotegroup && adduser -S remoteuser -G remotegroup
+USER remoteuser
+EXPOSE 6837
+# Run the server
+CMD ["uv", "run", "server.py"]

Dockerfile

@@ -0,0 +1,15 @@
+services:
+  remote_server:
+    build: .
+    ports:
+      - "6837:6837"
+    develop:
+      watch:
+        # Restart whenever code changes are detected
+        - action: sync+restart
+          path: .
+          target: /app
+          ignore:
+            - .venv
+        - action: rebuild
+          path: ./uv.lock

compose.yml

@@ -3,7 +3,7 @@ name = "remote-server"
 version = "0.1.0"
 description = "NVDA Remote Access remote relay server."
 readme = "README.md"
-requires-python = "~=3.13"
+requires-python = "~=3.13.0"
 dependencies = [
     "pyopenssl~=25.1",
     "service-identity~=24.2",

docker-compose.yml

@@ -1,33 +1,38 @@
-# NVDA Remote Server Relay
-
-This is a simple server used to relay connections for [NVDA Remote](https://nvdaremote.com)
-
-## Basic Usage
-
-This is currently only tested on Linux.
-
-1. [Install uv](https://docs.astral.sh/uv/getting-started/installation/)
-2. Obtain your TLS certificates.
-    - By default, the server looks for the certificate at `./cert`, the private key at `./privkey`, and the chain of trust at `./chain`.
-    - TBD - update documentation on this/remove this feature in favour of using the web server to handle TLS
-3. run the server with `uv run server.py`.
-
-## Development
-
-This project uses [pre-commit](https://pre-commit.com/) hooks to help ensure code quality.
-These run automatically on pull requests, however it is still recommended to set them up locally.
-
-
-```sh
-uvx pre-commit install
-```
-
-## Docker
-
-```sh
-docker-compose up --build
-```
-
-
-This will expose the server on port 6837, the default.
-You must create a folder called certificate along-side the docker-compose.yml which contains the certificate, private key, and root chain named as cert, key, and chain respectively.
+# NVDA Remote Server Relay
+
+This is a simple server used to relay connections for [NVDA Remote](https://nvdaremote.com)
+
+## Basic Usage
+
+This is currently only tested on Linux.
+
+1. [Install uv](https://docs.astral.sh/uv/getting-started/installation/)
+2. Obtain your TLS certificates.
+    - By default, the server looks for the certificate at `./cert`, the private key at `./privkey`, and the chain of trust at `./chain`.
+    - TBD - update documentation on this/remove this feature in favour of using the web server to handle TLS
+3. run the server with `uv run server.py`.
+
+## Development
+
+This project uses [pre-commit](https://pre-commit.com/) hooks to help ensure code quality.
+These run automatically on pull requests, however it is still recommended to set them up locally.
+
+```sh
+uvx pre-commit install
+```
+
+## Docker
+
+To run in Docker, use `docker compose`:
+
+```sh
+docker compose up
+```
+
+This will expose the server on port 6837, the default.
+
+The project is pre-configured to support [Compose Watch](https://docs.docker.com/compose/how-tos/file-watch) to make developing in Docker easier.
+To enable Watch, either press `w` when `docker compose up` has completed building and starting the container; or run `docker compose watch` to avoid mixing the application and Compose Watch logs.
+
+* Changes will be synchronised and the server restarted whenever the code changes.
+* Changes will be synchronised and the image rebuilt whenever dependencies change.