forked from basher83/Zammad-MCP
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
92 lines (68 loc) · 3.34 KB
/
Dockerfile
File metadata and controls
92 lines (68 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# syntax=docker/dockerfile:1@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769
# Build stage
# Pin to specific digest for reproducibility and security
# python:3.13-slim as of 2025-01-09
FROM python:3.13-slim@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS builder
WORKDIR /app
# Install uv
COPY --from=ghcr.io/astral-sh/uv:latest@sha256:240fb85ab0f263ef12f492d8476aa3a2e4e1e333f7d67fbdd923d00a506a516a /uv /uvx /usr/local/bin/
# Copy only dependency files first for better layer caching
# This ensures dependency installation is only re-run when these files change
COPY pyproject.toml uv.lock ./
# Create minimal README.md to satisfy hatchling build requirements
# Using a placeholder prevents cache invalidation when the actual README changes
# The actual README is not needed during the build process
RUN echo "# mcp-zammad\nPlaceholder for build process" > README.md
# Install dependencies with cache mounts for faster rebuilds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev
# Build and install the package
COPY mcp_zammad/ ./mcp_zammad/
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/uv \
uv pip install --python /app/.venv/bin/python -e .
# Production stage
FROM python:3.13-slim@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS production
# Create non-root user for security
RUN groupadd -r appuser && useradd -r -g appuser appuser
WORKDIR /app
# Copy only the virtual environment from builder (no need for uv in production)
COPY --from=builder /app/.venv /app/.venv
# Add virtual environment to PATH
ENV PATH="/app/.venv/bin:${PATH}"
# Copy source code and installed package from builder
COPY --from=builder /app/mcp_zammad /app/mcp_zammad
# Change ownership to non-root user
RUN chown -R appuser:appuser /app
USER appuser
# Add labels for GitHub Container Registry
LABEL org.opencontainers.image.source="https://github.com/basher83/Zammad-MCP"
LABEL org.opencontainers.image.description="Model Context Protocol server for Zammad ticket system integration"
LABEL org.opencontainers.image.licenses="AGPL-3.0-or-later"
# IMPORTANT: MCP servers communicate via stdio (stdin/stdout), NOT network ports
# The EXPOSE directive below is ONLY for Docker metadata/documentation
# This server does NOT listen on any network ports - it reads from stdin and writes to stdout
# If you need network access, you would need to wrap the MCP server with an HTTP proxy
# EXPOSE 8080
# Run the MCP server
CMD ["mcp-zammad"]
# Development stage
FROM production AS development
# Switch to root temporarily for installation
USER root
# Install uv for development
COPY --from=ghcr.io/astral-sh/uv:latest@sha256:240fb85ab0f263ef12f492d8476aa3a2e4e1e333f7d67fbdd923d00a506a516a /uv /uvx /usr/local/bin/
# Copy dependency files needed for dev sync
COPY pyproject.toml uv.lock ./
# Create README.md for hatchling build requirements (same as builder stage)
RUN echo "# mcp-zammad\nPlaceholder for build process" > README.md
# Install dev dependencies with cache mounts
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/uv \
uv sync --dev --frozen && \
chown -R appuser:appuser /app
# Switch back to appuser
USER appuser
# Enable hot reload for development
ENV PYTHONUNBUFFERED=1