From cee64faaa808cafe0eaccee9b41d30b1cc836ae1 Mon Sep 17 00:00:00 2001
From: Marco Lucarelli <marco.lucarelli@abacus.ch>
Date: Fri, 30 Jan 2026 14:08:31 +0100
Subject: [PATCH] rewrite Dockerfile

---
 python/redfish-api/Dockerfile | 43 +++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/python/redfish-api/Dockerfile b/python/redfish-api/Dockerfile
index 2b30ed6..c21a574 100644
--- a/python/redfish-api/Dockerfile
+++ b/python/redfish-api/Dockerfile
@@ -1,13 +1,36 @@
-FROM python:3
+# syntax=docker/dockerfile:1.7
+FROM python:3.12-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
+
+# Setup a non-root user
+RUN groupadd --system --gid 999 nonroot \
+ && useradd --system --gid 999 --uid 999 --create-home nonroot
+
+WORKDIR /app
+
+RUN chown nonroot:nonroot /app
+
+# Enable bytecode compilation
+ENV UV_COMPILE_BYTECODE=1
+
+# Copy from the cache instead of linking since it's a mounted volume
+ENV UV_LINK_MODE=copy
+
+# Then, add the rest of the project source code and install it
+# Installing separately from its dependencies allows optimal layer caching
+
+# Use the non-root user to run our application
+USER nonroot
+
+COPY --chown=nonroot:nonroot . /app/
+RUN uv sync --locked
+# Place executables in the environment at the front of the path
+ENV PATH="/app/.venv/bin:$PATH"
+
+# Reset the entrypoint, don't invoke `uv`
+ENTRYPOINT []
+
 
 EXPOSE 8000
 
-WORKDIR /usr/src/app
-
-COPY requirements.txt ./
-RUN pip install --no-cache-dir -r requirements.txt
-
-COPY redfish_exporter.py .
-COPY config.yaml .
-
-CMD [ "python", "./redfish_exporter.py" ]
+CMD [ "python", "main.py" ]