d81fc04b8f
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
- ApiKey model (SHA-256 hash, prefix, scopes, expiry) + Alembic migration (b040ent) - SsoConfig model for SAML 2.0 IdP settings (attribute mapping, auto-provision) - API key auth integrated into get_current_user (aegis_ prefix detection) - Routers: /api/v1/api-keys (full CRUD + revoke) and /api/v1/sso (metadata, login, callback, config) - python3-saml added to requirements; Dockerfile adds libxmlsec1-dev for SAML XML signing - QA script: 52 assertions covering key lifecycle, API key auth, SSO config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
37 lines
785 B
Docker
37 lines
785 B
Docker
FROM python:3.11-slim
|
|
|
|
WORKDIR /app
|
|
|
|
# Install system dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
gcc \
|
|
libpq-dev \
|
|
curl \
|
|
pkg-config \
|
|
libxml2-dev \
|
|
libxmlsec1-dev \
|
|
libxmlsec1-openssl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy requirements first for better caching
|
|
COPY requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
# Copy application code
|
|
COPY . .
|
|
|
|
# Make entrypoints executable
|
|
RUN chmod +x /app/entrypoint.sh /app/entrypoint.prod.sh
|
|
|
|
# Create a non-root user and give it ownership of /app
|
|
RUN adduser --disabled-password --gecos '' --uid 1001 appuser \
|
|
&& chown -R appuser:appuser /app
|
|
|
|
USER appuser
|
|
|
|
# Expose port
|
|
EXPOSE 8000
|
|
|
|
# Default command (migrations + seed + uvicorn)
|
|
CMD ["sh", "/app/entrypoint.sh"]
|