1-27同步

Dockerfile/python/apex/apex_dockerfile

@@ -1,54 +1,45 @@
 # ===============================
 # 1) 构建依赖阶段
 # ===============================
-FROM python:3.12.9-alpine AS build
+FROM uswccr.ccs.tencentyun.com/lessie/python:3.12-slim AS build
 
 WORKDIR /app
 
-# 替换 Alpine 国内源
-RUN echo "https://mirrors.aliyun.com/alpine/v3.21/main/" > /etc/apk/repositories && \
-    echo "https://mirrors.aliyun.com/alpine/v3.21/community/" >> /etc/apk/repositories
+# 使用 uv 官方镜像中的二进制文件（不用 pip install uv ）
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uv/bin/uv
 
-# 构建依赖
-RUN apk add --no-cache \
-    gcc \
-    musl-dev \
-    libffi-dev \
-    openssl-dev \
-    curl
-
-# 安装 uv
-RUN pip install -i https://mirrors.aliyun.com/pypi/simple/ --no-cache-dir uv
-
-# uv 使用的 PyPI 镜像
-ENV UV_INDEX_URL=https://mirrors.aliyun.com/pypi/simple/
+# APT 源替换 + 安装依赖（合并为一个 RUN，最大化缓存）
+RUN set -eux; \
+    sed -i 's@deb.debian.org@mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list.d/debian.sources; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends build-essential git; \
+    rm -rf /var/lib/apt/lists/*
 
 # 拷贝依赖定义（用于缓存）
 COPY uv.lock pyproject.toml ./
 
-# 安装依赖到 .venv
-RUN uv sync --no-dev
+# 使用 uv 安装依赖（--frozen 确保锁定版本）
+RUN /uv/bin/uv sync --frozen --no-dev --no-install-project
 
 # ===============================
 # 2) 运行阶段
 # ===============================
-FROM python:3.12.9-alpine AS runtime
+FROM uswccr.ccs.tencentyun.com/lessie/python:3.12-slim AS runtime
 
 WORKDIR /app
 
-# 替换 Alpine 国内源
-RUN echo "https://mirrors.aliyun.com/alpine/v3.21/main/" > /etc/apk/repositories && \
-    echo "https://mirrors.aliyun.com/alpine/v3.21/community/" >> /etc/apk/repositories
+# 设置时区 (Debian 方式)
+RUN set -eux; \
+    sed -i 's@deb.debian.org@mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list.d/debian.sources; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends tzdata; \
+    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime; \
+    echo "Asia/Shanghai" > /etc/timezone; \
+    rm -rf /var/lib/apt/lists/*
 
-# 时区
-RUN apk add --no-cache tzdata && \
-    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
-    echo "Asia/Shanghai" > /etc/timezone
-
-# 拷贝 uv、虚拟环境、Python 运行库
-COPY --from=build /usr/local/bin/uv /usr/local/bin/uv
+# 拷贝 uv、虚拟环境
+COPY --from=build /uv/bin/uv /usr/local/bin/uv
 COPY --from=build /app/.venv /app/.venv
-COPY --from=build /usr/local/lib/python3.12 /usr/local/lib/python3.12
 
 # 拷贝代码
 COPY . .

Dockerfile/python/lessie-email/Dockerfile

@@ -0,0 +1,66 @@
+# ==================== 构建阶段 ====================
+FROM python:3.12-slim AS builder
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置环境变量
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    UV_SYSTEM_PYTHON=1 \
+    UV_HTTP_TIMEOUT=600 \
+    UV_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple \
+    UV_EXTRA_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple
+
+# 安装系统依赖和构建工具
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    g++ \
+    build-essential \
+    python3-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# 使用 uv 官方镜像中的二进制文件（不用 pip install uv ）
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# 复制依赖文件（利用 Docker 缓存）
+COPY pyproject.toml uv.lock ./
+
+# 安装项目依赖（不包括开发依赖，使用 frozen 锁定版本）
+RUN uv sync --frozen --no-dev
+
+# ==================== 运行阶段 ====================
+FROM python:3.12-slim AS runtime
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置环境变量
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    UV_SYSTEM_PYTHON=1 \
+    PATH="/app/.venv/bin:$PATH"
+
+# 从构建阶段复制依赖
+COPY --from=builder /app/.venv /app/.venv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# 创建非 root 用户
+RUN groupadd -r appuser && useradd -r -g appuser appuser \
+    && chown -R appuser:appuser /app
+
+# 复制项目文件
+COPY --chown=appuser:appuser . .
+
+# 切换到非 root 用户
+USER appuser
+
+# 暴露端口
+EXPOSE 8031
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD python -c "from urllib.request import urlopen; urlopen('http://localhost:8031/health', timeout=5).read()" || exit 1
+
+# 启动命令
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8031", "--workers", "1"]