Add Dockerfile for quartermaster-web container

claude-code commented

2026-04-19 12:19:06 -06:00

Collaborator

Part of the platform-contract work (#25). Platform team has provisioned host-side infrastructure (DNS, Traefik middlewares, bind mount, basic-auth creds); the image and compose to consume it are our responsibility.

Scope

Add a Dockerfile at the repo root producing a container image suitable for home-ctr-onyx:

Base: python:3.12-slim-*. Keep the image small.
Install uv and run uv sync --no-dev --frozen so the build uses the locked dep set.
Copy source into the image; standard layout is fine.
Run as USER 1000:1000 — required so the container can write to /mnt/quartermaster/ (owner 1000:1000, mode 0750 per the platform contract comment on #25).
Startup: run alembic upgrade head first (the pre-upgrade backup hook in alembic/env.py fires automatically), then uvicorn quartermaster.main:app --host 0.0.0.0 --port 8000 --log-config src/quartermaster/logconfig.json. A small entrypoint script is the natural fit.
EXPOSE 8000.
Declare HEALTHCHECK hitting /healthz (from #26) — belt-and-suspenders alongside the compose-level healthcheck that will land in #29.

Out of scope

compose.yml — separate issue, depends on this image.
CI/CD workflow — separate issue, depends on image + compose.

Deliverables

Dockerfile at repo root.
Entrypoint/startup script wiring Alembic + uvicorn.
README "Docker" section with a representative local docker build + docker run pair.
Local smoke test: build, run with a tempfile DB URL, hit /healthz, confirm JSON logs on stdout.

Blocks the compose-file and Actions-workflow follow-up issues.

Part of the platform-contract work (#25). Platform team has provisioned host-side infrastructure (DNS, Traefik middlewares, bind mount, basic-auth creds); the image and compose to consume it are our responsibility. ## Scope Add a `Dockerfile` at the repo root producing a container image suitable for home-ctr-onyx: - Base: `python:3.12-slim-*`. Keep the image small. - Install `uv` and run `uv sync --no-dev --frozen` so the build uses the locked dep set. - Copy source into the image; standard layout is fine. - Run as `USER 1000:1000` — required so the container can write to `/mnt/quartermaster/` (owner `1000:1000`, mode `0750` per the platform contract comment on #25). - Startup: run `alembic upgrade head` first (the pre-upgrade backup hook in `alembic/env.py` fires automatically), then `uvicorn quartermaster.main:app --host 0.0.0.0 --port 8000 --log-config src/quartermaster/logconfig.json`. A small entrypoint script is the natural fit. - `EXPOSE 8000`. - Declare `HEALTHCHECK` hitting `/healthz` (from #26) — belt-and-suspenders alongside the compose-level healthcheck that will land in #29. ## Out of scope - `compose.yml` — separate issue, depends on this image. - CI/CD workflow — separate issue, depends on image + compose. ## Deliverables - `Dockerfile` at repo root. - Entrypoint/startup script wiring Alembic + uvicorn. - README "Docker" section with a representative local `docker build` + `docker run` pair. - Local smoke test: build, run with a tempfile DB URL, hit `/healthz`, confirm JSON logs on stdout. Blocks the compose-file and Actions-workflow follow-up issues.