diff --git a/Dockerfile b/Dockerfile index 49e1fe6..fdc275f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,14 +23,27 @@ FROM python:3.11-slim ARG BASTION_URL="https://bastion.3prism.ai" ARG HOST_ARCH="amd64" -# 1. Install System Dependencies & Node.js (for runtime) -# We need Node.js to run the Next.js production server (npm start) +# 1. Install System Dependencies & Node.js 20 (for runtime) +# We need Node.js 20 to run the Next.js production server (npm start) # curl is needed for health check # WeasyPrint dependencies for PDF export + +# First install ca-certificates and curl (needed for NodeSource setup) RUN apt-get update && apt-get install -y \ + ca-certificates \ curl \ - nodejs \ - npm \ + && rm -rf /var/lib/apt/lists/* + +# Then install Node.js from NodeSource +RUN install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" > /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* + +# Finally install WeasyPrint dependencies +RUN apt-get update && apt-get install -y \ libpango-1.0-0 \ libharfbuzz0b \ libpangoft2-1.0-0 \ @@ -46,10 +59,14 @@ RUN python -m venv /app/.venv && \ # 3. Bake in Portwarden Client (The "Tunnel") # This runs during build time to download the binary into the image -# 使用 -k 跳过 SSL 证书验证(bastion.3prism.ai 证书过期) -RUN echo "Downloading Portwarden Client from: ${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" && \ - curl -fsSLk "${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" -o /usr/local/bin/portwardenc && \ - chmod +x /usr/local/bin/portwardenc +# 使用 p12 证书进行身份验证,-k 跳过服务器证书验证 +COPY bastian/lyman.p12 /tmp/lyman.p12 +COPY bastian/key.md /tmp/key.md +RUN openssl pkcs12 -in /tmp/lyman.p12 -out /tmp/client.pem -nodes -passin pass:$(cat /tmp/key.md) && \ + echo "Downloading Portwarden Client from: ${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" && \ + curl -fsSLk --cert /tmp/client.pem "${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" -o /usr/local/bin/portwardenc && \ + chmod +x /usr/local/bin/portwardenc && \ + rm -f /tmp/lyman.p12 /tmp/key.md /tmp/client.pem # 4. Copy Frontend Build Artifacts # We need package.json to run 'npm start' @@ -57,8 +74,10 @@ COPY frontend/package*.json ./frontend/ # Copy the built .next folder and public assets COPY --from=frontend-builder /app/frontend/.next ./frontend/.next COPY --from=frontend-builder /app/frontend/public ./frontend/public -# 复制 node_modules 而不是重新安装(避免网络超时问题) -COPY --from=frontend-builder /app/frontend/node_modules ./frontend/node_modules/ +# Install production dependencies only (reduces image size) +WORKDIR /app/frontend +RUN npm ci --only=production +WORKDIR /app # 5. Copy Backend & Application Code WORKDIR /app @@ -81,9 +100,9 @@ ENV NEXT_TELEMETRY_DISABLED=1 EXPOSE 3001 8000 # Health Check -# 检查后端健康状态,前端通过后端代理访问 -HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ - CMD curl -f http://localhost:8000/health || exit 1 +# 检查后端和前端健康状态 +HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ + CMD curl -f http://localhost:8000/health && curl -f http://localhost:3001 || exit 1 # Entrypoint: Portwarden tunnel client ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/requirements.txt b/requirements.txt index 0acc0c5..1fdd456 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,55 +1,57 @@ # ============================================ # FA3 生产环境依赖 +# 版本已固定,确保构建一致性 +# 更新日期: 2026-01-21 # ============================================ # -------------------------------------------- # Web 框架 # -------------------------------------------- -fastapi -uvicorn[standard] +fastapi==0.128.0 +uvicorn[standard]==0.40.0 # -------------------------------------------- # 数据库 # -------------------------------------------- -sqlalchemy -asyncpg -psycopg2-binary +sqlalchemy==2.0.45 +asyncpg==0.30.0 +psycopg2-binary==2.9.9 # -------------------------------------------- # 数据处理 # -------------------------------------------- -pandas -numpy +pandas==2.3.3 +numpy==2.4.0 # -------------------------------------------- # HTTP 客户端 # -------------------------------------------- -requests -httpx +requests==2.32.3 +httpx==0.28.1 # -------------------------------------------- # 配置与环境 # -------------------------------------------- -python-dotenv -PyYAML +python-dotenv==1.0.1 +PyYAML==6.0.2 # -------------------------------------------- -# AI 服务 +# AI 服务 (Google Gemini SDK) # -------------------------------------------- -google-genai +google-genai==1.2.0 # -------------------------------------------- # 文档处理 # -------------------------------------------- -markdown -weasyprint +markdown==3.7 +weasyprint==62.3 # -------------------------------------------- # 数据验证 # -------------------------------------------- -pydantic +pydantic==2.12.5 # -------------------------------------------- # 金融数据源 # -------------------------------------------- -tushare +tushare==1.4.24