fix: isolate usercode container

2026-03-04 13:40:19 +00:00
parent 26a7271531
commit 46e8e983f1
3 changed files with 40 additions and 16 deletions
--- a/20
+++ b/20
@@ -1,8 +1,8 @@
-FROM python:3.12-slim
+# ── Usercode: full application (gRPC server) ─────────────────────────
+FROM python:3.12-slim AS usercode

 WORKDIR /app

-# Install uv
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

 # Install dependencies before copying full source (layer caching)
@@ -12,9 +12,23 @@ RUN uv sync --frozen --no-dev 2>/dev/null || uv sync --no-dev
 # Copy application source
 COPY . .

-# Make the venv's binaries available on PATH
 ENV PATH="/app/.venv/bin:$PATH"
 ENV DAGSTER_HOME=/app/dagster_home

 RUN chmod +x /app/entrypoint.sh
 ENTRYPOINT ["/app/entrypoint.sh"]
+
+# ── Infrastructure: webserver / daemon (no user code) ────────────────
+FROM python:3.12-slim AS dagster-infra
+
+WORKDIR /app
+
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# Only the Dagster packages needed to run webserver / daemon and reach
+# the metadata store.  No application code is installed.
+RUN uv pip install --system dagster dagster-webserver dagster-postgres
+
+COPY dagster_home/ ./dagster_home/
+
+ENV DAGSTER_HOME=/app/dagster_home