CodeReview/backend/Dockerfile

# ============================================
# 多阶段构建 - 构建阶段
# ============================================
FROM python:3.12-slim AS builder

WORKDIR /app

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# 彻底清除代理设置
ENV http_proxy=""
ENV https_proxy=""
ENV HTTP_PROXY=""
ENV HTTPS_PROXY=""
ENV all_proxy=""
ENV ALL_PROXY=""
ENV no_proxy="*"
ENV NO_PROXY="*"

# 清除 apt 代理配置并配置重试，使用阿里云镜像
RUN sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources 2>/dev/null || \
    sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list 2>/dev/null || true && \
    rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
    echo 'Acquire::http::Proxy "false";' > /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::https::Proxy "false";' >> /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::Retries "5";' >> /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::http::Timeout "60";' >> /etc/apt/apt.conf.d/99-no-proxy

# 安装构建依赖（gcc 只在构建阶段需要）
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        gcc \
        libpq-dev \
        libffi-dev \
    && rm -rf /var/lib/apt/lists/*

# 安装 uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

# 配置 uv 使用官方 PyPI（国内镜像不稳定时使用）
ENV UV_INDEX_URL=https://pypi.org/simple/

# 复制依赖文件
COPY pyproject.toml uv.lock README.md ./

# 安装 Python 依赖到虚拟环境
RUN uv sync --frozen --no-dev

# ============================================
# 多阶段构建 - 运行阶段
# ============================================
FROM python:3.12-slim AS runtime

WORKDIR /app

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# 彻底清除代理设置
ENV http_proxy=""
ENV https_proxy=""
ENV HTTP_PROXY=""
ENV HTTPS_PROXY=""
ENV all_proxy=""
ENV ALL_PROXY=""
ENV no_proxy="*"
ENV NO_PROXY="*"

# 配置使用阿里云 Debian 镜像源
RUN sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources 2>/dev/null || \
    sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list 2>/dev/null || true

# 清除 apt 代理配置
RUN rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
    echo 'Acquire::http::Proxy "false";' > /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::https::Proxy "false";' >> /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::Retries "5";' >> /etc/apt/apt.conf.d/99-no-proxy && \
    echo 'Acquire::http::Timeout "60";' >> /etc/apt/apt.conf.d/99-no-proxy

# 只安装运行时依赖（不需要 gcc）
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        libpq5 \
        curl \
        git \
        libpango-1.0-0 \
        libpangoft2-1.0-0 \
        libpangocairo-1.0-0 \
        libcairo2 \
        libgdk-pixbuf-2.0-0 \
        libglib2.0-0 \
        shared-mime-info \
        fonts-noto-cjk \
    && fc-cache -fv \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

# 从构建阶段复制虚拟环境和 uv
COPY --from=builder /app/.venv /app/.venv
COPY --from=builder /usr/local/bin/uv /usr/local/bin/uv

# 复制应用代码
COPY . .

# 创建上传目录并设置启动脚本权限
RUN mkdir -p /app/uploads/zip_files && \
    chmod +x /app/docker-entrypoint.sh

# 暴露端口
EXPOSE 8000

# 启动命令 - 使用启动脚本自动执行数据库迁移
CMD ["/app/docker-entrypoint.sh"]
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								# ============================================
 								# 多阶段构建 - 构建阶段
 								# ============================================
 								FROM python:3.12-slim AS builder
-												refactor: 重构项目结构，将前端和后端代码分离到独立目录

- 将前端代码移动到 frontend/ 目录
- 将后端代码移动到 backend/ 目录
- 更新 .gitignore 以包含 Python 和前端构建产物
- 修复 LLM JSON 解析问题，增强错误处理
- 修复前端配置默认值，改为从后端获取
- 删除 AdminDashboard 中的数据库信息和统计卡片
- 完善系统配置管理，支持从后端获取默认配置

											
										
										
											2025-11-26 21:11:12 +08:00
 								WORKDIR /app
 								ENV PYTHONDONTWRITEBYTECODE=1
 								ENV PYTHONUNBUFFERED=1
-												feat: improve Docker deployment and release workflows

- Add WeasyPrint system dependencies with Chinese font support
- Update requirements.txt with all dependencies
- Fix docker-compose.yml network configuration
- Update GitHub Actions release workflow for frontend-backend architecture
- Update release script for new project structure
- Support multi-arch Docker builds (amd64, arm64)

											
										
										
											2025-11-28 20:43:26 +08:00
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								# 彻底清除代理设置
 								ENV http_proxy=""
 								ENV https_proxy=""
 								ENV HTTP_PROXY=""
 								ENV HTTPS_PROXY=""
 								ENV all_proxy=""
 								ENV ALL_PROXY=""
 								ENV no_proxy="*"
 								ENV NO_PROXY="*"
 								# 清除 apt 代理配置并配置重试，使用阿里云镜像
 								RUN sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources 2>/dev/null || \
 								    sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list 2>/dev/null || true && \
 								    rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
 								    echo 'Acquire::http::Proxy "false";' > /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::https::Proxy "false";' >> /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::Retries "5";' >> /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::http::Timeout "60";' >> /etc/apt/apt.conf.d/99-no-proxy
 								# 安装构建依赖（gcc 只在构建阶段需要）
 								RUN apt-get update && \
 								    apt-get install -y --no-install-recommends \
-												feat: improve Docker deployment and release workflows

- Add WeasyPrint system dependencies with Chinese font support
- Update requirements.txt with all dependencies
- Fix docker-compose.yml network configuration
- Update GitHub Actions release workflow for frontend-backend architecture
- Update release script for new project structure
- Support multi-arch Docker builds (amd64, arm64)

											
										
										
											2025-11-28 20:43:26 +08:00
+								        gcc \
 								        libpq-dev \
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								        libffi-dev \
 								    && rm -rf /var/lib/apt/lists/*
 								# 安装 uv
 								COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
 								# 配置 uv 使用官方 PyPI（国内镜像不稳定时使用）
 								ENV UV_INDEX_URL=https://pypi.org/simple/
 								# 复制依赖文件
 								COPY pyproject.toml uv.lock README.md ./
 								# 安装 Python 依赖到虚拟环境
 								RUN uv sync --frozen --no-dev
 								# ============================================
 								# 多阶段构建 - 运行阶段
 								# ============================================
 								FROM python:3.12-slim AS runtime
 								WORKDIR /app
 								ENV PYTHONDONTWRITEBYTECODE=1
 								ENV PYTHONUNBUFFERED=1
 								# 彻底清除代理设置
 								ENV http_proxy=""
 								ENV https_proxy=""
 								ENV HTTP_PROXY=""
 								ENV HTTPS_PROXY=""
 								ENV all_proxy=""
 								ENV ALL_PROXY=""
 								ENV no_proxy="*"
 								ENV NO_PROXY="*"
 								# 配置使用阿里云 Debian 镜像源
 								RUN sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources 2>/dev/null || \
 								    sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list 2>/dev/null || true
 								# 清除 apt 代理配置
 								RUN rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
 								    echo 'Acquire::http::Proxy "false";' > /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::https::Proxy "false";' >> /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::Retries "5";' >> /etc/apt/apt.conf.d/99-no-proxy && \
 								    echo 'Acquire::http::Timeout "60";' >> /etc/apt/apt.conf.d/99-no-proxy
 								# 只安装运行时依赖（不需要 gcc）
 								RUN apt-get update && \
 								    apt-get install -y --no-install-recommends \
 								        libpq5 \
-												refactor: 优化 Docker 部署配置

- 后端使用 uv 管理依赖，镜像内包含所有依赖
- 前端使用生产构建 + serve 提供静态文件
- 添加 WeasyPrint 完整系统依赖
- 修复 PDF 报告 Logo 显示问题
- 添加 .dockerignore 优化构建
- 更新部署文档和 GitHub Actions 工作流
- 前端端口从 5173 改为 3000

											
										
										
											2025-12-05 20:51:22 +08:00
+								        curl \
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								        git \
-												feat: improve Docker deployment and release workflows

- Add WeasyPrint system dependencies with Chinese font support
- Update requirements.txt with all dependencies
- Fix docker-compose.yml network configuration
- Update GitHub Actions release workflow for frontend-backend architecture
- Update release script for new project structure
- Support multi-arch Docker builds (amd64, arm64)

											
										
										
											2025-11-28 20:43:26 +08:00
+								        libpango-1.0-0 \
 								        libpangoft2-1.0-0 \
-												refactor: 优化 Docker 部署配置

- 后端使用 uv 管理依赖，镜像内包含所有依赖
- 前端使用生产构建 + serve 提供静态文件
- 添加 WeasyPrint 完整系统依赖
- 修复 PDF 报告 Logo 显示问题
- 添加 .dockerignore 优化构建
- 更新部署文档和 GitHub Actions 工作流
- 前端端口从 5173 改为 3000

											
										
										
											2025-12-05 20:51:22 +08:00
+								        libpangocairo-1.0-0 \
-												feat: improve Docker deployment and release workflows

- Add WeasyPrint system dependencies with Chinese font support
- Update requirements.txt with all dependencies
- Fix docker-compose.yml network configuration
- Update GitHub Actions release workflow for frontend-backend architecture
- Update release script for new project structure
- Support multi-arch Docker builds (amd64, arm64)

											
										
										
											2025-11-28 20:43:26 +08:00
+								        libcairo2 \
-												refactor: 优化 Docker 部署配置

- 后端使用 uv 管理依赖，镜像内包含所有依赖
- 前端使用生产构建 + serve 提供静态文件
- 添加 WeasyPrint 完整系统依赖
- 修复 PDF 报告 Logo 显示问题
- 添加 .dockerignore 优化构建
- 更新部署文档和 GitHub Actions 工作流
- 前端端口从 5173 改为 3000

											
										
										
											2025-12-05 20:51:22 +08:00
+								        libgdk-pixbuf-2.0-0 \
 								        libglib2.0-0 \
-												feat: improve Docker deployment and release workflows

- Add WeasyPrint system dependencies with Chinese font support
- Update requirements.txt with all dependencies
- Fix docker-compose.yml network configuration
- Update GitHub Actions release workflow for frontend-backend architecture
- Update release script for new project structure
- Support multi-arch Docker builds (amd64, arm64)

											
										
										
											2025-11-28 20:43:26 +08:00
+								        shared-mime-info \
 								        fonts-noto-cjk \
-												refactor: 优化 Docker 部署配置

- 后端使用 uv 管理依赖，镜像内包含所有依赖
- 前端使用生产构建 + serve 提供静态文件
- 添加 WeasyPrint 完整系统依赖
- 修复 PDF 报告 Logo 显示问题
- 添加 .dockerignore 优化构建
- 更新部署文档和 GitHub Actions 工作流
- 前端端口从 5173 改为 3000

											
										
										
											2025-12-05 20:51:22 +08:00
+								    && fc-cache -fv \
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								    && rm -rf /var/lib/apt/lists/* \
 								    && apt-get clean
-												feat: v2.0.0-test release

Major changes:
- Backend: Add report generator service with comprehensive analysis
- Backend: Enhanced scan and task endpoints
- Frontend: Refactor instant analysis page and export dialog
- Frontend: Optimize report export service
- Infrastructure: Simplify Dockerfile and update docker-compose
- Docs: Streamline README documentation
- Assets: Add logo with transparent background

											
										
										
											2025-11-28 20:34:15 +08:00
-												修复Agent审计任务识别不到文件的错误

											
										
										
											2025-12-16 12:34:57 +08:00
+								# 从构建阶段复制虚拟环境和 uv
 								COPY --from=builder /app/.venv /app/.venv
 								COPY --from=builder /usr/local/bin/uv /usr/local/bin/uv
-												refactor: 重构项目结构，将前端和后端代码分离到独立目录

- 将前端代码移动到 frontend/ 目录
- 将后端代码移动到 backend/ 目录
- 更新 .gitignore 以包含 Python 和前端构建产物
- 修复 LLM JSON 解析问题，增强错误处理
- 修复前端配置默认值，改为从后端获取
- 删除 AdminDashboard 中的数据库信息和统计卡片
- 完善系统配置管理，支持从后端获取默认配置

											
										
										
											2025-11-26 21:11:12 +08:00
-												feat: v2.0.0-test release

Major changes:
- Backend: Add report generator service with comprehensive analysis
- Backend: Enhanced scan and task endpoints
- Frontend: Refactor instant analysis page and export dialog
- Frontend: Optimize report export service
- Infrastructure: Simplify Dockerfile and update docker-compose
- Docs: Streamline README documentation
- Assets: Add logo with transparent background

											
										
										
											2025-11-28 20:34:15 +08:00
+								# 复制应用代码
-												refactor: 重构项目结构，将前端和后端代码分离到独立目录

- 将前端代码移动到 frontend/ 目录
- 将后端代码移动到 backend/ 目录
- 更新 .gitignore 以包含 Python 和前端构建产物
- 修复 LLM JSON 解析问题，增强错误处理
- 修复前端配置默认值，改为从后端获取
- 删除 AdminDashboard 中的数据库信息和统计卡片
- 完善系统配置管理，支持从后端获取默认配置

											
										
										
											2025-11-26 21:11:12 +08:00
+								COPY . .
-												feat: Introduce China-specific production deployment, automate database migrations, and enhance LLM configuration flexibility.

											
										
										
											2025-12-17 01:38:21 +08:00
+								# 创建上传目录并设置启动脚本权限
 								RUN mkdir -p /app/uploads/zip_files && \
 								    chmod +x /app/docker-entrypoint.sh
-												feat: v2.0.0-test release

Major changes:
- Backend: Add report generator service with comprehensive analysis
- Backend: Enhanced scan and task endpoints
- Frontend: Refactor instant analysis page and export dialog
- Frontend: Optimize report export service
- Infrastructure: Simplify Dockerfile and update docker-compose
- Docs: Streamline README documentation
- Assets: Add logo with transparent background

											
										
										
											2025-11-28 20:34:15 +08:00
 								# 暴露端口
 								EXPOSE 8000
-												feat: Introduce China-specific production deployment, automate database migrations, and enhance LLM configuration flexibility.

											
										
										
											2025-12-17 01:38:21 +08:00
+								# 启动命令 - 使用启动脚本自动执行数据库迁移
 								CMD ["/app/docker-entrypoint.sh"]