| # Copyright (c) Meta Platforms, Inc. and affiliates. | |
| # All rights reserved. | |
| # | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # | |
| # ============================================================ | |
| # AML Investigator β OpenEnv Environment | |
| # Hugging Face Spaces compliant Docker image | |
| # ============================================================ | |
| # | |
| # Build (from repo root): | |
| # docker build -t aml-env . | |
| # | |
| # Run locally: | |
| # docker run -p 7860:7860 aml-env | |
| # ============================================================ | |
| ARG BASE_IMAGE=ghcr.io/meta-pytorch/openenv-base:latest | |
| FROM ${BASE_IMAGE} AS builder | |
| WORKDIR /app | |
| # git is needed for uv to resolve any VCS dependencies | |
| RUN apt-get update && \ | |
| apt-get install -y --no-install-recommends git && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Copy full build context (unwanted files pruned by .dockerignore) | |
| COPY . /app/env | |
| WORKDIR /app/env | |
| # Ensure uv is available (the openenv-base image usually has it; install as fallback) | |
| RUN if ! command -v uv >/dev/null 2>&1; then \ | |
| curl -LsSf https://astral.sh/uv/install.sh | sh && \ | |
| mv /root/.local/bin/uv /usr/local/bin/uv && \ | |
| mv /root/.local/bin/uvx /usr/local/bin/uvx; \ | |
| fi | |
| # Install deps only (no project install yet) β uses --frozen so uv.lock is honoured | |
| RUN --mount=type=cache,target=/root/.cache/uv \ | |
| if [ -f uv.lock ]; then \ | |
| uv sync --frozen --no-install-project --no-editable; \ | |
| else \ | |
| uv sync --no-install-project --no-editable; \ | |
| fi | |
| # Install the project itself into the venv | |
| RUN --mount=type=cache,target=/root/.cache/uv \ | |
| if [ -f uv.lock ]; then \ | |
| uv sync --frozen --no-editable; \ | |
| else \ | |
| uv sync --no-editable; \ | |
| fi | |
| # ββ Runtime stage βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| FROM ${BASE_IMAGE} | |
| WORKDIR /app | |
| # curl is required for the HEALTHCHECK; install it in the RUNTIME stage | |
| RUN apt-get update && \ | |
| apt-get install -y --no-install-recommends curl && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Copy venv and source from builder | |
| COPY --from=builder /app/env/.venv /app/.venv | |
| COPY --from=builder /app/env /app/env | |
| # Create unprivileged user (good practice for HF Spaces) | |
| RUN useradd -m -u 1000 appuser && \ | |
| chown -R appuser:appuser /app | |
| # The venv bin directory must be first on PATH | |
| ENV PATH="/app/.venv/bin:$PATH" | |
| # PYTHONPATH β /app/env (repo root inside container) | |
| # This makes both import styles work: | |
| # from models import AmlAction (bare) | |
| # from server.AML_env_environment import β¦ (prefixed) | |
| ENV PYTHONPATH="/app/env" | |
| # Hugging Face Spaces mandates port 7860 | |
| EXPOSE 7860 | |
| # Health check β verifiable with `docker inspect` | |
| HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \ | |
| CMD curl -f http://localhost:7860/health || exit 1 | |
| WORKDIR /app/env | |
| USER appuser | |
| # Start the OpenEnv FastAPI server | |
| CMD ["uvicorn", "server.app:app", "--host", "0.0.0.0", "--port", "7860"] |