From 6174901a121cebf6448db3fef5e68a375dec9b61 Mon Sep 17 00:00:00 2001
From: TheSiahxyz <164138827+TheSiahxyz@users.noreply.github.com>
Date: Thu, 2 Apr 2026 15:39:09 +0900
Subject: feat: optimize Dockerfiles with multi-stage builds, non-root user,
 .dockerignore

---
 services/news-collector/Dockerfile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'services/news-collector')

diff --git a/services/news-collector/Dockerfile b/services/news-collector/Dockerfile
index a8e5902..7accee2 100644
--- a/services/news-collector/Dockerfile
+++ b/services/news-collector/Dockerfile
@@ -1,9 +1,17 @@
-FROM python:3.12-slim
+FROM python:3.12-slim AS builder
 WORKDIR /app
 COPY shared/ shared/
 RUN pip install --no-cache-dir ./shared
 COPY services/news-collector/ services/news-collector/
 RUN pip install --no-cache-dir ./services/news-collector
-RUN python -c "import nltk; nltk.download('vader_lexicon', quiet=True)"
+RUN python -c "import nltk; nltk.download('vader_lexicon', download_dir='/usr/local/nltk_data')"
+
+FROM python:3.12-slim
+RUN useradd -r -s /bin/false appuser
+WORKDIR /app
+COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+COPY --from=builder /usr/local/nltk_data /usr/local/nltk_data
 ENV PYTHONPATH=/app
+USER appuser
 CMD ["python", "-m", "news_collector.main"]
-- 
cgit v1.2.3