docker options added

jaschadub · jaschadub · commit b5062301de24 · 2025-07-25T22:04:23.000-07:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,85 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Testing
+.tox/
+.nox/
+.coverage
+.pytest_cache/
+cover/
+htmlcov/
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Documentation
+docs/
+*.md
+!README.md
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+
+# Other
+*.log
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.ruff_cache/
+.bandit
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,66 @@
+name: Docker Build and Publish
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Container Registry
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Verify image
+      if: github.event_name != 'pull_request'
+      run: |
+        docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest python -c "import symbiont; print(f'Symbiont SDK v{symbiont.__version__} ready')"
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,75 @@
+# Multi-stage build for smaller final image
+FROM python:3.11-slim AS builder
+
+# Set build environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create and use non-root user
+RUN groupadd --gid 1001 symbiont && \
+    useradd --uid 1001 --gid symbiont --shell /bin/bash --create-home symbiont
+
+# Set working directory
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt requirements-dev.txt ./
+RUN pip install --user --no-cache-dir -r requirements.txt
+
+# Copy source code
+COPY . .
+
+# Install the package
+RUN pip install --user .
+
+# Production stage
+FROM python:3.11-slim
+
+# Set runtime environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PATH="/home/symbiont/.local/bin:$PATH"
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN groupadd --gid 1001 symbiont && \
+    useradd --uid 1001 --gid symbiont --shell /bin/bash --create-home symbiont
+
+# Copy installed packages from builder
+COPY --from=builder --chown=symbiont:symbiont /root/.local /home/symbiont/.local
+
+# Copy source code
+WORKDIR /app
+COPY --chown=symbiont:symbiont . .
+
+# Switch to non-root user
+USER symbiont
+
+# Verify installation
+RUN python -c "import symbiont; print(f'Symbiont SDK v{symbiont.__version__} installed successfully')"
+
+# Default command - Python REPL with SDK available
+CMD ["python", "-c", "import symbiont; print('Symbiont SDK ready. Use: from symbiont import SymbiontClient'); exec(open('/dev/stdin').read()) if not __import__('sys').stdin.isatty() else __import__('code').interact(local=globals())"]
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD python -c "import symbiont; print('OK')" || exit 1
+
+# Labels for metadata
+LABEL org.opencontainers.image.title="Symbiont Python SDK" \
+      org.opencontainers.image.description="Python SDK for Symbiont platform with Tool Review and Runtime APIs" \
+      org.opencontainers.image.url="https://github.com/thirdkeyai/symbiont-sdk-python" \
+      org.opencontainers.image.source="https://github.com/thirdkeyai/symbiont-sdk-python" \
+      org.opencontainers.image.vendor="ThirdKey.ai" \
+      org.opencontainers.image.licenses="MIT"
diff --git a/README.md b/README.md
@@ -24,6 +24,57 @@ cd symbiont-sdk-python
 pip install -e .
 ```
 
+### Docker
+
+The SDK is also available as a Docker image from GitHub Container Registry:
+
+```bash
+# Pull the latest image
+docker pull ghcr.io/thirdkeyai/symbiont-sdk-python:latest
+
+# Or pull a specific version
+docker pull ghcr.io/thirdkeyai/symbiont-sdk-python:v0.2.0
+```
+
+#### Running with Docker
+
+```bash
+# Run interactively with Python REPL
+docker run -it --rm ghcr.io/thirdkeyai/symbiont-sdk-python:latest
+
+# Run with environment variables
+docker run -it --rm \
+  -e SYMBIONT_API_KEY=your_api_key \
+  -e SYMBIONT_BASE_URL=http://host.docker.internal:8080/api/v1 \
+  ghcr.io/thirdkeyai/symbiont-sdk-python:latest
+
+# Run a Python script from host
+docker run --rm \
+  -v $(pwd):/workspace \
+  -w /workspace \
+  -e SYMBIONT_API_KEY=your_api_key \
+  ghcr.io/thirdkeyai/symbiont-sdk-python:latest \
+  python your_script.py
+
+# Execute one-liner
+docker run --rm \
+  -e SYMBIONT_API_KEY=your_api_key \
+  ghcr.io/thirdkeyai/symbiont-sdk-python:latest \
+  python -c "from symbiont import Client; print(Client().health_check())"
+```
+
+#### Building Docker Image Locally
+
+```bash
+# Build from source
+git clone https://github.com/thirdkeyai/symbiont-sdk-python.git
+cd symbiont-sdk-python
+docker build -t symbiont-sdk:local .
+
+# Run locally built image
+docker run -it --rm symbiont-sdk:local
+```
+
 ## Configuration
 
 The SDK can be configured using environment variables in a `.env` file. Copy the provided `.env.example` file to get started:
@@ -488,4 +539,18 @@ To create a PyPI API token:
 2. Create new token with scope for this project
 3. Add to GitHub repository secrets as `PYPI_API_TOKEN`
 
-The release workflow will automatically publish to PyPI when a new tag is pushed.
+#### Container Registry Publishing
+
+The Docker workflow automatically publishes container images to GitHub Container Registry:
+
+- **Latest image**: Published on every push to main branch (`ghcr.io/thirdkeyai/symbiont-sdk-python:latest`)
+- **Version tags**: Published on release tags (`ghcr.io/thirdkeyai/symbiont-sdk-python:v0.2.0`)
+- **Branch tags**: Published for feature branches during development
+
+Images are built for multiple architectures (linux/amd64, linux/arm64) and include:
+- Multi-stage optimized builds for smaller image size
+- Non-root user execution for security
+- Health checks for container monitoring
+- Full SDK functionality with all dependencies
+
+Both the release workflow (PyPI) and Docker workflow (container registry) will automatically run when a new tag is pushed.
