[MISC] Fix Docker builds for OTEL dependencies and non-root user improvements (#1403)

chandrasekharan-zipstack · web-flow · commit 9da460297991 · 2025-07-03T18:35:18.000+05:30
[MISC] Fixed OTEL dependency installation for builds, updated some builds to use non-root user for syncing venv
diff --git a/docker/dockerfiles/backend.Dockerfile b/docker/dockerfiles/backend.Dockerfile
@@ -50,6 +50,7 @@ COPY ${BUILD_PACKAGES_PATH}/ /unstract/
 
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
diff --git a/docker/dockerfiles/platform.Dockerfile b/docker/dockerfiles/platform.Dockerfile
@@ -49,8 +49,12 @@ COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH}/pyproject.toml ${BUIL
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_PACKAGES_PATH}/core /unstract/core
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_PACKAGES_PATH}/flags /unstract/flags
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
@@ -61,12 +65,12 @@ FROM ext-dependencies AS production
 # Copy application code (this layer changes most frequently)
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH} ./
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install the application in non-editable mode to avoid permission issues
 RUN uv sync --group deploy --locked
 
-# Switch to non-root user for the rest of the operations
-USER ${APP_USER}
-
 EXPOSE 3001
 
 # During debugging, this entry point will be overridden
diff --git a/docker/dockerfiles/prompt.Dockerfile b/docker/dockerfiles/prompt.Dockerfile
@@ -51,8 +51,12 @@ COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH}/pyproject.toml ${BUIL
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_PACKAGES_PATH}/core /unstract/core
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_PACKAGES_PATH}/flags /unstract/flags
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
@@ -63,6 +67,9 @@ FROM ext-dependencies AS production
 # Copy application code (this layer changes most frequently)
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH} ./
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install just the application in editable mode
 RUN uv sync --group deploy --locked
 
@@ -77,9 +84,6 @@ RUN for dir in "${TARGET_PLUGINS_PATH}"/*/; do \
     done && \
     mkdir -p prompt-studio-data
 
-# Switch to non-root user
-USER ${APP_USER}
-
 EXPOSE 3003
 
 CMD ["./entrypoint.sh"]
diff --git a/docker/dockerfiles/runner.Dockerfile b/docker/dockerfiles/runner.Dockerfile
@@ -47,6 +47,7 @@ COPY ${BUILD_PACKAGES_PATH}/flags /unstract/flags
 
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
diff --git a/docker/dockerfiles/tool-sidecar.Dockerfile b/docker/dockerfiles/tool-sidecar.Dockerfile
@@ -48,8 +48,12 @@ COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH}/pyproject.toml ${BUIL
 # Copy local package dependencies
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_PACKAGES_PATH}/core /unstract/core
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
@@ -60,14 +64,14 @@ FROM ext-dependencies AS production
 # Copy application code (this layer changes most frequently)
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH} ./
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install just the application
 RUN uv sync --group deploy --locked && \
     chmod +x ./entrypoint.sh
 
 # # Make entrypoint executable
 # RUN chmod +x ./entrypoint.sh
 
-# Switch to non-root user
-USER ${APP_USER}
-
 CMD ["./entrypoint.sh"]
diff --git a/docker/dockerfiles/x2text.Dockerfile b/docker/dockerfiles/x2text.Dockerfile
@@ -44,8 +44,12 @@ FROM base AS ext-dependencies
 # Copy dependency-related files
 COPY ${BUILD_CONTEXT_PATH}/pyproject.toml ${BUILD_CONTEXT_PATH}/uv.lock ${BUILD_CONTEXT_PATH}/README.md ./
 
+# Switch to non-root user
+USER ${APP_USER}
+
 # Install external dependencies from pyproject.toml
 RUN uv sync --group deploy --locked --no-install-project --no-dev && \
+    .venv/bin/python3 -m ensurepip --upgrade && \
     uv run opentelemetry-bootstrap -a install
 
 # -----------------------------------------------
@@ -56,12 +60,12 @@ FROM ext-dependencies AS production
 # Copy application code (this layer changes most frequently)
 COPY --chown=${APP_USER}:${APP_USER} ${BUILD_CONTEXT_PATH} ./
 
-# Install just the application
-RUN uv sync --group deploy --locked
-
 # Switch to non-root user
 USER ${APP_USER}
 
+# Install just the application
+RUN uv sync --group deploy --locked
+
 EXPOSE 3004
 
 # During debugging, this entry point will be overridden.
