The full Dockerfile without comments. Note that there are multiple COPY instructions at the bottom. Those are rather redundant and should be batched together But we'll keep them separate here for readability.
FROM
python:3.11.8-slim-bookworm
#
RUN
export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get -y upgrade && \
apt-get install -y --no-install-recommends < package_to_install > && \
apt-get -y clean && \
rm -rf /var/lib/apt/lists/*
#
RUN
curl < url_of_file_to_download > && \
--output < destination_directory >/< filename >.zip && \
unzip < destination_directory >/< filename >.zip && \
--d < unzipped_target_directory > && \
rm < destination_directory >/< filename >.zip
#
COPY
requirements.txt .
#
RUN
pip install --no-cache-dir -r requirements.txt
#
COPY
file_that_needs_secrets.sh .
#
RUN
--mount=type=secret,id=aws_secrets,target=/root/.aws/aws_credentials,required && \
./file_that_needs_secrets.sh
#
RUN
useradd --create-home non_root_user
#
USER
non_root_user
#
COPY
train.py .
#
ENTRYPOINT
[
"python"
,
"train.py"
]