🔒️(summary) switch to Alpine base image

Reduce surface area and keep the runtime image minimal.

Alpine 3.22 provides ffmpeg v6 as the latest version.
Alpine 3.23 does not include ffmpeg v7, so upgrade directly to v8.

Install pip temporarily for build steps, then remove it from the
production image.

src/summary/Dockerfile

@@ -1,12 +1,9 @@
-FROM python:3.13-slim AS base
+FROM python:3.13-alpine3.23 AS base
 
 
 # Install ffmpeg for audio/video processing (format conversion, extraction, compression)
 # See summary/core/file_service.py for usage.
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ffmpeg=7:7.1.3-* && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache "ffmpeg=8.0.1-r1"
 
 FROM base AS builder
 
@@ -14,13 +11,13 @@ WORKDIR /app
 
 COPY pyproject.toml .
 
-RUN pip3 install --no-cache-dir .
+RUN pip install --no-cache-dir .
 
 FROM base AS development
 WORKDIR /app
 
 COPY . .
-RUN pip3 install --no-cache-dir -e ".[dev]" || pip3 install --no-cache-dir -e .
+RUN pip install --no-cache-dir -e ".[dev]" || pip install --no-cache-dir -e .
 
 CMD ["uvicorn", "summary.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
 
@@ -28,6 +25,9 @@ FROM base AS production
 
 WORKDIR /app
 
+# Remove pip to reduce attack surface in production
+RUN pip uninstall -y pip
+
 # Un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}