From 4507325331afd79567d6b58a442b768449030ed3 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Thu, 19 Feb 2026 18:08:18 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(summary)=20switch=20to=20?=
 =?UTF-8?q?Alpine=20base=20image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reduce surface area and keep the runtime image minimal.

Alpine 3.22 provides ffmpeg v6 as the latest version.
Alpine 3.23 does not include ffmpeg v7, so upgrade directly to v8.

Install pip temporarily for build steps, then remove it from the
production image.
---
 src/summary/Dockerfile | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/summary/Dockerfile b/src/summary/Dockerfile
index ace69734..7cd1235a 100644
--- a/src/summary/Dockerfile
+++ b/src/summary/Dockerfile
@@ -1,12 +1,9 @@
-FROM python:3.13-slim AS base
+FROM python:3.13-alpine3.23 AS base
 
 
 # Install ffmpeg for audio/video processing (format conversion, extraction, compression)
 # See summary/core/file_service.py for usage.
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ffmpeg=7:7.1.3-* && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache "ffmpeg=8.0.1-r1"
 
 FROM base AS builder
 
@@ -14,13 +11,13 @@ WORKDIR /app
 
 COPY pyproject.toml .
 
-RUN pip3 install --no-cache-dir .
+RUN pip install --no-cache-dir .
 
 FROM base AS development
 WORKDIR /app
 
 COPY . .
-RUN pip3 install --no-cache-dir -e ".[dev]" || pip3 install --no-cache-dir -e .
+RUN pip install --no-cache-dir -e ".[dev]" || pip install --no-cache-dir -e .
 
 CMD ["uvicorn", "summary.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
 
@@ -28,6 +25,9 @@ FROM base AS production
 
 WORKDIR /app
 
+# Remove pip to reduce attack surface in production
+RUN pip uninstall -y pip
+
 # Un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}