docker

backend/Dockerfile

@@ -1,9 +1,27 @@
-FROM python:3.12
-
+# Stage 1: Tests et qualité
+FROM python:3.12 as test
 WORKDIR /app
-COPY . /app/
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt flake8 bandit
 
-RUN pip install -r requirements.txt
+COPY . .
+# Tests de qualité
+RUN flake8 app/ --count --show-source --statistics || true
+RUN bandit -r app/ -f json -o /tmp/bandit-report.json || true
 
+# Stage 2: Application runtime
+FROM python:3.12-slim as runtime
+WORKDIR /app
+
+# Non-root user pour la sécurité
+RUN useradd -m -u 1000 appuser
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY --from=test /app .
+RUN chown -R appuser:appuser /app
+
+USER appuser
 EXPOSE 8000
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]