Use Azure Linux recommended base images in Dockerfile multistage build

Copilot · maniSbindra · Copilot · commit 0ab865ea3092 · 2025-08-22T12:51:48.000Z
Co-authored-by: maniSbindra &lt;6338721+maniSbindra@users.noreply.github.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -1,38 +1,35 @@
 # Multi-stage Dockerfile for Container Image Recommendation MCP Server
-FROM python:3.12-slim AS base
+# Build stage using recommended Azure Linux base image
+FROM mcr.microsoft.com/azurelinux/base/python:3.12 AS builder
 
 # Set working directory
 WORKDIR /app
 
-# Install system dependencies
-RUN apt-get update && apt-get install -y \
-    curl \
-    sqlite3 \
-    ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install external tools required for image analysis (optional for MCP server)
-RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin || echo "Syft installation failed, continuing..." && \
-    curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin || echo "Grype installation failed, continuing..." && \
-    curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin || echo "Trivy installation failed, continuing..."
-
 # Copy requirements and install Python dependencies
 COPY requirements.txt .
 RUN pip install --no-cache-dir --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org -r requirements.txt
 
+# Runtime stage using recommended Azure Linux base image
+FROM mcr.microsoft.com/azurelinux/base/python:3.12 AS runtime
+
+# Set working directory
+WORKDIR /app
+
+# Copy Python dependencies from builder stage
+COPY --from=builder /usr/lib/python3.12/site-packages /usr/lib/python3.12/site-packages
+
 # Copy source code
 COPY src/ ./src/
 COPY mcp_server.py .
 COPY azure_linux_images.db .
 
-# Create non-root user for security
-RUN useradd -m -u 1000 mcpuser && \
-    chown -R mcpuser:mcpuser /app
+# Use existing non-root user for security
+RUN chown -R nonroot:nonroot /app
 
-USER mcpuser
+USER nonroot
 
-# Verify core functionality (tools are optional)
-RUN python -c "import sys; sys.path.append('/app/src'); from database import ImageDatabase; print('✓ Database access working')"
+# Verify core functionality
+RUN python3 -c "import sys; sys.path.append('/app/src'); from database import ImageDatabase; print('✓ Database access working')"
 
 # Expose port for potential HTTP interface (optional)
 EXPOSE 8080
@@ -42,11 +39,11 @@ ENV PYTHONPATH=/app/src
 ENV MCP_DB_PATH=/app/azure_linux_images.db
 
 # Default command runs the MCP server
-CMD ["python", "mcp_server.py"]
+CMD ["python3", "mcp_server.py"]
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD python -c "import sys; sys.path.append('/app/src'); from database import ImageDatabase; db = ImageDatabase('/app/azure_linux_images.db'); stats = db.get_vulnerability_statistics(); db.close(); print('Health check passed')" || exit 1
+    CMD python3 -c "import sys; sys.path.append('/app/src'); from database import ImageDatabase; db = ImageDatabase('/app/azure_linux_images.db'); stats = db.get_vulnerability_statistics(); db.close(); print('Health check passed')" || exit 1
 
 # Labels for metadata
 LABEL org.opencontainers.image.title="Container Image Recommendation MCP Server"
