chore: std Dockerfile and docker-compose, plus a few other fixes

.github/workflows/deploy.yaml

@@ -161,22 +161,14 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          pull: true
           push: true
           build-args: |
             VERSION=${{ env.VERSION }}
           tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/arm64,linux/amd64
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          labels: |
-            ${{ steps.meta.outputs.labels }}
-            org.opencontainers.image.version=${{ env.RELEASE_TAG }}
-            org.opencontainers.image.title=amcrest2mqtt
-            org.opencontainers.image.source=${{ github.repository }}
-            org.opencontainers.image.authors=weirdTangent <jeff@weirdtangent.com>
-            org.opencontainers.image.url=https://www.graystorm.com
-            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}#readme
-            org.opencontainers.image.description=Publishes Amcrest camera events, snapshots, and status updates via MQTT for Home Assistant auto-discovery
-            org.opencontainers.image.licenses=MIT
           sbom: true
           provenance: true

Dockerfile

@@ -1,53 +1,65 @@
 # syntax=docker/dockerfile:1.7-labs
 FROM python:3-slim
-WORKDIR /app
 
-COPY pyproject.toml uv.lock ./
+# ===== Project Variables =====
+ARG APP_NAME=amcrest2mqtt
+ENV APP_NAME=${APP_NAME}
+ARG SERVICE_DESC="Publishes Amcrest camera data to MQTT for Home Assistant"
+ARG VERSION=0.0.0
+ARG USER_ID=1000
+ARG GROUP_ID=1000
 
-# ---- Version injection support ----
+# ===== Base Setup =====
-ARG VERSION
+WORKDIR /app
-ENV AMCREST2MQTT_VERSION=${VERSION}
+ENV DEBIAN_FRONTEND=noninteractive
-ENV SETUPTOOLS_SCM_PRETEND_VERSION_FOR_AMCREST2MQTT=${VERSION}
 
-# Install uv and git - and get updates too
+# Generic pretend version variables (used by setuptools-scm)
-RUN pip install uv
+# No uppercase substitution; just define a safe fallback
-RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
+ENV SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION}
+ENV APP_PRETEND_VERSION=${VERSION}
 
+# ===== System Dependencies =====
 RUN apt-get update && \
-    apt-get install -y git && \
+    apt-get install -y --no-install-recommends git && \
     apt-get upgrade -y && \
+    pip install --no-cache-dir uv && \
     rm -rf /var/lib/apt/lists/*
 
-# copy source
+# ===== Copy Source and Metadata =====
-COPY --exclude=.git . .
+COPY pyproject.toml uv.lock ./
+COPY . .
 
-# Install dependencies (uses setup info, now src exists)
+# ===== Build & Install =====
-RUN uv sync --frozen --no-dev
+# 1. Create isolated virtual environment
+RUN uv venv
 
-# Install the package (if needed)
+# 2. Export locked dependencies (with pretend version active)
-RUN uv pip install .
+RUN SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION} uv export --no-dev --format=requirements-txt > /tmp/reqs.all.txt
 
-# Default build arguments (can be overridden at build time)
+# 3. Strip the local project from deps list so setuptools-scm isn’t triggered during deps install
-ARG USER_ID=1000
+RUN grep -v -E "(^-e\s+file://|^file://|/app)" /tmp/reqs.all.txt > /tmp/reqs.deps.txt || true
-ARG GROUP_ID=1000
 
-# Create the app user and group
+# 4. Install dependencies
-RUN groupadd --gid "${GROUP_ID}" appuser && \
+RUN uv pip install --no-cache-dir -r /tmp/reqs.deps.txt
-    useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --create-home --shell /bin/bash appuser
 
-# Ensure /config exists and is writable
+# 5. Install the app itself (pretend version visible, no deps)
-RUN mkdir -p /config && chown -R appuser:appuser /config
+RUN SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION} uv pip install --no-cache-dir . --no-deps
 
-# Optional: fix perms if files already copied there (won’t break if empty)
+# 6. Cleanup
-RUN find /config -type f -exec chmod 0664 {} + || true
+RUN rm -f /tmp/reqs.all.txt /tmp/reqs.deps.txt .git || true
 
-# Ensure /app is owned by the app user
+# ===== Non-root Runtime User =====
-RUN chown -R appuser:appuser /app
+RUN groupadd -g "${GROUP_ID}" appuser && \
+    useradd -u "${USER_ID}" -g "${GROUP_ID}" --create-home --shell /bin/bash appuser && \
+    mkdir -p /config && chown -R appuser:appuser /app /config
 
-# Drop privileges
 USER appuser
 
-# ---- Runtime ----
+# ===== Runtime =====
-ENV SERVICE=amcrest2mqtt
+ENV SERVICE=${APP_NAME}
-ENTRYPOINT ["/app/.venv/bin/amcrest2mqtt"]
+LABEL org.opencontainers.image.title=${APP_NAME} \
+      org.opencontainers.image.description=${SERVICE_DESC} \
+      org.opencontainers.image.version=${VERSION}
+
+ENTRYPOINT ["/bin/sh", "-c", "/app/.venv/bin/python -m $APP_NAME \"$@\"", "sh"]
 CMD ["-c", "/config"]

pyproject.toml

@@ -171,7 +171,6 @@ allow_redefinition = false
 # Temporarily quiet noisy files or folders
 [[tool.mypy.overrides]]
 module = [
-  "blinkpy.*",
   "aiohttp.*",
   "paho.*",
 ]

src/amcrest2mqtt/__main__.py

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2025 Jeff Culverhouse
+from .app import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())