Simple Snowflake MCP

# Multi-stage build for better security and smaller image size FROM python:3.11-slim-bookworm as builder # Set working directory WORKDIR /app # Install build dependencies RUN apt-get update && apt-get install -y \ gcc \ g++ \ && rm -rf /var/lib/apt/lists/* # Copy dependency files COPY requirements.txt pyproject.toml uv.lock ./ # Install uv for faster package management RUN pip install --no-cache-dir uv # Install dependencies using uv to a local directory RUN uv pip install --python /usr/local/bin/python --target /app/dependencies -r requirements.txt # Production stage FROM python:3.11-slim-bookworm as production # Install security updates RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/* # Set working directory WORKDIR /app # Copy dependencies from builder stage COPY --from=builder /app/dependencies /app/dependencies # Copy source code COPY src/ ./src/ COPY setup.py ./ # Add dependencies to Python path ENV PYTHONPATH=/app/dependencies:/app/src # Create a non-root user with specific UID/GID RUN groupadd -r -g 1001 mcp && useradd -r -g mcp -u 1001 -m -s /bin/bash mcp # Create logs directory and set permissions RUN mkdir -p /app/logs && chown -R mcp:mcp /app # Switch to non-root user USER mcp # Set security-focused environment variables ENV PYTHONUNBUFFERED=1 ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONHASHSEED=random # Health check (uncomment if your MCP server supports health checks) # HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ # CMD python -c "import sys; sys.exit(0)" # Default command CMD ["python", "-m", "simple_snowflake_mcp"]