FROM hashicorp/terraform:latest
# Install Python, pip, git and other dependencies
RUN apk add --no-cache python3 py3-pip curl unzip bash git
# Install terraform-ls
RUN TERRAFORM_LS_VERSION="0.33.2" && \
curl -sSL "https://releases.hashicorp.com/terraform-ls/${TERRAFORM_LS_VERSION}/terraform-ls_${TERRAFORM_LS_VERSION}_linux_amd64.zip" -o terraform-ls.zip && \
unzip terraform-ls.zip && \
mv terraform-ls /usr/local/bin/ && \
chmod +x /usr/local/bin/terraform-ls && \
rm terraform-ls.zip
# Create non-root user for security
RUN addgroup -g 1000 terry && \
adduser -D -u 1000 -G terry -h /home/terry terry
# Create app directory
WORKDIR /app
# Copy requirements first for better caching
COPY requirements.txt .
# Install Python dependencies with break-system-packages for Alpine
RUN pip install --break-system-packages -r requirements.txt
# Copy application files
COPY terry-form-mcp.py .
COPY terraform_lsp_client.py .
COPY server_enhanced_with_lsp.py .
COPY server_mcp_only.py .
COPY server_web_only.py .
COPY github_app_auth.py .
COPY github_repo_handler.py .
COPY mcp_request_validator.py .
# Copy internal modules
COPY internal/ ./internal/
# Create workspace directory
RUN mkdir -p /mnt/workspace && \
chown -R terry:terry /mnt/workspace
# Security: Set proper permissions
RUN chown -R terry:terry /app && \
chmod -R 755 /app && \
chmod 644 /app/*.py
# Security: Drop capabilities not needed
USER terry
# Volume for workspace
VOLUME ["/mnt/workspace"]
# Expose MCP and web dashboard ports
EXPOSE 8000 8001
# Default to running the enhanced server
ENTRYPOINT ["python3"]
CMD ["server_enhanced_with_lsp.py"]
# Health check for MCP server
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD python3 -c "import socket; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.settimeout(2); s.connect(('localhost', 8000)); s.close()" || exit 1
# Labels for documentation
LABEL maintainer="aj-geddes" \
description="Terry-Form MCP Server with GitHub OAuth integration" \
version="3.0.0-github"
