FROM debian:bookworm-slim@sha256:b4aa902587c2e61ce789849cb54c332b0400fe27b1ee33af4669e1f7e7c3e22f
ENV DEBIAN_FRONTEND=noninteractive \
GLAMA_VERSION="1.0.0"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install system dependencies and Node.js
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates curl git && \
curl -fsSL https://deb.nodesource.com/setup_24.x -o nodesource_setup.sh && \
bash nodesource_setup.sh && \
rm nodesource_setup.sh && \
apt-get install -y --no-install-recommends nodejs=24.* && \
npm install -g mcp-proxy@5.12.0 pnpm@10.14.0 && \
node --version && \
curl -LsSf https://astral.sh/uv/0.5.14/install.sh -o uv_install.sh && \
UV_INSTALL_DIR="/usr/local/bin" sh uv_install.sh && \
rm uv_install.sh && \
uv python install 3.13 --default --preview && \
ln -s "$(uv python find)" /usr/local/bin/python && \
python --version && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /app
# Use ARG to allow overriding the git ref at build time
# For production, override with specific commit: docker build --build-arg GIT_REF=<commit-hash> ...
ARG GIT_REF=main
# Clone repository and checkout specified ref
RUN git clone https://github.com/taylorleese/mcp-toolz . && \
git checkout ${GIT_REF}
# Create non-root user for security
RUN useradd -m -u 1000 mcpuser && \
chown -R mcpuser:mcpuser /app
USER mcpuser
# Install Python dependencies
RUN uv venv --python 3.13 && \
uv pip install --require-hashes -r requirements.txt && \
uv pip install -e .
# Health check to verify server is responding
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8080/ping || exit 1
# Note: The "--" separator is critical - it tells mcp-proxy to stop parsing flags
# Without it, "-m" gets interpreted as an mcp-proxy option instead of being passed to Python
CMD ["mcp-proxy", "/app/.venv/bin/python", "--", "-m", "mcp_server"]