From 9e6ac27484b0fa50e44261f5594dd3e72c953b23 Mon Sep 17 00:00:00 2001
From: Damien Arnodo <damien@noreply.localhost>
Date: Sat, 10 Jan 2026 20:22:51 +0000
Subject: [PATCH] fix: use multi-stage build based on official Dockerfile

---
 images/netbox-mcp-server/Dockerfile | 68 ++++++++++++++++++-----------
 1 file changed, 43 insertions(+), 25 deletions(-)

diff --git a/images/netbox-mcp-server/Dockerfile b/images/netbox-mcp-server/Dockerfile
index aec9329..c9f07b6 100644
--- a/images/netbox-mcp-server/Dockerfile
+++ b/images/netbox-mcp-server/Dockerfile
@@ -6,38 +6,56 @@
 # Source: https://github.com/netboxlabs/netbox-mcp-server
 # =============================================================================
 
-FROM python:3.12-slim
-
-LABEL maintainer="Damien Arnodo"
-LABEL description="NetBox MCP Server for read-only interaction with NetBox data in LLMs"
-
 ARG NETBOX_MCP_VERSION=1.0.0
 
-# Installation des dépendances système
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    git \
-    && rm -rf /var/lib/apt/lists/*
+# -----------------------------------------------------------------------------
+# Stage 1: Builder
+# -----------------------------------------------------------------------------
+FROM python:3.14-alpine3.23 AS builder
 
-# Installation de uv pour la gestion des dépendances Python
-RUN pip install --no-cache-dir uv
+ARG NETBOX_MCP_VERSION
+
+RUN apk add --no-cache git \
+    && pip install --root-user-action=ignore --no-cache-dir --upgrade pip \
+    && pip install --root-user-action=ignore --no-cache-dir uv
+
+ENV UV_LINK_MODE=copy
 
-# Clone et installation du netbox-mcp-server
 WORKDIR /app
+
+# Clone le repo à la version spécifiée
 RUN git clone --depth 1 --branch v${NETBOX_MCP_VERSION} \
-    https://github.com/netboxlabs/netbox-mcp-server.git . \
-    && uv sync --frozen
+    https://github.com/netboxlabs/netbox-mcp-server.git .
 
-# Variables d'environnement (à surcharger au runtime)
-ENV NETBOX_URL=""
-ENV NETBOX_TOKEN=""
-ENV TRANSPORT="stdio"
-ENV VERIFY_SSL="true"
-ENV LOG_LEVEL="INFO"
+# Sync des dépendances avec cache uv
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --locked --no-dev
+
+# -----------------------------------------------------------------------------
+# Stage 2: Runtime
+# -----------------------------------------------------------------------------
+FROM python:3.14-alpine3.23
+
+LABEL maintainer="Damien Arnodo"
+LABEL org.opencontainers.image.title="NetBox MCP Server"
+LABEL org.opencontainers.image.description="A read-only MCP server for NetBox"
+LABEL org.opencontainers.image.url="https://github.com/netboxlabs/netbox-mcp-server"
+LABEL org.opencontainers.image.source="https://github.com/netboxlabs/netbox-mcp-server"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+
+ENV PYTHONUNBUFFERED=1
+
+RUN apk add --no-cache ca-certificates \
+    && addgroup -g 1000 appuser \
+    && adduser -D -u 1000 -G appuser appuser
+
+COPY --from=builder --chown=appuser:appuser /app /app
+
+WORKDIR /app
+USER appuser
+
+ENV PATH="/app/.venv/bin:$PATH"
 
-# Pour le mode HTTP (optionnel)
-ENV HOST="0.0.0.0"
-ENV PORT="8000"
 EXPOSE 8000
 
-# Entrypoint pour le mode STDIO (compatible MCP)
-ENTRYPOINT ["uv", "run", "netbox-mcp-server"]
+CMD ["netbox-mcp-server"]