# Containerization

## Dockerfile Summary

**Base image**: `python:3.11-slim`

**Build steps**:
1. Install system deps: `python3-dev`, `gcc`, `pciutils`, `curl`, `gnupg`
2. Install Docker CE CLI (from official Docker apt repo)
3. Install Python deps from `requirements.txt`
4. Copy source code
5. Compile Cython extensions: `python setup.py build_ext --inplace`

**Runtime**: `uvicorn main:app --host 0.0.0.0 --port 8080`

**Exposed port**: 8080

## Key Design Decisions

- Docker CLI is installed inside the container because the unlock workflow needs `docker load` and `docker image inspect`
- Cython compilation happens at build time — the `.so` files are generated during `docker build`
- `pciutils` is installed for `lspci` (GPU detection in `hardware_service`)

## Required Volume Mounts

| Mount                                | Purpose                                |
|--------------------------------------|----------------------------------------|
| `/var/run/docker.sock` (host socket) | Docker-in-Docker for image loading     |
| `/opt/azaion/images.enc`             | Encrypted Docker image archive         |

## Image Tags

Tags follow the pattern from Woodpecker CI:
- `main` branch → `loader:arm`
- Other branches → `loader:{branch}-arm`
- Registry: `localhost:5000`