From 7fec4bc575b74877709f0fd1c77a2e3013deda4a Mon Sep 17 00:00:00 2001
From: Daniel Henry <iamdanhenry@gmail.com>
Date: Tue, 31 Mar 2026 18:21:08 -0500
Subject: [PATCH] Add Dockerfile, .dockerignore, and Gitea CI for image
 build/push

Made-with: Cursor
---
 .dockerignore                     | 16 +++++++++++++
 .gitea/workflows/build-docker.yml | 38 +++++++++++++++++++++++++++++++
 Dockerfile                        | 19 ++++++++++++++++
 README.md                         | 13 +++++++++++
 4 files changed, 86 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .gitea/workflows/build-docker.yml
 create mode 100644 Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..72ee475
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,16 @@
+.git
+.github
+.gitea
+.venv
+__pycache__
+*.py[cod]
+.pytest_cache
+.ruff_cache
+.coverage
+htmlcov
+.env
+.env.*
+!.env.example
+tests
+.cursor
+*.plan.md
diff --git a/.gitea/workflows/build-docker.yml b/.gitea/workflows/build-docker.yml
new file mode 100644
index 0000000..99aebce
--- /dev/null
+++ b/.gitea/workflows/build-docker.yml
@@ -0,0 +1,38 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.DOCKER_USERNAME }}/notebook-tools:${{ gitea.sha }}
+            ${{ secrets.DOCKER_REGISTRY }}/${{ secrets.DOCKER_USERNAME }}/notebook-tools:latest
+          labels: |
+            org.opencontainers.image.source=${{ gitea.server_url }}/${{ gitea.repository }}
+            org.opencontainers.image.description=Notebook tools — Paperless + llama.cpp OCR API
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..44ed7a7
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+# syntax=docker/dockerfile:1
+# Production image: uv sync (frozen lockfile), run FastAPI with uvicorn.
+FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+
+WORKDIR /app
+
+ENV UV_COMPILE_BYTECODE=1 \
+    UV_LINK_MODE=copy
+
+COPY pyproject.toml uv.lock README.md ./
+COPY src ./src
+
+RUN uv sync --frozen --no-dev
+
+ENV PATH="/app/.venv/bin:$PATH"
+
+EXPOSE 8080
+
+CMD ["uvicorn", "notebook_tools.api:app", "--host", "0.0.0.0", "--port", "8080"]
diff --git a/README.md b/README.md
index 14b34e9..800db12 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,19 @@ Then open the docs at:
 
 If other machines still can’t connect, check your macOS firewall and any router/network rules.
 
+## Docker
+
+Build and run (pass env via file or `-e`; the app reads `.env` only if you mount it):
+
+```bash
+docker build -t notebook-tools:local .
+docker run --rm -p 8080:8080 --env-file .env notebook-tools:local
+```
+
+`LLAMA_BASE_URL` / `PAPERLESS_BASE_URL` must be reachable **from inside the container** (use `host.docker.internal` on Docker Desktop, or your LAN IP, not `127.0.0.1` for services on the host).
+
+CI: on push to `main`, [.gitea/workflows/build-docker.yml](.gitea/workflows/build-docker.yml) builds and pushes using the same secrets pattern as your other Gitea repos (`DOCKER_REGISTRY`, `DOCKER_USERNAME`, `DOCKER_PASSWORD`). For Docker Hub, set `DOCKER_REGISTRY` to `docker.io` (or leave per your runner docs).
+
 ## Example `.env`
 
 ```bash