Morph MORPH
SIGN IN SIGN UP
BerriAI / litellm UNCLAIMED

Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking, guardrails, loadbalancing and logging. [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthropic, Sagemaker, HuggingFace, VLLM, NVIDIA NIM]

0 0 179 Python
Normal View History Raw
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Base image for building
Litellm chainguard fixes 12 02 2025 p1 (#17406) * build: update dockerfile non root * build: update build * build: update non root * build: dockerfile fixes * build: ensure dockerfile + dockerfile.database also work
2025-12-02 22:50:13 -08:00
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base
(feat) docker - allow user to specify base image
2023-11-30 14:49:21 -08:00
fix: theNav hrefs
2023-12-06 08:55:53 +10:00
# Runtime image
Litellm chainguard fixes 12 02 2025 p1 (#17406) * build: update dockerfile non root * build: update build * build: update non root * build: dockerfile fixes * build: ensure dockerfile + dockerfile.database also work
2025-12-02 22:50:13 -08:00
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base
fix security scans
2026-02-07 11:14:55 -08:00
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Builder stage
Correct casing (#5817) * Update Dockerfile correct casing * Update Dockerfile.database correct casing * Update Dockerfile.alpine correct casing * Update Dockerfile.non_root correct casing
2024-09-21 17:21:11 +02:00
FROM $LITELLM_BUILD_IMAGE AS builder
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Set the working directory to /app
WORKDIR /app
(Fix) security of base image (#7620) * fix security of base images * fix dockerfile
2025-01-07 20:35:57 -08:00
USER root
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Install build dependencies
Litellm chainguard fixes 12 02 2025 p1 (#17406) * build: update dockerfile non root * build: update build * build: update non root * build: dockerfile fixes * build: ensure dockerfile + dockerfile.database also work
2025-12-02 22:50:13 -08:00
RUN apk add --no-cache bash gcc py3-pip python3 python3-dev openssl openssl-dev
(Fix) security of base image (#7620) * fix security of base images * fix dockerfile
2025-01-07 20:35:57 -08:00
Litellm chainguard fixes 12 02 2025 p1 (#17406) * build: update dockerfile non root * build: update build * build: update non root * build: dockerfile fixes * build: ensure dockerfile + dockerfile.database also work
2025-12-02 22:50:13 -08:00
RUN python -m pip install build
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Copy the current directory contents into the container at /app
COPY . .
(fix) admin ui allow custom ui theme
2024-02-21 21:28:56 -08:00
# Build Admin UI
feat: Add line_profiler support for performance analysis and fix Windows CRLF issues in Docker builds (#18773)
2026-01-07 11:36:57 -08:00
# Convert Windows line endings to Unix and make executable
RUN sed -i 's/\r$//' docker/build_admin_ui.sh && chmod +x docker/build_admin_ui.sh && ./docker/build_admin_ui.sh
(fix) admin ui allow custom ui theme
2024-02-21 21:28:56 -08:00
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
# Build the package
RUN rm -rf dist/* && python -m build
# There should be only one wheel file now, assume the build only creates one
RUN ls -1 dist/*.whl | head -1
# Install the package
RUN pip install dist/*.whl
# install dependencies as wheels
RUN pip wheel --no-cache-dir --wheel-dir=/wheels/ -r requirements.txt
multistage docker build
2023-12-03 18:38:44 +10:00
build: build fixes
2024-03-19 16:59:59 -07:00
# ensure pyjwt is used, not jwt
RUN pip uninstall jwt -y
RUN pip uninstall PyJWT -y
fix: bump PyJWT to 2.12.0 in all Dockerfiles and tar to 7.5.11 All Dockerfiles were pinning PyJWT 2.9.0 (Dockerfile, Dockerfile.database, Dockerfile.dev) or had a stale wheel build for 2.9.0 (Dockerfile.non_root). Updated to 2.12.0 to match pyproject.toml. Also bumps tar to 7.5.11 in Dockerfile.non_root for security. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 19:54:54 -07:00
RUN pip install PyJWT==2.12.0 --no-cache-dir
build: build fixes
2024-03-19 16:59:59 -07:00
fix(Dockerfile): support mac
2023-12-16 16:01:02 -08:00
# Runtime stage
Correct casing (#5817) * Update Dockerfile correct casing * Update Dockerfile.database correct casing * Update Dockerfile.alpine correct casing * Update Dockerfile.non_root correct casing
2024-09-21 17:21:11 +02:00
FROM $LITELLM_RUNTIME_IMAGE AS runtime
multistage docker build
2023-12-03 18:38:44 +10:00
(Fix) security of base image (#7620) * fix security of base images * fix dockerfile
2025-01-07 20:35:57 -08:00
# Ensure runtime stage runs as root
USER root
fix(docker): add libsndfile to main Dockerfile for ARM64 audio processing (#19776) Fixes #16920 for users of the stable release images. The previous fix (PR #18092) added libsndfile to docker/Dockerfile.alpine, but stable releases are built from the main Dockerfile (Wolfi-based), not the Alpine variant.
2026-01-29 02:33:41 -03:00
# Install runtime dependencies (libsndfile needed for audio processing on ARM64)
fix tar security issue with TAR
2026-01-31 11:44:43 -08:00
RUN apk add --no-cache bash openssl tzdata nodejs npm python3 py3-pip libsndfile && \
updating Dockerfile to tar 7.5.11
2026-03-13 11:16:17 -07:00
npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
# SECURITY FIX: npm bundles tar, glob, and brace-expansion at multiple nested
# levels inside its dependency tree. `npm install -g <pkg>` only creates a
# SEPARATE global package, it does NOT replace npm's internal copies.
# We must find and replace EVERY copy inside npm's directory.
GLOBAL="$(npm root -g)" && \
find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
done && \
find "$GLOBAL/npm" -type d -name "glob" -path "*/node_modules/glob" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/glob" "$d"; \
done && \
find "$GLOBAL/npm" -type d -name "brace-expansion" -path "*/node_modules/@isaacs/brace-expansion" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/@isaacs/brace-expansion" "$d"; \
done && \
security: fix critical/high CVEs in OS-level libs and NPM transitive
2026-02-24 19:40:09 +05:30
find "$GLOBAL/npm" -type d -name "minimatch" -path "*/node_modules/minimatch" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/minimatch" "$d"; \
done && \
find "$GLOBAL/npm" -type d -name "diff" -path "*/node_modules/diff" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/diff" "$d"; \
done && \
Fix CVEs: bump tar/minimatch/pypdf + harden Docker SBOM patching (#23082) * fix(docker): bump tar/minimatch/pypdf for CVE fixes + harden SBOM patching - Bump tar 7.5.8→7.5.10, minimatch 10.2.1→10.2.4, pypdf 6.6.2→6.7.3 - Add sed-based SBOM metadata patching with properly indented find/sed - Add npm package manager cleanup (apk del / apt-get purge) to remove stale SBOM entries from image scanners - Scope || true to only apk del via brace grouping { ... || true; } - Guard npm root -g with non-empty assertion to prevent silent failures - Scope minimatch sed regex to ^10.x to avoid matching other major versions Addresses: CVE-2026-27903, CVE-2026-27904, GHSA-qffp-2rhf-9h96, CVE-2026-27888 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(docker): scope find to /usr/local/lib /usr/lib, drop autoremove - Replace `find /` with `find /usr/local/lib /usr/lib` to avoid traversing /proc, /sys, /dev during SBOM metadata patching - Remove `apt-get autoremove -y` from Debian-based Dockerfiles to prevent nodejs from being removed as an auto-installed dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 18:31:27 -08:00
# SECURITY FIX: patch npm's own package.json metadata so scanners see the
# actual installed versions instead of the stale declared dependencies.
find /usr/local/lib /usr/lib -path "*/node_modules/npm/package.json" -exec \
sed -i 's/"tar": "\^7\.5\.[0-9]*"/"tar": "^7.5.10"/g; s/"minimatch": "\^10\.[0-9.]*"/"minimatch": "^10.2.4"/g' {} + 2>/dev/null && \
npm cache clean --force && \
# Remove the apk-tracked npm so its stale SBOM metadata (tar 7.5.9) is
# no longer visible to image scanners. The globally installed npm@latest
# at /usr/local/lib/node_modules/npm/ remains fully functional.
{ apk del --no-cache npm 2>/dev/null || true; }
fix security
2025-09-26 19:31:56 -07:00
fix(Dockerfile): support mac
2023-12-16 16:01:02 -08:00
WORKDIR /app
build(Dockerfile): moves prisma logic to dockerfile
2024-01-06 14:59:10 +05:30
# Copy the current directory contents into the container at /app
COPY . .
RUN ls -la /app
multistage docker build
2023-12-03 18:38:44 +10:00
fix(Dockerfile): support mac
2023-12-16 16:01:02 -08:00
# Copy the built wheel from the builder stage to the runtime stage; assumes only one wheel file is present
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
COPY --from=builder /app/dist/*.whl .
COPY --from=builder /wheels/ /wheels/
(fix) dockerfile merge conflicts
2024-01-08 08:02:50 +05:30
fix(Dockerfile): support mac
2023-12-16 16:01:02 -08:00
# Install the built wheel using pip; again using a wildcard if it's the only file
(temp) use database dockerfile for railway
2024-01-09 13:44:37 +05:30
RUN pip install *.whl /wheels/* --no-index --find-links=/wheels/ && rm -f *.whl && rm -rf /wheels
(fix) dockerfile merge conflicts
2024-01-08 08:02:50 +05:30
fix security scans
2026-02-07 11:14:55 -08:00
# Replace the nodejs-wheel-binaries bundled node with the system node (fixes CVE-2025-55130)
RUN NODEJS_WHEEL_NODE=$(find /usr/lib -path "*/nodejs_wheel/bin/node" 2>/dev/null) && \
if [ -n "$NODEJS_WHEEL_NODE" ]; then cp /usr/bin/node "$NODEJS_WHEEL_NODE"; fi
fix docker (#16342)
2025-11-07 14:38:20 -08:00
# Remove test files and keys from dependencies
RUN find /usr/lib -type f -path "*/tornado/test/*" -delete && \
find /usr/lib -type d -path "*/tornado/test" -delete
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
# SECURITY FIX: nodejs-wheel-binaries (pip package used by Prisma) bundles a complete
# npm with old vulnerable deps at /usr/lib/python3.*/site-packages/nodejs_wheel/.
# Patch every copy of tar, glob, and brace-expansion inside that tree.
RUN GLOBAL="$(npm root -g)" && \
Fix CVEs: bump tar/minimatch/pypdf + harden Docker SBOM patching (#23082) * fix(docker): bump tar/minimatch/pypdf for CVE fixes + harden SBOM patching - Bump tar 7.5.8→7.5.10, minimatch 10.2.1→10.2.4, pypdf 6.6.2→6.7.3 - Add sed-based SBOM metadata patching with properly indented find/sed - Add npm package manager cleanup (apk del / apt-get purge) to remove stale SBOM entries from image scanners - Scope || true to only apk del via brace grouping { ... || true; } - Guard npm root -g with non-empty assertion to prevent silent failures - Scope minimatch sed regex to ^10.x to avoid matching other major versions Addresses: CVE-2026-27903, CVE-2026-27904, GHSA-qffp-2rhf-9h96, CVE-2026-27888 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(docker): scope find to /usr/local/lib /usr/lib, drop autoremove - Replace `find /` with `find /usr/local/lib /usr/lib` to avoid traversing /proc, /sys, /dev during SBOM metadata patching - Remove `apt-get autoremove -y` from Debian-based Dockerfiles to prevent nodejs from being removed as an auto-installed dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 18:31:27 -08:00
[ -n "$GLOBAL" ] || { echo "ERROR: npm root -g returned empty; aborting"; exit 1; } && \
security: fix critical/high CVEs in OS-level libs and NPM transitive
2026-02-24 19:40:09 +05:30
find /usr/lib -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
done && \
security: fix critical/high CVEs in OS-level libs and NPM transitive
2026-02-24 19:40:09 +05:30
find /usr/lib -type d -name "glob" -path "*/node_modules/glob" | while read d; do \
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
rm -rf "$d" && cp -rL "$GLOBAL/glob" "$d"; \
done && \
security: fix critical/high CVEs in OS-level libs and NPM transitive
2026-02-24 19:40:09 +05:30
find /usr/lib -type d -name "brace-expansion" -path "*/node_modules/@isaacs/brace-expansion" | while read d; do \
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
rm -rf "$d" && cp -rL "$GLOBAL/@isaacs/brace-expansion" "$d"; \
security: fix critical/high CVEs in OS-level libs and NPM transitive
2026-02-24 19:40:09 +05:30
done && \
find /usr/lib -type d -name "minimatch" -path "*/node_modules/minimatch" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/minimatch" "$d"; \
done && \
find /usr/lib -type d -name "diff" -path "*/node_modules/diff" | while read d; do \
rm -rf "$d" && cp -rL "$GLOBAL/diff" "$d"; \
fix critical CVE vulnerabliltes (#20683)
2026-02-08 11:53:01 +05:30
done
[Bug Fix] Fixes for using Auto Router with LiteLLM Docker Image (#13788) * fix install auto router.sh * fixes for Docker IMG
2025-08-19 18:36:30 -07:00
# Install semantic_router and aurelio-sdk using script
feat: Add line_profiler support for performance analysis and fix Windows CRLF issues in Docker builds (#18773)
2026-01-07 11:36:57 -08:00
# Convert Windows line endings to Unix and make executable
RUN sed -i 's/\r$//' docker/install_auto_router.sh && chmod +x docker/install_auto_router.sh && ./docker/install_auto_router.sh
[Feat] UI - Allow Adding LiteLLM Auto Router on UI (#12960) * add router.json * test_router_auto_router * async_pre_routing_hook * fixes for auto router * add async_pre_routing_hook * add LiteLLMRouterEncoder * update test auto_router_embedding_model * add auto_router_embedding_model * add AutoRouter * fix async_pre_routing_hook * update async_pre_routing_hook * fix auto router * fix router.json * working router init * working embedding encoder * working auto router * test_router_auto_router * test auto router * add semantic-router as optional for litellm * add extras * semantic_router==0.1.10 * ruff fix * use aiohttp==3.10.11 * python-dotenv==1.0.1 * test auto router * test_router_auto_router * semantic_router * test_is_auto_router_deployment * fix check * fix docker build step * add semantic_router * UI - Add auto router on litellm * working utterances config * fix route config builder * kind of working add automodel router * move loc of add deployment * fixes for AutoRouter * add auto_router_config in types.py * fixes for init_auto_router_deployment * fix adding auto router models * working auto-router with dB * Revert "add semantic_router" This reverts commit 537b67288798731a119d811f643b682086377ee9. * TestAutoRouter * fix linting * add semantic router to docker * test fix * fix router config builder * remove export button
2025-07-24 19:58:49 -07:00
fix(docker): use correct schema path for prisma generation (#19631)
2026-01-24 10:52:19 +05:30
# Generate prisma client using the correct schema
RUN prisma generate --schema=./litellm/proxy/schema.prisma
feat: Add line_profiler support for performance analysis and fix Windows CRLF issues in Docker builds (#18773)
2026-01-07 11:36:57 -08:00
# Convert Windows line endings to Unix for entrypoint scripts
RUN sed -i 's/\r$//' docker/entrypoint.sh && chmod +x docker/entrypoint.sh
RUN sed -i 's/\r$//' docker/prod_entrypoint.sh && chmod +x docker/prod_entrypoint.sh
(fix) dockerfile run prisma generate if DATABSE_URL set in env
2024-01-09 13:10:03 +05:30
build(Dockerfile): fix pr merge issues
2024-01-08 10:37:47 +05:30
EXPOSE 4000/tcp
Add default expose.
2023-11-23 04:19:54 -05:00
Health check app on separate port (#12718) * add separate health app * add new docs * refactor * fix colons * Update config_settings.md * refactor * docs * add unit test * added supervisord * remove app * add supervisor conf * Add markdown * add video to md * remove test * docs build failure * add to all docker files, change prod.md and add tests * change dockerfiles * remove extra file * remove extra file * remove extra file * change apt->apk * remove rdb file * add fixed file
2025-07-18 23:47:15 +05:30
RUN apk add --no-cache supervisor
COPY docker/supervisord.conf /etc/supervisord.conf
(Feat) - allow including dd-trace in litellm base image (#7587) * introduce USE_DDTRACE=true * update dd tracer * update * bump dd trace * use og slim image * DD tracing * fix _init_dd_tracer
2025-01-06 17:27:09 -08:00
ENTRYPOINT ["docker/prod_entrypoint.sh"]
(feat) don't use --detailed_debug on all default litellm images
2024-03-06 16:31:32 -08:00
adds tzdata (#10796) (#11052) With tzdata installed, the environment variable `TZ` will be respected by Python's datetime module. This means that users can specify the timezone they want LiteLLM to use. Co-authored-by: Simon Stone <sipreuss@gmail.com>
2025-05-22 22:36:19 -07:00
# Append "--detailed_debug" to the end of CMD to view detailed debug logs
build(dockerfile): remove --config proxy_server_config.yaml from docker run prevents startup errors with dockerfile
2024-04-08 13:23:56 -07:00
CMD ["--port", "4000"]
Reference in New Issue Copy Permalink