-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
50 lines (36 loc) · 1.38 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
FROM python:3.12.4-alpine AS builder
# Create a non-root user and group
RUN addgroup -S corgis && adduser -S haro -G corgis
WORKDIR /app
# Ensure the working directory has the correct permissions
RUN chown haro:corgis /app
# Install openssl and build dependencies as root
RUN apk upgrade --update-cache --available && \
apk add --no-cache openssl cargo gcc libc-dev openssl-dev libffi-dev && \
rm -rf /var/cache/apk/*
# Switch to non-root user for the remaining steps
USER haro
# Install Python requirements as the non-root user
COPY ./app/requirements.txt requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt
# Revert to root to remove build dependencies
USER root
RUN apk del cargo gcc libc-dev libffi-dev && \
rm -rf /var/cache/apk/*
# Copy the installed packages to a final image
FROM python:3.12.4-alpine
# Install openssl, required for certificate generation
RUN apk upgrade --update-cache --available && \
apk add openssl && \
rm -rf /var/cache/apk/*
# Create a non-root user and group in the final image
RUN addgroup -S corgis && adduser -S haro -G corgis
WORKDIR /app
RUN chown haro:corgis /app
# Copy the installed dependencies from the builder stage
COPY --from=builder /home/haro/.local /home/haro/.local
# Copy the main entrypoint
COPY ./app/main.py main.py
# Switch to non-root user for execution
USER haro
ENTRYPOINT ["python", "main.py"]