From 5da9572eb89e35268bdaa47c7e92a83403e7397f Mon Sep 17 00:00:00 2001 From: Marcus Weberskirch Date: Fri, 10 Jul 2020 13:09:22 +0000 Subject: [PATCH] =?UTF-8?q?=E2=80=9EDockerfile=E2=80=9C=20=C3=A4ndern?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added non root run user --- Dockerfile | 75 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/Dockerfile b/Dockerfile index 78ad26c..da96604 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,37 +1,40 @@ - -# build stage is buuuh, better clone in rebuild.bat. -FROM alpine:3.12 as build_image -RUN apk add --no-cache git openssh-client && mkdir /root/.ssh -ADD id_rsa_f3x /root/.ssh/id_rsa -RUN chmod -R 600 /root/.ssh -RUN touch /root/.ssh/known_hosts && ssh-keyscan -T 60 -p 22222 git.4f3x.de >> /root/.ssh/known_hosts &&\ - git clone ssh://git@git.4f3x.de:22222/marcus/PuppenApp-Server.git /root/akte && \ - git clone ssh://git@git.4f3x.de:22222/fex/PuppetOverviewApp.git /root/client && \ - apk del git openssh-client -WORKDIR /root/client -RUN apk add --no-cache nodejs npm && npm install && npm run build && apk del nodejs npm - -# Build and deploy server instance -FROM python:3.7-slim AS base -#RUN apk add --no-cache --virtual -COPY --from=build_image /root/akte /opt/akte -COPY --from=build_image /root/client/dist /opt/akte/static/ -WORKDIR /opt/akte -RUN set -ex \ - && BUILD_DEPS=" \ - build-essential \ - libpcre3-dev \ - libpq-dev \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $BUILD_DEPS \ - && pip install --no-cache-dir -r /opt/akte/requirements.txt \ - \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS \ - && rm -rf /var/lib/apt/lists/* -COPY /django_settings_prod.py /opt/akte/akte/settings.py - -# Dev-ready container - actual files will be mounted in -FROM base -VOLUME /mnt -CMD ["python" ,"/opt/akte/manage.py","runserver","0.0.0.0:8000"] + +# build stage is buuuh, better clone in rebuild.bat. +FROM alpine:3.12 as build_image +RUN apk add --no-cache git openssh-client && mkdir /root/.ssh +ADD id_rsa_f3x /root/.ssh/id_rsa +RUN chmod -R 600 /root/.ssh +RUN touch /root/.ssh/known_hosts && ssh-keyscan -T 60 -p 22222 git.4f3x.de >> /root/.ssh/known_hosts &&\ + git clone ssh://git@git.4f3x.de:22222/marcus/PuppenApp-Server.git /root/akte && \ + git clone ssh://git@git.4f3x.de:22222/fex/PuppetOverviewApp.git /root/client && \ + apk del git openssh-client +WORKDIR /root/client +RUN apk add --no-cache nodejs npm && npm install && npm run build && apk del nodejs npm + +# Build and deploy server instance +FROM python:3.7-slim AS base +ARG APP_USER=appuser +RUN groupadd -r ${APP_USER} && useradd --no-log-init -r -g ${APP_USER} ${APP_USER} + +COPY --from=build_image /root/akte /opt/akte +COPY --from=build_image /root/client/dist /opt/akte/static/ +WORKDIR /opt/akte +RUN set -ex \ + && BUILD_DEPS=" \ + build-essential \ + libpcre3-dev \ + libpq-dev \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $BUILD_DEPS \ + && pip install --no-cache-dir -r /opt/akte/requirements.txt \ + \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS \ + && rm -rf /var/lib/apt/lists/* +COPY /django_settings_prod.py /opt/akte/akte/settings.py + +# Dev-ready container - actual files will be mounted in +FROM base +USER ${APP_USER}:${APP_USER} +VOLUME /mnt +CMD ["python" ,"/opt/akte/manage.py","runserver","0.0.0.0:8000"] EXPOSE 8000 \ No newline at end of file