-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
44 lines (34 loc) · 1.13 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
FROM python:3.13.0-slim-bookworm
# Set python environment variables
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PIP_NO_CACHE_DIR=0
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV USER=appuser
WORKDIR /home/appuser
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-install-suggests -y \
ca-certificates \
graphviz \
&& apt-get -y autoremove \
&& apt-get -y clean \
&& rm -rf /var/lib/apt/lists/*
RUN addgroup appgroup \
&& adduser \
--quiet \
--disabled-password \
--shell /bin/bash \
--home /home/appuser \
--gecos "User" appuser \
--ingroup appgroup \
&& chmod 0700 /home/appuser \
&& chown --recursive appuser:appgroup /home/appuser
COPY requirements.txt /home/appuser
ENV PIP_ROOT_USER_ACTION=ignore
RUN python -m pip install --upgrade pip==24.2 --ignore-installed \
&& pip install --requirement requirements.txt
COPY . /home/appuser
# The GitHub Action gives permisison denied if the user is not root. TODO: hardening
# USER appuser:appgroup
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["python manage.py migrate && python manage.py runserver 0.0.0.0:8000"]