Skip to content
Snippets Groups Projects
Commit e85ce981 authored by James Curtin's avatar James Curtin Committed by James Curtin
Browse files

Run docker container as non-root user 

Closes #528
parent 4011fb1b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Dockerfile
+ 4
5
View file @ e85ce981
FROM python:3.7-alpine FROM python:3.7-slim-buster
RUN apk update \
&& apk upgrade \
&& apk add --no-cache git
RUN pip install \ RUN pip install \
cookiecutter==1.6.0 cookiecutter==1.6.0
RUN useradd -m sid
USER sid
ENTRYPOINT [ "python", "-m", "cookiecutter" ] ENTRYPOINT [ "python", "-m", "cookiecutter" ]
{{cookiecutter.app_name}}/Dockerfile
+ 10
5
View file @ e85ce981
# ==================================== BASE ==================================== # ==================================== BASE ====================================
ARG INSTALL_PYTHON_VERSION=${INSTALL_PYTHON_VERSION:-3.7} ARG INSTALL_PYTHON_VERSION=${INSTALL_PYTHON_VERSION:-3.7}
FROM python:${INSTALL_PYTHON_VERSION}-slim-stretch AS base FROM python:${INSTALL_PYTHON_VERSION}-slim-buster AS base
RUN apt-get update RUN apt-get update
RUN apt-get install -y \ RUN apt-get install -y \
...@@ -21,6 +21,11 @@ COPY requirements requirements ...@@ -21,6 +21,11 @@ COPY requirements requirements
{%- endif %} {%- endif %}
COPY [ "assets", "package.json", "webpack.config.js", "./" ] COPY [ "assets", "package.json", "webpack.config.js", "./" ]
RUN useradd -m sid
RUN chown -R sid:sid /app
USER sid
ENV PATH="/home/sid/.local/bin:${PATH}"
RUN npm install RUN npm install
# ================================= DEVELOPMENT ================================ # ================================= DEVELOPMENT ================================
...@@ -28,7 +33,7 @@ FROM base AS development ...@@ -28,7 +33,7 @@ FROM base AS development
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install --dev RUN pipenv install --dev
{%- else %} {%- else %}
RUN pip install -r requirements/dev.txt RUN pip install --user -r requirements/dev.txt
{%- endif %} {%- endif %}
EXPOSE 2992 EXPOSE 2992
EXPOSE 5000 EXPOSE 5000
...@@ -39,7 +44,7 @@ FROM base AS production ...@@ -39,7 +44,7 @@ FROM base AS production
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install RUN pipenv install
{%- else %} {%- else %}
RUN pip install -r requirements/prod.txt RUN pip install --user -r requirements/prod.txt
{%- endif %} {%- endif %}
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisord_programs /etc/supervisor/conf.d COPY supervisord_programs /etc/supervisor/conf.d
...@@ -50,8 +55,8 @@ CMD ["-c", "/etc/supervisor/supervisord.conf"] ...@@ -50,8 +55,8 @@ CMD ["-c", "/etc/supervisor/supervisord.conf"]
# =================================== MANAGE =================================== # =================================== MANAGE ===================================
FROM base AS manage FROM base AS manage
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
COPY --from=development /root/.local/share/virtualenvs/ /root/.local/share/virtualenvs/ COPY --from=development /sid/.local/share/virtualenvs/ /sid/.local/share/virtualenvs/
{%- else %} {%- else %}
RUN pip install -r requirements/dev.txt RUN pip install --user -r requirements/dev.txt
{%- endif %} {%- endif %}
ENTRYPOINT [ {% if cookiecutter.use_pipenv == 'yes' %}"pipenv", "run", {% endif %}"flask" ] ENTRYPOINT [ {% if cookiecutter.use_pipenv == 'yes' %}"pipenv", "run", {% endif %}"flask" ]
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment