harambee-public
/
led-display
8
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run docker container as non-root user

Browse Source 
Closes #528
master
James Curtin 5 years ago committed by James Curtin
parent 4011fb1b50
commit e85ce98167
2 changed files with 14 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      Dockerfile
  2. 15
      {{cookiecutter.app_name}}/Dockerfile

9
Dockerfile
Unescape View File

@ -1,10 +1,9 @@
FROM python:3.7-alpine
RUN apk update \
&& apk upgrade \
&& apk add --no-cache git
FROM python:3.7-slim-buster
RUN pip install \
cookiecutter==1.6.0
RUN useradd -m sid
USER sid
ENTRYPOINT [ "python", "-m", "cookiecutter" ]

15
{{cookiecutter.app_name}}/Dockerfile
Unescape View File

@ -1,6 +1,6 @@
# ==================================== BASE ====================================
ARG INSTALL_PYTHON_VERSION=${INSTALL_PYTHON_VERSION:-3.7}
FROM python:${INSTALL_PYTHON_VERSION}-slim-stretch AS base
FROM python:${INSTALL_PYTHON_VERSION}-slim-buster AS base
RUN apt-get update
RUN apt-get install -y \
@ -21,6 +21,11 @@ COPY requirements requirements
{%- endif %}
COPY [ "assets", "package.json", "webpack.config.js", "./" ]
RUN useradd -m sid
RUN chown -R sid:sid /app
USER sid
ENV PATH="/home/sid/.local/bin:${PATH}"
RUN npm install
# ================================= DEVELOPMENT ================================
@ -28,7 +33,7 @@ FROM base AS development
{%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install --dev
{%- else %}
RUN pip install -r requirements/dev.txt
RUN pip install --user -r requirements/dev.txt
{%- endif %}
EXPOSE 2992
EXPOSE 5000
@ -39,7 +44,7 @@ FROM base AS production
{%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install
{%- else %}
RUN pip install -r requirements/prod.txt
RUN pip install --user -r requirements/prod.txt
{%- endif %}
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisord_programs /etc/supervisor/conf.d
@ -50,8 +55,8 @@ CMD ["-c", "/etc/supervisor/supervisord.conf"]
# =================================== MANAGE ===================================
FROM base AS manage
{%- if cookiecutter.use_pipenv == "yes" %}
COPY --from=development /root/.local/share/virtualenvs/ /root/.local/share/virtualenvs/
COPY --from=development /sid/.local/share/virtualenvs/ /sid/.local/share/virtualenvs/
{%- else %}
RUN pip install -r requirements/dev.txt
RUN pip install --user -r requirements/dev.txt
{%- endif %}
ENTRYPOINT [ {% if cookiecutter.use_pipenv == 'yes' %}"pipenv", "run", {% endif %}"flask" ]

Write Preview
Loading…
Cancel
Save