harambee-public
/
led-display
8
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run docker container as non-root user

Browse Source 
Closes #528
master
James Curtin 5 years ago committed by James Curtin
parent 4011fb1b50
commit e85ce98167
2 changed files with 14 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      Dockerfile
  2. 15
      {{cookiecutter.app_name}}/Dockerfile

9
Dockerfile
Unescape View File

@ -1,10 +1,9 @@
FROM python:3.7-alpine FROM python:3.7-slim-buster
RUN apk update \
&& apk upgrade \
&& apk add --no-cache git
RUN pip install \ RUN pip install \
cookiecutter==1.6.0 cookiecutter==1.6.0
RUN useradd -m sid
USER sid
ENTRYPOINT [ "python", "-m", "cookiecutter" ] ENTRYPOINT [ "python", "-m", "cookiecutter" ]

15
{{cookiecutter.app_name}}/Dockerfile
Unescape View File

@ -1,6 +1,6 @@
# ==================================== BASE ==================================== # ==================================== BASE ====================================
ARG INSTALL_PYTHON_VERSION=${INSTALL_PYTHON_VERSION:-3.7} ARG INSTALL_PYTHON_VERSION=${INSTALL_PYTHON_VERSION:-3.7}
FROM python:${INSTALL_PYTHON_VERSION}-slim-stretch AS base FROM python:${INSTALL_PYTHON_VERSION}-slim-buster AS base
RUN apt-get update RUN apt-get update
RUN apt-get install -y \ RUN apt-get install -y \
@ -21,6 +21,11 @@ COPY requirements requirements
{%- endif %} {%- endif %}
COPY [ "assets", "package.json", "webpack.config.js", "./" ] COPY [ "assets", "package.json", "webpack.config.js", "./" ]
RUN useradd -m sid
RUN chown -R sid:sid /app
USER sid
ENV PATH="/home/sid/.local/bin:${PATH}"
RUN npm install RUN npm install
# ================================= DEVELOPMENT ================================ # ================================= DEVELOPMENT ================================
@ -28,7 +33,7 @@ FROM base AS development
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install --dev RUN pipenv install --dev
{%- else %} {%- else %}
RUN pip install -r requirements/dev.txt RUN pip install --user -r requirements/dev.txt
{%- endif %} {%- endif %}
EXPOSE 2992 EXPOSE 2992
EXPOSE 5000 EXPOSE 5000
@ -39,7 +44,7 @@ FROM base AS production
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
RUN pipenv install RUN pipenv install
{%- else %} {%- else %}
RUN pip install -r requirements/prod.txt RUN pip install --user -r requirements/prod.txt
{%- endif %} {%- endif %}
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisord_programs /etc/supervisor/conf.d COPY supervisord_programs /etc/supervisor/conf.d
@ -50,8 +55,8 @@ CMD ["-c", "/etc/supervisor/supervisord.conf"]
# =================================== MANAGE =================================== # =================================== MANAGE ===================================
FROM base AS manage FROM base AS manage
{%- if cookiecutter.use_pipenv == "yes" %} {%- if cookiecutter.use_pipenv == "yes" %}
COPY --from=development /root/.local/share/virtualenvs/ /root/.local/share/virtualenvs/ COPY --from=development /sid/.local/share/virtualenvs/ /sid/.local/share/virtualenvs/
{%- else %} {%- else %}
RUN pip install -r requirements/dev.txt RUN pip install --user -r requirements/dev.txt
{%- endif %} {%- endif %}
ENTRYPOINT [ {% if cookiecutter.use_pipenv == 'yes' %}"pipenv", "run", {% endif %}"flask" ] ENTRYPOINT [ {% if cookiecutter.use_pipenv == 'yes' %}"pipenv", "run", {% endif %}"flask" ]

Write Preview
Loading…
Cancel
Save