Wrote non-root Dockerfile

2021-05-18 12:15:21 +02:00 · 2021-05-18 12:15:21 +02:00 · a60fa5d86f
parent 12c1a2d206
commit a60fa5d86f
3 changed files with 42 additions and 1 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,7 @@
+# Ignore everything
+*
+
+# The stuff necessary to build the image
+!app/
+!setup.cfg
+!setup.py
--- a/34
+++ b/34
@ -0,0 +1,34 @@
+FROM python:3.9 AS builder
+
+WORKDIR /wheels
+
+# Update pip & build the wheels
+COPY ./setup.cfg ./
+RUN pip wheel -e .
+
+
+FROM python:3.9-slim
+
+# Switch to non-root user
+RUN groupadd -r runner && \
+    useradd -mrg runner runner
+
+# Install the generated wheels
+COPY --from=builder /wheels /wheels
+RUN pip install \
+        --no-cache-dir \
+        --no-warn-script-location \
+        -f /wheels \
+        -e /wheels && \
+    rm -rf /wheels
+
+# Switch to non-root user
+USER runner
+
+# Copy source files
+WORKDIR /usr/src/app
+COPY --chown=runner:runner ./app ./app
+COPY --chown=runner:runner setup.cfg setup.py ./
+
+ENTRYPOINT ["python"]
+CMD ["app"]
--- a/app/main.py
+++ b/app/main.py
@ -6,4 +6,4 @@ app = Quart("jos")
 async def hello():
    return "hello"

-app.run()
+app.run(host="0.0.0.0")