Skip to content

Commit

Permalink
Merge pull request #217 from ricardobranco777/dockerfile_fixes
Browse files Browse the repository at this point in the history 
Run containers as non-root & reduce the size of pcw image
  • Loading branch information
@asmorodskyi
asmorodskyi authored Feb 22, 2023
2 parents 6d16df4 + 029b318 commit b675108
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 2 deletions.
5 changes: 4 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ COPY requirements.txt /pcw/
# * Install system requirements
# * Install pip requirements
# * Empty system cache to conserve some space
RUN zypper -n in python310-devel gcc libffi-devel aws-cli && pip3.10 install -r /pcw/requirements.txt && rm -rf /var/cache
RUN zypper -n in python310-devel gcc libffi-devel aws-cli && pip install --no-cache-dir -r /pcw/requirements.txt && rm -rf /var/cache

# Copy program files only
COPY ocw /pcw/ocw/
Expand All @@ -28,5 +28,8 @@ VOLUME /pcw/db

EXPOSE 8000/tcp

RUN useradd --no-create-home --uid 1777 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
USER pcw

# Once we are certain that this runs nicely, replace this with ENTRYPOINT.
CMD ["/pcw/container-startup", "run"]
5 changes: 4 additions & 1 deletion Dockerfile_dev
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,11 @@ COPY requirements.txt requirements_test.txt requirements_k8s.txt /tmp/
# * Install system requirements
# * Install pip requirements
# * Empty system cache to conserve some space
RUN zypper -n in python310-devel gcc libffi-devel aws-cli && pip3.10 install -r /tmp/requirements_test.txt && rm -rf /var/cache
RUN zypper -n in python310-devel gcc libffi-devel aws-cli && pip install --no-cache-dir -r /tmp/requirements_test.txt && rm -rf /var/cache

WORKDIR /pcw

RUN useradd --no-create-home --uid 1000 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
USER pcw

ENTRYPOINT ["sh", "-c"]
4 changes: 4 additions & 0 deletions Dockerfile_k8s
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,8 @@ COPY cleanup_k8s.py LICENSE README.md setup.cfg /pcw/
ENV PATH ${PATH}:/opt/google-cloud-sdk/bin/

WORKDIR /pcw

RUN useradd --no-create-home --uid 1777 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
USER pcw

CMD ["python3", "cleanup_k8s.py"]
3 changes: 3 additions & 0 deletions Dockerfile_k8s_dev
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,7 @@ ENV PATH ${PATH}:/opt/google-cloud-sdk/bin/

WORKDIR /pcw

RUN useradd --no-create-home --uid 1000 --user-group --shell /bin/false pcw && chown -R pcw:pcw /pcw
USER pcw

ENTRYPOINT ["sh", "-c"]

0 comments on commit b675108

Please sign in to comment.