-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
84 lines (65 loc) · 2.46 KB
/
Dockerfile
File metadata and controls
84 lines (65 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# syntax=docker/dockerfile:1
ARG ALPINE_VERSION="3.23.3"
FROM alpine:${ALPINE_VERSION}
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
# Install Python
ARG PYTHON_VERSION="3.12"
RUN apk add --update --no-cache python3=~${PYTHON_VERSION} py3-pip py3-setuptools pipx
# Install prereqs for python packages
RUN apk add gcc python3-dev musl-dev linux-headers
# Manually force upgrade of setuptools
RUN python -m pip install --upgrade "setuptools>=82.0.1" --break-system-packages
RUN python -m pip install --upgrade "wheel>=0.46.2" --break-system-packages
RUN python -m pip install --upgrade "jaraco.context>=6.1.0" --break-system-packages
# Install update for sqlite to address vulnerability scan
# RUN apk del sqlite
# RUN apk add make
# RUN wget https://www.sqlite.org/2025/sqlite-autoconf-3500400.tar.gz
# RUN tar xvfz sqlite-autoconf-*.tar.gz
# WORKDIR /sqlite-autoconf-3500400
# RUN sh ./configure --prefix=/usr/local
# RUN make install
# RUN export PATH="/usr/local/bin:$PATH"
# WORKDIR /
# Updating zlib to address vulneratbilty scan
RUN apk update && apk upgrade zlib
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/go/dockerfile-user-best-practices/
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
# Set environment variables for poetry and install with pipx
ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
POETRY_VIRTUALENVS_CREATE=true \
POETRY_HOME='/usr/local' \
POETRY_NO_INTERACTION=1 \
POETRY_VERSION="2.3.3"
RUN pipx install poetry==${POETRY_VERSION} --global
# Change to app directory
WORKDIR /app
# copy only pyproject.toml nothing else here
COPY pyproject.toml ./
# This will create the folder /app/.venv
RUN poetry install --no-root
# Switch to the non-privileged user to run the application.
USER appuser
# Copy the source code into the container.
COPY . .
# Expose the port that the application listens on.
EXPOSE 8000
EXPOSE 5432
# Set up environment variable to indicate the app is running in docker
ENV DOCKER_DEPLOYED=1
# Run the application within the poetry virtual environment
# CMD ["poetry", "run", "fastapi", "run", "cda_api/main.py", "--port", "8000"]
CMD ["poetry", "run", "start_api" ]