This repository has been archived by the owner on Sep 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
99 lines (87 loc) · 2.64 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
ARG VERSION=unspecified
FROM python:3.10.1-alpine
ARG VERSION
###
# For a list of pre-defined annotation keys and value types see:
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#
# Note: Additional labels are added by the build workflow.
###
LABEL org.opencontainers.image.authors="mark.feldhousen@cisa.dhs.gov"
LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"
###
# Unprivileged user setup variables
###
ARG CISA_GID=421
ARG CISA_UID=${CISA_GID}
ENV CISA_USER="cisa"
ENV CISA_GROUP=${CISA_USER}
ENV CISA_HOME="/home/cisa"
###
# Unprivileged user setup dependencies
#
# Install shadow, so we have adduser and addgroup.
#
# Note that we use apk --no-cache to avoid writing to a local cache.
# This results in a smaller final image, at the cost of slightly
# longer install times.
#
# Setup user dependencies are only needed for setting up the user and
# will be removed at the end of that process.
###
ENV SETUP_USER_DEPS \
shadow
RUN apk --update --no-cache --quiet upgrade
RUN apk --no-cache --quiet add ${SETUP_USER_DEPS}
###
# Create unprivileged user
###
RUN addgroup --system --gid ${CISA_UID} ${CISA_GROUP} \
&& adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER}
###
# Remove build dependencies for unprivileged user
###
RUN apk --no-cache --quiet del ${SETUP_USER_DEPS}
###
# Dependencies
#
# Note that we use apk --no-cache to avoid writing to a local cache.
# This results in a smaller final image, at the cost of slightly
# longer install times.
###
ENV DEPS \
ca-certificates \
openssl \
py-pip
RUN apk --no-cache --quiet add ${DEPS}
###
# Make sure pip and setuptools are the latest versions
#
# Note that we use pip --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
###
RUN pip install --no-cache-dir --upgrade pip setuptools
WORKDIR ${CISA_HOME}
###
# Install Python dependencies
#
# Note that we use pip --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
###
RUN wget --output-document sourcecode.tgz \
https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz && \
tar --extract --gzip --file sourcecode.tgz --strip-components=1 && \
pip install --no-cache-dir --requirement requirements.txt && \
ln -snf /run/secrets/quote.txt src/example/data/secret.txt && \
rm sourcecode.tgz
###
# Prepare to run
###
ENV ECHO_MESSAGE="Hello World from Dockerfile"
USER cisa
EXPOSE 8080/TCP
VOLUME ["/var/log"]
ENTRYPOINT ["example"]
CMD ["--log-level", "DEBUG"]