git updates
This commit is contained in:
+40
-5
@@ -1,25 +1,60 @@
|
||||
FROM python:3.11-slim
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /app
|
||||
|
||||
# deps (curl for healthcheck; gosu only needed when running as root)
|
||||
# Install system dependencies in a single layer and clean up
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
sqlite3 curl gosu \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& apt-get clean
|
||||
|
||||
# Create a default appuser (will be ignored if process isn’t root)
|
||||
# Create user early
|
||||
RUN groupadd -g 1000 appuser && useradd -u 1000 -g appuser -m appuser
|
||||
|
||||
# Copy and install Python dependencies first (for better caching)
|
||||
COPY requirements.txt .
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
RUN pip install --no-cache-dir -r requirements.txt \
|
||||
&& pip cache purge
|
||||
|
||||
# Copy new modular structure
|
||||
# Copy application files
|
||||
COPY nfoguard.py .
|
||||
COPY core/ ./core/
|
||||
COPY clients/ ./clients/
|
||||
COPY VERSION .
|
||||
|
||||
# Set permissions
|
||||
RUN mkdir -p /app/data && chown -R appuser:appuser /app
|
||||
|
||||
# Root-aware entrypoint
|
||||
RUN echo '#!/bin/bash' > /entrypoint.sh && \
|
||||
echo 'set -euo pipefail' >> /entrypoint.sh && \
|
||||
echo '' >> /entrypoint.sh && \
|
||||
echo 'PUID=${PUID:-1000}' >> /entrypoint.sh && \
|
||||
echo 'PGID=${PGID:-1000}' >> /entrypoint.sh && \
|
||||
echo '' >> /entrypoint.sh && \
|
||||
echo 'if [ "$(id -u)" -eq 0 ]; then' >> /entrypoint.sh && \
|
||||
echo ' # running as root: we can adjust IDs and drop privileges' >> /entrypoint.sh && \
|
||||
echo ' groupmod -o -g "$PGID" appuser 2>/dev/null || groupadd -o -g "$PGID" appuser' >> /entrypoint.sh && \
|
||||
echo ' id appuser &>/dev/null || useradd -o -u "$PUID" -g "$PGID" -m appuser' >> /entrypoint.sh && \
|
||||
echo ' usermod -o -u "$PUID" -g "$PGID" appuser 2>/dev/null || true' >> /entrypoint.sh && \
|
||||
echo ' chown -R "$PUID:$PGID" /app || true' >> /entrypoint.sh && \
|
||||
echo ' exec gosu appuser "$@"' >> /entrypoint.sh && \
|
||||
echo 'else' >> /entrypoint.sh && \
|
||||
echo ' # not root (e.g., compose set user: 1000:1000) — just run' >> /entrypoint.sh && \
|
||||
echo ' exec "$@"' >> /entrypoint.sh && \
|
||||
echo 'fi' >> /entrypoint.sh
|
||||
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||||
CMD curl -f http://localhost:8080/health || exit 1
|
||||
|
||||
EXPOSE 8080
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["python", "nfoguard.py"]
|
||||
|
||||
# Root-aware entrypoint
|
||||
RUN echo '#!/bin/bash' > /entrypoint.sh && \
|
||||
echo 'set -euo pipefail' >> /entrypoint.sh && \
|
||||
|
||||
Reference in New Issue
Block a user