forked from theowni/Damn-Vulnerable-RESTaurant-API-Game
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
28 lines (20 loc) · 835 Bytes
/
Dockerfile
File metadata and controls
28 lines (20 loc) · 835 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
FROM python:3.10-bookworm as builder
RUN pip install poetry==1.4.2
WORKDIR /app
COPY pyproject.toml poetry.lock ./
RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
FROM python:3.10-slim-bookworm as runtime
RUN apt-get update
RUN apt-get -y install libpq-dev gcc vim sudo
COPY --from=builder /app/requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY app ./app
WORKDIR /app
# our Chef sometimes needs to find some files on the filesystem
# we're allowing to run find with root permissions via sudo
# in this way, our Chef is able to search everywhere across the filesystem
RUN echo 'ALL ALL=(ALL) NOPASSWD: /usr/bin/find' | sudo tee /etc/sudoers.d/find_nopasswd > /dev/null
# for security, we're creating a dedicated non-root user
RUN useradd -m app
RUN chown app .
USER app