archive/bramw_baserow
1
0
Fork 0
mirror of https://gitlab.com/bramw/baserow.git synced 2025-04-07 14:25:37 +00:00
Code Issues Projects Releases Wiki Activity
bramw_baserow/backend/Dockerfile
Nigel Gott 3dbd67fde3 Various security improvements for Baserow + docker images: 
- upgrade dependencies
- add docker lint + upgrade in containers to ensure security fixes are obtained asap.
- schedule rebuild images without caching for latest security updates
2022-02-28 13:20:54 +00:00

83 lines
2.7 KiB
Docker
Raw Blame History

FROM python:3.7-slim-buster as base
ARG UID
ENV UID=${UID:-9999}
ARG GID
ENV GID=${GID:-9999}
# We might be running as a user which already exists in this image. In that situation
# Everything is OK and we should just continue on.
RUN groupadd -g $GID baserow_docker_group || exit 0
RUN useradd --shell /bin/bash -u $UID -g $GID -o -c "" -m baserow_docker_user -l || exit 0
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends \
build-essential \
curl \
gnupg2 \
libpq-dev \
dos2unix \
tini \
postgresql-client \
gettext \
&& apt-get autoclean \
&& apt-get clean \
&& apt-get autoremove \
&& rm -rf /var/lib/apt/lists/*
USER $UID:$GID
# In slim docker images, mime.types is removed and we need it for mimetypes guessing
COPY --chown=$UID:$GID ./backend/docker/mime.types /etc/
# Install non-dev base dependencies into a virtual env.
COPY --chown=$UID:$GID ./backend/requirements/base.txt /baserow/requirements/
RUN python3 -m venv /baserow/venv
# hadolint ignore=SC1091
RUN . /baserow/venv/bin/activate && pip3 install --no-cache-dir --upgrade pip==22.0.3 && pip3 install --no-cache-dir -r /baserow/requirements/base.txt
# Build a dev_deps stage which also has the dev dependencies for use by the dev layer.
FROM base as dev_deps
COPY ./backend/requirements/dev.txt /baserow/requirements/
# hadolint ignore=SC1091
RUN . /baserow/venv/bin/activate && pip3 install --no-cache-dir -r /baserow/requirements/dev.txt
# The core stage contains all of Baserows source code and sets up the entrypoint
FROM base as core
# Copy over backend code.
COPY --chown=$UID:$GID ./docs /baserow/docs
# TODO - This copy also re-copies the requirements above, meaning this will be re-run
# and not cached even though we already have separate layers above.
COPY --chown=$UID:$GID ./backend /baserow/backend
COPY --chown=$UID:$GID ./premium/backend /baserow/premium/backend
WORKDIR /baserow/backend
# Ensure that Python outputs everything that's printed inside
# the application rather than buffering it.
ENV PYTHONUNBUFFERED 1
ENV PYTHONPATH $PYTHONPATH:/baserow/backend/src:/baserow/premium/backend/src
ENTRYPOINT ["/usr/bin/tini", "--", "/bin/bash", "/baserow/backend/docker/docker-entrypoint.sh"]
EXPOSE 8000
RUN dos2unix /baserow/backend/docker/docker-entrypoint.sh && \
chmod a+x /baserow/backend/docker/docker-entrypoint.sh
FROM core as dev
# Override virtualenv with one containing dev dependencies.
COPY --chown=$UID:$GID --from=dev_deps /baserow/venv /baserow/venv
# Override env variables and initial cmd to start up in dev mode.
ENV DJANGO_SETTINGS_MODULE='baserow.config.settings.dev'
CMD ["dev"]
FROM core as local
ENV DJANGO_SETTINGS_MODULE='baserow.config.settings.base'
CMD ["local"]
Reference in a new issue View git blame Copy permalink