mirror of
https://github.com/Kozea/Radicale.git
synced 2025-04-04 05:37:37 +03:00
Update Dockerfile to use build stage and set non-root user
This commit is contained in:
Eugene Davis
Julien Sanchez
parent
1c82eb5e05
commit
5b0830ea08
2 changed files with 42 additions and 19 deletions
25
Dockerfile
25
Dockerfile
|
|
@ -1,17 +1,30 @@
|
|||
# This file is intended to be used apart from the containing source code tree.
|
||||
|
||||
FROM python:3-alpine
|
||||
FROM python:3-alpine as builder
|
||||
|
||||
# Version of Radicale (e.g. v3)
|
||||
ARG VERSION=master
|
||||
|
||||
RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \
|
||||
&& python -m venv /app/venv \
|
||||
&& /app/venv/bin/pip install --no-cache-dir "Radicale[bcrypt] @ https://github.com/Kozea/Radicale/archive/${VERSION}.tar.gz"
|
||||
|
||||
|
||||
FROM python:3-alpine
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
RUN adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password \
|
||||
&& apk add --no-cache ca-certificates openssl
|
||||
|
||||
COPY --chown=1000 --from=builder /app/venv /app
|
||||
|
||||
# Persistent storage for data
|
||||
VOLUME /var/lib/radicale
|
||||
# TCP port of Radicale
|
||||
EXPOSE 5232
|
||||
# Run Radicale
|
||||
CMD ["radicale", "--hosts", "0.0.0.0:5232"]
|
||||
ENTRYPOINT [ "/app/bin/python", "/app/bin/radicale"]
|
||||
CMD ["--hosts", "0.0.0.0:5232"]
|
||||
|
||||
RUN apk add --no-cache ca-certificates openssl \
|
||||
&& apk add --no-cache --virtual .build-deps gcc libffi-dev musl-dev \
|
||||
&& pip install --no-cache-dir "Radicale[bcrypt] @ https://github.com/Kozea/Radicale/archive/${VERSION}.tar.gz" \
|
||||
&& apk del .build-deps
|
||||
USER 1000
|
||||
|
|
@ -1,19 +1,29 @@
|
|||
FROM python:3-alpine
|
||||
FROM python:3-alpine as builder
|
||||
|
||||
# Version of Radicale (e.g. v3)
|
||||
ARG VERSION=master
|
||||
# Persistent storage for data
|
||||
VOLUME /var/lib/radicale
|
||||
# TCP port of Radicale
|
||||
EXPOSE 5232
|
||||
# Run Radicale
|
||||
CMD ["radicale", "--hosts", "0.0.0.0:5232"]
|
||||
|
||||
COPY . /app
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
RUN apk add --no-cache ca-certificates openssl \
|
||||
&& apk add --no-cache --virtual .build-deps gcc libffi-dev musl-dev \
|
||||
&& pip install --no-cache-dir -e . \
|
||||
&& apk del .build-deps
|
||||
RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \
|
||||
&& python -m venv /app/venv \
|
||||
&& /app/venv/bin/pip install --no-cache-dir .[bcrypt]
|
||||
|
||||
FROM python:3-alpine
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
RUN adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password \
|
||||
&& apk add --no-cache ca-certificates openssl
|
||||
|
||||
COPY --chown=1000 --from=builder /app/venv /app
|
||||
|
||||
# Persistent storage for data
|
||||
VOLUME /var/lib/radicale
|
||||
# TCP port of Radicale
|
||||
EXPOSE 5232
|
||||
# Run Radicale
|
||||
ENTRYPOINT [ "/app/bin/python", "/app/bin/radicale"]
|
||||
CMD ["--hosts", "0.0.0.0:5232"]
|
||||
|
||||
USER 1000
|
||||
Loading…
Add table
Add a link
Reference in a new issue