Update Dockerfile to use build stage and set non-root user

2025-04-04 05:37:37 +03:00 · 2022-09-26 12:18:48 +02:00 · 2022-09-26 12:18:48 +02:00 · 5b0830ea08
commit 5b0830ea08
parent 1c82eb5e05
2 changed files with 42 additions and 19 deletions
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -1,19 +1,29 @@
-FROM python:3-alpine
+FROM python:3-alpine as builder

-# Version of Radicale (e.g. v3)
-ARG VERSION=master
-# Persistent storage for data
-VOLUME /var/lib/radicale
-# TCP port of Radicale
-EXPOSE 5232
-# Run Radicale
-CMD ["radicale", "--hosts", "0.0.0.0:5232"]

 COPY . /app

 WORKDIR /app

-RUN apk add --no-cache ca-certificates openssl \
-    && apk add --no-cache --virtual .build-deps gcc libffi-dev musl-dev \
-    && pip install --no-cache-dir -e  . \
-    && apk del .build-deps
+RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \
+    && python -m venv /app/venv \
+    && /app/venv/bin/pip install --no-cache-dir .[bcrypt]
+
+FROM python:3-alpine
+
+WORKDIR /app
+
+RUN adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password \
+    && apk add --no-cache ca-certificates openssl
+
+COPY --chown=1000 --from=builder /app/venv /app
+
+# Persistent storage for data
+VOLUME /var/lib/radicale
+# TCP port of Radicale
+EXPOSE 5232
+# Run Radicale
+ENTRYPOINT [ "/app/bin/python", "/app/bin/radicale"]
+CMD ["--hosts", "0.0.0.0:5232"]
+
+USER 1000