coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
19b2565a730b31325bddb3e25697e00a13f1389a
gatehouse-api/Dockerfile.job
T
sangnn 685df6a4cb
Push -> develop / Build Docker images (push) Successful in 1m40s
Details
Push -> develop / Deploy (push) Successful in 20s
Details
Push -> develop / Notify on result (push) Successful in 0s
Details
security: upgrade some package versions
2026-06-23 04:25:25 +00:00

45 lines
1.3 KiB
Docker
Raw Blame History

FROM python:3.11-slim as builder
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
WORKDIR /app
COPY requirements/base.txt requirements/base.txt
COPY requirements/production.txt requirements/production.txt
RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
pip install --no-cache-dir -r requirements/production.txt
FROM python:3.11-slim
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
libpq5 \
&& rm -rf /var/lib/apt/lists/*
# Patch system-level wheel (CVE-2026-24049) + setuptools-vendored jaraco.context
# (CVE-2026-23949) that Trivy flags in /usr/local site-packages.
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
RUN groupadd --gid 1000 appgroup && \
useradd --uid 1000 --gid appgroup --shell /bin/bash --create-home appuser
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
WORKDIR /app
COPY --chown=appuser:appgroup . .
RUN mkdir -p /app/logs && chown -R appuser:appgroup /app/logs
USER appuser
HEALTHCHECK --interval=60s --timeout=10s --start-period=10s --retries=3 \
CMD pgrep -f "job_runner" || exit 1
CMD ["python", "scripts/job_runner.py"]
Reference in New Issue View Git Blame Copy Permalink