summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Lemon <y@yulqen.org>2024-04-24 13:23:47 +0100
committerMatthew Lemon <y@yulqen.org>2024-04-24 13:23:47 +0100
commit8bb60cbc104b84dfd6f878b03aafc3ac94e80e31 (patch)
treeb4145c7524abaed322774095f84b17e46e290849
parentde8e0871e1ebe98df38973b0101794d71a7b4266 (diff)
Using multi-stage build container to overcome rhel CVEs
-rw-r--r--Dockerfile30
1 files changed, 25 insertions, 5 deletions
diff --git a/Dockerfile b/Dockerfile
index 15b1b2b..f98a48b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-52.1712567218
+# Builder stage
+FROM registry.access.redhat.com/ubi9/python-311:1-52.1712567218 AS builder
# Add application sources with correct permissions for OpenShift
USER 0
@@ -9,12 +10,31 @@ USER 1001
WORKDIR /app
-
# Install the dependencies
RUN pip install -U "pip>=19.3.1" && \
pip install -r requirements.txt && \
- python manage.py collectstatic --noinput && \
- python manage.py migrate
+ python manage.py collectstatic --noinput
+
+# Final stage
+FROM python:3.11-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the built artifacts and required files from the builder stage
+COPY --from=builder /app /app
+
+# Install the required packages in the final stage
+RUN pip install -r requirements.txt
+
+# Set the appropriate user
+USER 1001
+
+# Run database migrations
+RUN python manage.py migrate
+
+# Expose the port on which your Django application will run
+EXPOSE 8080
# Run the application
-CMD python manage.py runserver 0.0.0.0:8080 \ No newline at end of file
+CMD ["python", "manage.py", "runserver", "0.0.0.0:8080"]