Using multi-stage build container to overcome rhel CVEs

author: Matthew Lemon <y@yulqen.org> 2024-04-24 13:23:47 +0100
committer: Matthew Lemon <y@yulqen.org> 2024-04-24 13:23:47 +0100
commit: 8bb60cbc104b84dfd6f878b03aafc3ac94e80e31 (patch)
tree: b4145c7524abaed322774095f84b17e46e290849 /Dockerfile
parent: de8e0871e1ebe98df38973b0101794d71a7b4266 (diff)
1 files changed, 25 insertions, 5 deletions
diff --git a/Dockerfile b/Dockerfile
index 15b1b2b..f98a48b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-52.1712567218
+# Builder stage
+FROM registry.access.redhat.com/ubi9/python-311:1-52.1712567218 AS builder
 
 # Add application sources with correct permissions for OpenShift
 USER 0
@@ -9,12 +10,31 @@ USER 1001
 
 WORKDIR /app
 
-
 # Install the dependencies
 RUN pip install -U "pip>=19.3.1" && \
     pip install -r requirements.txt && \
-    python manage.py collectstatic --noinput && \
-    python manage.py migrate
+    python manage.py collectstatic --noinput
+
+# Final stage
+FROM python:3.11-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the built artifacts and required files from the builder stage
+COPY --from=builder /app /app
+
+# Install the required packages in the final stage
+RUN pip install -r requirements.txt
+
+# Set the appropriate user
+USER 1001
+
+# Run database migrations
+RUN python manage.py migrate
+
+# Expose the port on which your Django application will run
+EXPOSE 8080
 
 # Run the application
-CMD python manage.py runserver 0.0.0.0:8080
-\ No newline at end of file
+CMD ["python", "manage.py", "runserver", "0.0.0.0:8080"]
author	Matthew Lemon <y@yulqen.org>	2024-04-24 13:23:47 +0100
committer	Matthew Lemon <y@yulqen.org>	2024-04-24 13:23:47 +0100
commit	8bb60cbc104b84dfd6f878b03aafc3ac94e80e31 (patch)
tree	b4145c7524abaed322774095f84b17e46e290849 /Dockerfile
parent	de8e0871e1ebe98df38973b0101794d71a7b4266 (diff)