testing non-root running
This commit is contained in:
cool.gitter.choco
20
Dockerfile
20
Dockerfile
@@ -1,23 +1,29 @@
|
|||||||
# Use an official Python runtime as a parent image
|
# Use an official Python runtime as a parent image
|
||||||
FROM python:3.12-slim
|
FROM python:3.12-slim
|
||||||
|
|
||||||
|
# Install system dependencies and gosu for user switching
|
||||||
|
RUN apt-get update && apt-get install -y git ffmpeg gosu && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Set the working directory in the container
|
# Set the working directory in the container
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Install git
|
|
||||||
RUN apt-get update && apt-get install -y git ffmpeg
|
|
||||||
|
|
||||||
# Copy the requirements file into the container
|
# Copy the requirements file into the container
|
||||||
COPY requirements.txt .
|
COPY requirements.txt .
|
||||||
|
|
||||||
# Install any needed packages specified in requirements.txt
|
# Install Python dependencies
|
||||||
RUN pip install --no-cache-dir -r requirements.txt
|
RUN pip install --no-cache-dir -r requirements.txt
|
||||||
|
|
||||||
# Copy the current directory contents into the container at /app
|
# Copy application code
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
# Make port 5000 available to the world outside this container
|
# Copy entrypoint script and make it executable
|
||||||
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
|
# Expose the application port
|
||||||
EXPOSE 7171
|
EXPOSE 7171
|
||||||
|
|
||||||
# Run app.py when the container launches
|
# Set entrypoint to handle user permission setup
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
CMD ["python", "app.py"]
|
CMD ["python", "app.py"]
|
||||||
35
entrypoint.sh
Normal file
35
entrypoint.sh
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Check if both PUID and PGID are not set
|
||||||
|
if [ -z "${PUID}" ] && [ -z "${PGID}" ]; then
|
||||||
|
# Run as root directly
|
||||||
|
exec "$@"
|
||||||
|
else
|
||||||
|
# Verify both PUID and PGID are set
|
||||||
|
if [ -z "${PUID}" ] || [ -z "${PGID}" ]; then
|
||||||
|
echo "ERROR: Must supply both PUID and PGID or neither"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for root user request
|
||||||
|
if [ "${PUID}" -eq 0 ] && [ "${PGID}" -eq 0 ]; then
|
||||||
|
exec "$@"
|
||||||
|
else
|
||||||
|
# Create group if it doesn't exist
|
||||||
|
if ! getent group appgroup >/dev/null; then
|
||||||
|
groupadd -g "${PGID}" appgroup
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create user if it doesn't exist
|
||||||
|
if ! id appuser >/dev/null 2>&1; then
|
||||||
|
useradd -u "${PUID}" -g appgroup -d /app appuser
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure proper permissions
|
||||||
|
chown -R appuser:appgroup /app
|
||||||
|
|
||||||
|
# Run as specified user
|
||||||
|
exec gosu appuser "$@"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user