schihei/arxiv-sanity-lite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a4b1176c6e66dd169bc082fa1f825c40cd32af8
arxiv-sanity-lite/Dockerfile
T
Heiko Joerg Schick 381b4ba7ff Minor changes in Docker container
2023-08-30 14:16:25 +02:00

77 lines
2.3 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
ARG PYTHON_VERSION=3.10.1
FROM python:${PYTHON_VERSION}-slim as base
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
# Install required binary packages.
RUN apt-get update && apt-get install -y \
imagemagick \
&& rm -rf /var/lib/apt/lists/*
# Add PDF processing to the ImageMagic policy.
RUN sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="read|write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml
# DEBUG. Only for debug purposes.
RUN apt-get update && apt-get install -y \
curl \
procps \
sudo \
vim \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
#RUN adduser \
# --disabled-password \
# --gecos "" \
# --home "/nonexistent" \
# --shell "/sbin/nologin" \
# --no-create-home \
# --uid "${UID}" \
# appuser
# DEBUG. Only for debug purposes.
RUN useradd -r -u ${UID} -s /sbin/nologin -d /nonexistent appuser
RUN echo "appuser:12345678" | chpasswd
RUN echo 'appuser ALL=(ALL) NOPASSWD:ALL' | tee -a /etc/sudoers
# Upgrade pip
RUN python -m pip install --upgrade pip
# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
# Leverage a bind mount to requirements.txt to avoid having to copy them into
# into this layer.
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
python -m pip install -r requirements.txt
# Switch to the non-privileged user to run the application.
USER appuser
# Copy the source code into the container.
COPY --chown=appuser . .
# Change file mode(s).
RUN chmod 0744 cron.sh
# Expose the port that the application listens on.
EXPOSE 5000
# Run the application.
CMD export FLASK_APP=serve.py; flask run --host=0.0.0.0
Reference in New Issue View Git Blame Copy Permalink