Update Dockerfile
Browse files- Dockerfile +20 -3
Dockerfile
CHANGED
|
@@ -1,5 +1,22 @@
|
|
| 1 |
FROM python:3.12
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
WORKDIR /app
|
| 3 |
-
|
| 4 |
-
|
| 5 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
FROM python:3.12
|
| 2 |
+
|
| 3 |
+
# Create a dedicated non-root user & group
|
| 4 |
+
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
|
| 5 |
+
|
| 6 |
+
# Create working dirs
|
| 7 |
WORKDIR /app
|
| 8 |
+
RUN mkdir -p /app/logs && mkdir -p /app/venv && chown -R appuser:appgroup /app
|
| 9 |
+
|
| 10 |
+
# Copy code and requirements
|
| 11 |
+
COPY . /app/
|
| 12 |
+
|
| 13 |
+
# Install venv + dependencies as root
|
| 14 |
+
RUN python -m venv /app/venv \
|
| 15 |
+
&& /app/venv/bin/pip install --upgrade pip \
|
| 16 |
+
&& /app/venv/bin/pip install --no-cache-dir -r requirements.txt
|
| 17 |
+
|
| 18 |
+
# Switch to non-root user
|
| 19 |
+
USER appuser
|
| 20 |
+
|
| 21 |
+
# Default command always uses venv Python
|
| 22 |
+
CMD ["/app/venv/bin/python", "manager.py"]
|