add bashrc
parent
a969c53acb
commit
d34cb49a89
@ -1,64 +1,51 @@
|
||||
# Use the official Python 3.11 image from the Docker Hub
|
||||
FROM python:3.11-slim as builder
|
||||
|
||||
# Install Poetry
|
||||
RUN pip install poetry
|
||||
|
||||
# Set environment variables for Poetry
|
||||
ENV POETRY_NO_INTERACTION=1 \
|
||||
POETRY_VIRTUALENVS_IN_PROJECT=1 \
|
||||
POETRY_VIRTUALENVS_CREATE=1 \
|
||||
POETRY_CACHE_DIR=/tmp/poetry_cache
|
||||
|
||||
# Set the working directory
|
||||
WORKDIR /app
|
||||
|
||||
# Copy the Poetry configuration files
|
||||
COPY pyproject.toml poetry.lock ./
|
||||
|
||||
# Install dependencies
|
||||
RUN poetry install --no-root
|
||||
|
||||
# Use a new slim image for the runtime
|
||||
FROM python:3.11-slim as runtime
|
||||
|
||||
# Install necessary tools for running the app, including `make`
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
make \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user with password
|
||||
RUN useradd -r -m -s /bin/bash appuser && \
|
||||
echo "appuser:your_password_here" | chpasswd
|
||||
|
||||
# Set environment variables for Poetry
|
||||
ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
|
||||
PATH="/app/.venv/bin:$PATH"
|
||||
|
||||
# Copy Poetry installation from builder
|
||||
COPY --from=builder /app/.venv /app/.venv
|
||||
|
||||
# Copy application files
|
||||
COPY . /app/
|
||||
|
||||
# Delete Tests for production
|
||||
RUN rm -rf /app/tests/
|
||||
|
||||
# Restrict file permissions in /app
|
||||
RUN chmod -R o-rwx,g-rwx /app/ && \
|
||||
chown -R appuser:appuser /app/
|
||||
|
||||
# Disable root login
|
||||
RUN chsh -s /usr/sbin/nologin root
|
||||
# Add custom configuration to root's .bashrc including password protection
|
||||
RUN echo "# Custom configurations added by Dockerfile" >> /root/.bashrc && \
|
||||
echo "export APP_PATH=/app" >> /root/.bashrc && \
|
||||
echo "alias ll='ls -la'" >> /root/.bashrc && \
|
||||
echo "PASSWORD=\"supersecret\"" >> /root/.bashrc && \
|
||||
echo "echo -n \"Enter password to access container: \"" >> /root/.bashrc && \
|
||||
echo "read -s input_password" >> /root/.bashrc && \
|
||||
echo "echo \"\"" >> /root/.bashrc && \
|
||||
echo "if [ \"\$input_password\" != \"\$PASSWORD\" ]; then" >> /root/.bashrc && \
|
||||
echo " echo \"Access denied!\"" >> /root/.bashrc && \
|
||||
echo " exit 1" >> /root/.bashrc && \
|
||||
echo "fi" >> /root/.bashrc && \
|
||||
echo "cd /app" >> /root/.bashrc
|
||||
|
||||
# Expose port for the application
|
||||
EXPOSE 3000
|
||||
|
||||
# Set the working directory
|
||||
WORKDIR /app
|
||||
|
||||
# Switch to non-root user
|
||||
USER appuser
|
||||
|
||||
# Run `make run` as the entry point
|
||||
CMD ["make", "run"]
|
||||
|
||||
Loading…
Reference in New Issue