Merge pull request 'Hardened Dockerfile' (#5) from feature/hardened-dockerfile into main
All checks were successful
Build & Publish to GHCR / build (push) Successful in 1m51s
All checks were successful
Build & Publish to GHCR / build (push) Successful in 1m51s
Reviewed-on: #5
This commit is contained in:
commit
ff03231d61
24
Dockerfile
24
Dockerfile
@ -1,15 +1,17 @@
|
||||
FROM python:3.12-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y git
|
||||
|
||||
# Builder stage
|
||||
FROM python:3.12-slim AS builder
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends git build-essential \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /install
|
||||
COPY requirements.txt .
|
||||
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
RUN pip install --prefix=/install --no-cache-dir -r requirements.txt
|
||||
WORKDIR /app
|
||||
|
||||
COPY src/ /app/
|
||||
|
||||
ENTRYPOINT ["python","main.py"]
|
||||
|
||||
|
||||
# Runtime image
|
||||
FROM nvcr.io/nvidia/distroless/python:3.12-v3.5.1
|
||||
COPY --from=builder /install /usr/local
|
||||
COPY --from=builder /app /app
|
||||
WORKDIR /app
|
||||
ENTRYPOINT ["python", "main.py"]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user