Hardened Dockerfile
All checks were successful
Build & Publish to GHCR / build (push) Successful in 27s
All checks were successful
Build & Publish to GHCR / build (push) Successful in 27s
Switched to multi stage process to harden the Dockerfile
This commit is contained in:
parent
bfc8abd441
commit
ab1b48fe06
23
Dockerfile
23
Dockerfile
@ -1,13 +1,18 @@
|
||||
FROM python:3.12-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y git
|
||||
|
||||
# Builder stage
|
||||
FROM python:3.12-slim AS builder
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends git build-essential \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /install
|
||||
COPY requirements.txt .
|
||||
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
RUN pip install --prefix=/install --no-cache-dir -r requirements.txt
|
||||
WORKDIR /app
|
||||
|
||||
COPY src/ /app/
|
||||
|
||||
ENTRYPOINT ["python","rabbitmq_handler.py"]
|
||||
# Runtime image
|
||||
FROM nvcr.io/nvidia/distroless/python:3.12-v3.5.1
|
||||
COPY --from=builder /install /usr/local
|
||||
COPY --from=builder /app /app
|
||||
WORKDIR /app
|
||||
ENTRYPOINT ["python", "rabbitmq_handler.py"]
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user