kitos
709a810775
Aegis CI / lint-and-test (push) Has been cancelled
Snyk Security Scan / Python vulnerabilities (backend) (push) Has been cancelled
Snyk Security Scan / npm vulnerabilities (frontend) (push) Has been cancelled
Snyk Security Scan / Docker image vulnerabilities (backend) (push) Has been cancelled
Picks up Debian security fixes for systemd (257.13), sqlite3 (3.46.1-7+deb13u1), sed (4.9-2+deb13u1) and other packages flagged by Snyk. All Docker image CVEs were Low severity; Snyk CI threshold is set to high so none blocked builds.
37 lines
807 B
Docker
37 lines
807 B
Docker
FROM python:3.11-slim
|
|
|
|
WORKDIR /app
|
|
|
|
# Install system dependencies
|
|
RUN apt-get update && apt-get upgrade -y && apt-get install -y \
|
|
gcc \
|
|
libpq-dev \
|
|
curl \
|
|
pkg-config \
|
|
libxml2-dev \
|
|
libxmlsec1-dev \
|
|
libxmlsec1-openssl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy requirements first for better caching
|
|
COPY requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
# Copy application code
|
|
COPY . .
|
|
|
|
# Make entrypoints executable
|
|
RUN chmod +x /app/entrypoint.sh /app/entrypoint.prod.sh
|
|
|
|
# Create a non-root user and give it ownership of /app
|
|
RUN adduser --disabled-password --gecos '' --uid 1001 appuser \
|
|
&& chown -R appuser:appuser /app
|
|
|
|
USER appuser
|
|
|
|
# Expose port
|
|
EXPOSE 8000
|
|
|
|
# Default command (migrations + seed + uvicorn)
|
|
CMD ["sh", "/app/entrypoint.sh"]
|