oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity

Update Dockerfile to use build stage and set non-root user

Browse source
This commit is contained in:
Eugene Davis 2022-09-26 12:18:48 +02:00 committed by Julien Sanchez
parent 1c82eb5e05
commit 5b0830ea08
No known key found for this signature in database
GPG key ID: 1D077BB705F2918B
2 changed files with 42 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Dockerfile
View file

@ -1,17 +1,30 @@
# This file is intended to be used apart from the containing source code tree. # This file is intended to be used apart from the containing source code tree.
FROM python:3-alpine FROM python:3-alpine as builder
# Version of Radicale (e.g. v3) # Version of Radicale (e.g. v3)
ARG VERSION=master ARG VERSION=master
RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \
&& python -m venv /app/venv \
&& /app/venv/bin/pip install --no-cache-dir "Radicale[bcrypt] @ https://github.com/Kozea/Radicale/archive/${VERSION}.tar.gz"
FROM python:3-alpine
WORKDIR /app
RUN adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password \
&& apk add --no-cache ca-certificates openssl
COPY --chown=1000 --from=builder /app/venv /app
# Persistent storage for data # Persistent storage for data
VOLUME /var/lib/radicale VOLUME /var/lib/radicale
# TCP port of Radicale # TCP port of Radicale
EXPOSE 5232 EXPOSE 5232
# Run Radicale # Run Radicale
CMD ["radicale", "--hosts", "0.0.0.0:5232"] ENTRYPOINT [ "/app/bin/python", "/app/bin/radicale"]
CMD ["--hosts", "0.0.0.0:5232"]
RUN apk add --no-cache ca-certificates openssl \ USER 1000
&& apk add --no-cache --virtual .build-deps gcc libffi-dev musl-dev \
&& pip install --no-cache-dir "Radicale[bcrypt] @ https://github.com/Kozea/Radicale/archive/${VERSION}.tar.gz" \
&& apk del .build-deps

36
Dockerfile.dev
View file

@ -1,19 +1,29 @@
FROM python:3-alpine FROM python:3-alpine as builder
# Version of Radicale (e.g. v3)
ARG VERSION=master
# Persistent storage for data
VOLUME /var/lib/radicale
# TCP port of Radicale
EXPOSE 5232
# Run Radicale
CMD ["radicale", "--hosts", "0.0.0.0:5232"]
COPY . /app COPY . /app
WORKDIR /app WORKDIR /app
RUN apk add --no-cache ca-certificates openssl \ RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \
&& apk add --no-cache --virtual .build-deps gcc libffi-dev musl-dev \ && python -m venv /app/venv \
&& pip install --no-cache-dir -e . \ && /app/venv/bin/pip install --no-cache-dir .[bcrypt]
&& apk del .build-deps
FROM python:3-alpine
WORKDIR /app
RUN adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password \
&& apk add --no-cache ca-certificates openssl
COPY --chown=1000 --from=builder /app/venv /app
# Persistent storage for data
VOLUME /var/lib/radicale
# TCP port of Radicale
EXPOSE 5232
# Run Radicale
ENTRYPOINT [ "/app/bin/python", "/app/bin/radicale"]
CMD ["--hosts", "0.0.0.0:5232"]
USER 1000