forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.django
144 lines (136 loc) · 4.51 KB
/
Dockerfile.django
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# code: language=Dockerfile
# The code for the build image should be identical with the code in
# Dockerfile.nginx to use the caching mechanism of Docker.
# Ref: https://devguide.python.org/#branchstatus
FROM python:3.8.9-slim-buster@sha256:5d9e29ce2be0f6b0939691ac1331c4a42a2678d13c918a8eba00698449209ef1 as build
WORKDIR /app
RUN \
apt-get -y update && \
apt-get -y install \
build-essential \
dnsutils \
default-mysql-client \
libmariadb-dev-compat \
postgresql-client \
xmlsec1 \
git \
uuid-runtime \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists && \
true
COPY requirements.txt ./
RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
FROM python:3.8.9-slim-buster@sha256:5d9e29ce2be0f6b0939691ac1331c4a42a2678d13c918a8eba00698449209ef1
WORKDIR /app
ARG uid=1001
ARG appuser=defectdojo
ENV appuser ${appuser}
RUN \
apt-get -y update && \
# ugly fix to install postgresql-client without errors
mkdir -p /usr/share/man/man1 /usr/share/man/man7 && \
apt-get -y install --no-install-recommends \
# libopenjp2-7 libjpeg62 libtiff5 are required by the pillow package
libopenjp2-7 \
libjpeg62 \
libtiff5 \
dnsutils \
default-mysql-client \
libmariadb3 \
xmlsec1 \
git \
uuid-runtime \
# only required for the dbshell (used by the initializer job)
postgresql-client \
curl \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists && \
true
COPY --from=build /tmp/wheels /tmp/wheels
COPY requirements.txt ./
RUN pip3 install \
--no-cache-dir \
--no-index \
--find-links=/tmp/wheels \
-r ./requirements.txt
COPY \
docker/entrypoint-celery-beat.sh \
docker/entrypoint-celery-worker.sh \
docker/entrypoint-initializer.sh \
docker/entrypoint-uwsgi.sh \
docker/entrypoint-uwsgi-dev.sh \
docker/entrypoint-uwsgi-ptvsd.sh \
docker/entrypoint-unit-tests.sh \
docker/entrypoint-unit-tests-devDocker.sh \
docker/wait-for-it.sh \
docker/certs/* \
/
COPY wsgi.py manage.py docker/unit-tests.sh ./
COPY dojo/ ./dojo/
# Add extra fixtures to docker image which are loaded by the initializer
COPY docker/extra_fixtures/* /app/dojo/fixtures/
# Fallback for safety parser, if installation does't allow internet connectivity
RUN curl -sS -o dojo/tools/safety/insecure_full.json https://raw.githubusercontent.com/pyupio/safety-db/master/data/insecure_full.json
COPY tests/ ./tests/
RUN \
# Remove placeholder copied from docker/certs
rm -f /readme.txt && \
# Remove placeholder copied from docker/extra_fixtures
rm -f dojo/fixtures/readme.txt && \
mkdir -p dojo/migrations && \
chmod g=u dojo/migrations && \
true
USER root
RUN \
adduser --system --no-create-home --disabled-password --gecos '' \
--uid ${uid} ${appuser} && \
chown -R ${appuser} /app && \
chmod 0700 /app && \
chmod 0750 -R /app/* && \
chmod g=u /app && \
chmod -R g=u /app/* && \
mkdir /var/run/${appuser} && \
chown ${appuser} /var/run/${appuser} && \
chmod g=u /var/run/${appuser}
USER ${uid}
ENV \
DD_ADMIN_USER=admin \
DD_ADMIN_MAIL=admin@defectdojo.local \
DD_ADMIN_PASSWORD='' \
DD_ADMIN_FIRST_NAME=Administrator \
DD_ADMIN_LAST_NAME=User \
DD_ALLOWED_HOSTS="*" \
DD_CELERY_BEAT_SCHEDULE_FILENAME="/run/celery-beat-schedule" \
DD_CELERY_BROKER_SCHEME="amqp" \
DD_CELERY_BROKER_USER="defectdojo" \
DD_CELERY_BROKER_PASSWORD="defectdojo" \
DD_CELERY_BROKER_HOST="rabbitmq" \
DD_CELERY_BROKER_PORT="5672" \
DD_CELERY_BROKER_PATH="//" \
DD_CELERY_LOG_LEVEL="INFO" \
DD_CELERY_WORKER_POOL_TYPE="solo" \
# Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room.
# See https://docs.celeryproject.org/en/stable/userguide/workers.html#id12 for more details
# DD_CELERY_WORKER_POOL_TYPE="prefork" \
# DD_CELERY_WORKER_AUTOSCALE_MIN="2" \
# DD_CELERY_WORKER_AUTOSCALE_MAX="8" \
# DD_CELERY_WORKER_CONCURRENCY="8" \
# DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \
DD_DATABASE_ENGINE="django.db.backends.mysql" \
DD_DATABASE_HOST="mysql" \
DD_DATABASE_NAME="defectdojo" \
DD_DATABASE_PASSWORD="defectdojo" \
DD_DATABASE_PORT="3306" \
DD_DATABASE_USER="defectdojo" \
DD_INITIALIZE=true \
DD_UWSGI_MODE="socket" \
DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
DD_UWSGI_NUM_OF_PROCESSES="2" \
DD_UWSGI_NUM_OF_THREADS="2" \
DD_DJANGO_ADMIN_ENABLED="True" \
DD_TRACK_MIGRATIONS="True" \
DD_DJANGO_METRICS_ENABLED="False"
RUN mkdir -p media && mkdir -p media/threat && chown -R ${uid} media
ENTRYPOINT ["/entrypoint-uwsgi.sh"]