-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
56 lines (40 loc) · 1.4 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# multi stage docker build, while not required for this image, if requirements.txt
# ever requires additional build-time dependencies, it will reduce final image size
FROM python:3.7.7-alpine3.11 AS build-image
LABEL maintainer=philnichol
RUN python3 -m venv /opt/venv
RUN apk add gcc musl-dev
ENV PATH="/opt/venv/bin:$PATH"
COPY requirements.txt ./
RUN pip install -r requirements.txt
# runtime image
FROM python:3.7.7-alpine3.11 AS runtime-image
# copy over the installed libs
COPY --from=build-image /opt/venv /opt/venv
# install curl for Fargate healthchecks
# remove apk and pip to (slightly) reduce size and attack surface
# create non-root user and give it rx access to /app
RUN apk add --no-cache curl \
&& apk del --no-cache py-pip \
&& rm -rf /usr/local/bin/pip \
&& rm -rf /home/root/.cache/pip \
&& rm -rf /sbin/apk \
&& rm -rf /etc/apk \
&& rm -rf /lib/apk \
&& rm -rf /use/share/apk \
&& rm -rf /var/lib/apk \
&& mkdir -p /app \
&& addgroup -S app \
&& adduser -S -D -H app -G app \
&& chmod -R 755 /app
EXPOSE 5000
ENV PATH="/opt/venv/bin:$PATH"
ENV PYTHONDONTWRITEBYTECODE 1
ENV FLASK_APP="application.py"
WORKDIR /app
COPY . .
USER app
# this is where the Makefile looks for the image tag
# version consists of: <PYTHON_VERSION>.<ALPINE_VERSION>.<APP_VERSION>
LABEL IMAGE_VERSION=377.311.3
ENTRYPOINT [ "/opt/venv/bin/flask", "run", "--host", "0.0.0.0"]