-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Update Dockerfile to address security issues
- Loading branch information
Showing
4 changed files
with
39 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| .env | ||
| *.pyc | ||
| __pycache__/ | ||
| .git/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,7 +13,6 @@ pycache/ | |
| *.pid | ||
| *.bak | ||
| *.swp | ||
| .dockerignore | ||
|
|
||
| # 기타 | ||
| .idea/ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Ignore environment and sensitive files | ||
| .env | ||
| *.env | ||
|
|
||
| # Ignore Python virtual environments | ||
| venv/ | ||
| __pycache__/ | ||
| *.pyc | ||
|
|
||
| # Ignore git and other VCS directories | ||
| .git/ | ||
| .gitignore | ||
|
|
||
| # Ignore Docker-related files | ||
| Dockerfile | ||
| docker-compose.yml | ||
|
|
||
| # Ignore IDE files | ||
| *.idea/ | ||
| *.vscode/ | ||
|
|
||
| # Ignore node modules | ||
| node_modules/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,27 @@ | ||
| # Base image | ||
| FROM python:3.10 | ||
|
|
||
| # Create a non-root user and set permissions | ||
| RUN useradd -m appuser | ||
|
|
||
| # Set the working directory | ||
| WORKDIR /app | ||
|
|
||
| # Copy requirements.txt and install dependencies | ||
| # Change ownership of the working directory to the non-root user | ||
| RUN chown -R appuser /app | ||
|
|
||
| # Copy only requirements.txt and install dependencies | ||
| COPY requirements.txt . | ||
| RUN pip install --no-cache-dir -r requirements.txt | ||
|
|
||
| # Copy the application code | ||
| COPY . . | ||
| # Copy only the necessary application code | ||
| COPY app/ ./app | ||
|
|
||
| # Expose the port for user-service (8001) | ||
| EXPOSE 8001 | ||
|
|
||
| # Switch to the non-root user | ||
| USER appuser | ||
|
|
||
| # Run the app using uvicorn | ||
| CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8001"] |