-
-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix: everything created as root and honors PUID, PGID and UMASK envir…
…onment variables (#206) * fix: everything created as root * feat: add python3 to dockerfile and move main.py outside of src * Default user is now icd (non-root) * Moved user management to runtime; * Added option to set UMASK; * Updated dockerfile-debug --------- Co-authored-by: Mandar Patil <[email protected]>
- Loading branch information
1 parent
9788c03
commit 4bee96a
Showing
4 changed files
with
46 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -135,4 +135,5 @@ allure-report | |
| .history | ||
| ignore-config.yaml | ||
| session | ||
| session_data | ||
| session_data | ||
| icloud/ | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,23 +1,21 @@ | ||
| FROM python:3.10-alpine AS build | ||
| FROM python:3.10-alpine3.19 AS build | ||
| RUN apk update && apk add git gcc musl-dev python3-dev libffi-dev openssl-dev cargo | ||
| WORKDIR /app | ||
| COPY requirements.txt . | ||
| RUN python -m venv venv | ||
| ENV PATH="/app/venv/bin/:$PATH" | ||
| RUN python -m venv /venv | ||
| ENV PATH="/venv/bin/:$PATH" | ||
| RUN pip install -U pip | ||
| RUN pip install -r requirements.txt | ||
| FROM python:3.10-alpine | ||
| FROM python:3.10-alpine3.19 | ||
| ARG APP_VERSION=dev | ||
| ARG NEW_INSTALLATION_ENDPOINT=dev | ||
| ARG NEW_HEARTBEAT_ENDPOINT=dev | ||
| WORKDIR /app | ||
| COPY --from=build /app/venv /app/venv | ||
| # Libmagic is required at runtime by python-magic | ||
| RUN apk update && apk add libmagic | ||
| ENV PATH="/app/venv/bin/:$PATH" | ||
| ENV PYTHONPATH /app | ||
| ENV NEW_INSTALLATION_ENDPOINT=$NEW_INSTALLATION_ENDPOINT | ||
| ENV NEW_HEARTBEAT_ENDPOINT=$NEW_HEARTBEAT_ENDPOINT | ||
| ENV APP_VERSION=$APP_VERSION | ||
| COPY --from=build /venv /venv | ||
| # Libmagic is required at runtime by python-magic | ||
| RUN apk update && apk add sudo libmagic shadow dumb-init | ||
| COPY . /app/ | ||
| CMD ["python", "-u", "./src/main.py"] | ||
| WORKDIR /app | ||
| ENTRYPOINT ["dumb-init", "--"] | ||
| CMD ["/app/init.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,22 @@ | ||
| FROM python:3.9-alpine AS build | ||
| RUN apk update && apk add git gcc musl-dev python3-dev libffi-dev openssl-dev cargo | ||
| WORKDIR /app | ||
| FROM python:3.10-alpine3.19 AS build | ||
| RUN apk update && apk add git gcc musl-dev py3-pip python3 python3-dev libffi-dev openssl-dev | ||
| COPY requirements.txt . | ||
| RUN python -m venv venv | ||
| ENV PATH="/app/venv/bin/:$PATH" | ||
| RUN pip install -U pip | ||
| RUN pip install -r requirements.txt | ||
| RUN pip install debugpy | ||
| FROM python:3.9-alpine | ||
| WORKDIR /app | ||
| COPY --from=build /app/venv /app/venv | ||
| RUN python3 -m venv /venv | ||
| ENV PATH="/venv/bin/:$PATH" | ||
| RUN pip3 install -U pip | ||
| RUN pip3 install -r requirements.txt | ||
| RUN pip3 install debugpy | ||
| FROM python:3.10-alpine3.19 | ||
| COPY --from=build /venv /venv | ||
| # Libmagic is required at runtime by python-magic | ||
| RUN apk update && apk add libmagic | ||
| ENV PATH="/app/venv/bin/:$PATH" | ||
| RUN apk update && apk add libmagic shadow dumb-init | ||
| ENV PATH="/venv/bin/:$PATH" | ||
| ENV PYTHONPATH /app | ||
| # Map local folder to /app instead | ||
| #COPY . /app/ | ||
|
|
||
| WORKDIR /app | ||
| EXPOSE 5678 | ||
| # Run below command | ||
| #CMD ["python", "-m", "debugpy","--listen", "0.0.0.0:5678", "--wait-for-client", "./src/main.py"] | ||
| ENTRYPOINT ['dumb-init', '--'] | ||
| # Run below command | ||
| #CMD ["python3", "-m", "debugpy","--listen", "0.0.0.0:5678", "--wait-for-client", "main.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #!/bin/sh | ||
| PUID=${PUID:-1000} | ||
| PGID=${PGID:-1000} | ||
| UMASK=${UMASK:-022} | ||
| echo ' | ||
| ==================================================== | ||
| To support this project, please consider sponsoring. | ||
| https://github.com/sponsors/mandarons | ||
| https://www.buymeacoffee.com/mandarons | ||
| ==================================================== | ||
| ' | ||
| echo "Using UID as ${PUID}, GID as ${PGID} and UMASK as ${UMASK}..." | ||
| addgroup --gid $PGID icd; | ||
| adduser -D --uid $PUID icd -G icd; \ | ||
| echo "icd ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/icd && sudo chmod 0440 /etc/sudoers.d/icd | ||
| echo "Changing ownership of /app ... This operation may take significantly longer depending on number of files in your local copy of icloud." | ||
| chown -R icd:icd /app | ||
| umask $UMASK | ||
| su - icd -c "umask $UMASK && cd /app && export PYTHONPATH=/app && export PATH=/venv/bin:$PATH && python ./src/main.py" |