🚑️(backend) fix CVEs in backend image
Use alpine version for production image instead of debian in order to have less CVEs.
This commit is contained in:
Anthony LC
@@ -9,6 +9,10 @@ and this project adheres to
|
|||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## Added
|
||||||
|
|
||||||
|
- ✨(ci) add security scan #291
|
||||||
|
|
||||||
## Changed
|
## Changed
|
||||||
|
|
||||||
- 💄(frontend) error alert closeable on editor #284
|
- 💄(frontend) error alert closeable on editor #284
|
||||||
|
|||||||
45
Dockerfile
45
Dockerfile
@@ -1,15 +1,14 @@
|
|||||||
# Django impress
|
# Django impress
|
||||||
|
|
||||||
# ---- base image to inherit from ----
|
# ---- base image to inherit from ----
|
||||||
FROM python:3.10-slim-bullseye as base
|
FROM python:3.12.6-alpine3.20 as base
|
||||||
|
|
||||||
# Upgrade pip to its latest release to speed up dependencies installation
|
# Upgrade pip to its latest release to speed up dependencies installation
|
||||||
RUN python -m pip install --upgrade pip
|
RUN python -m pip install --upgrade pip setuptools
|
||||||
|
|
||||||
# Upgrade system packages to install security updates
|
# Upgrade system packages to install security updates
|
||||||
RUN apt-get update && \
|
RUN apk update && \
|
||||||
apt-get -y upgrade && \
|
apk upgrade
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# ---- Back-end builder image ----
|
# ---- Back-end builder image ----
|
||||||
FROM base as back-builder
|
FROM base as back-builder
|
||||||
@@ -38,12 +37,10 @@ RUN yarn install --frozen-lockfile && \
|
|||||||
FROM base as link-collector
|
FROM base as link-collector
|
||||||
ARG IMPRESS_STATIC_ROOT=/data/static
|
ARG IMPRESS_STATIC_ROOT=/data/static
|
||||||
|
|
||||||
# Install libpangocairo & rdfind
|
# Install pango & rdfind
|
||||||
RUN apt-get update && \
|
RUN apk add \
|
||||||
apt-get install -y \
|
pango \
|
||||||
libpangocairo-1.0-0 \
|
rdfind
|
||||||
rdfind && \
|
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Copy installed python dependencies
|
# Copy installed python dependencies
|
||||||
COPY --from=back-builder /install /usr/local
|
COPY --from=back-builder /install /usr/local
|
||||||
@@ -67,18 +64,16 @@ FROM base as core
|
|||||||
ENV PYTHONUNBUFFERED=1
|
ENV PYTHONUNBUFFERED=1
|
||||||
|
|
||||||
# Install required system libs
|
# Install required system libs
|
||||||
RUN apt-get update && \
|
RUN apk add \
|
||||||
apt-get install -y \
|
gettext \
|
||||||
gettext \
|
cairo \
|
||||||
libcairo2 \
|
libffi-dev \
|
||||||
libffi-dev \
|
gdk-pixbuf \
|
||||||
libgdk-pixbuf2.0-0 \
|
pango \
|
||||||
libpango-1.0-0 \
|
pandoc \
|
||||||
libpangocairo-1.0-0 \
|
font-noto-emoji \
|
||||||
pandoc \
|
font-noto \
|
||||||
fonts-noto-color-emoji \
|
shared-mime-info
|
||||||
shared-mime-info && \
|
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Copy entrypoint
|
# Copy entrypoint
|
||||||
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
|
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
|
||||||
@@ -108,9 +103,7 @@ FROM core as backend-development
|
|||||||
USER root:root
|
USER root:root
|
||||||
|
|
||||||
# Install psql
|
# Install psql
|
||||||
RUN apt-get update && \
|
RUN apk add postgresql-client
|
||||||
apt-get install -y postgresql-client && \
|
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Uninstall impress and re-install it in editable mode along with development
|
# Uninstall impress and re-install it in editable mode along with development
|
||||||
# dependencies
|
# dependencies
|
||||||
|
|||||||
Reference in New Issue
Block a user