🚑️(backend) fixe CVEs in backend image

Use alpine version for production image instead of debian in order to have less CVEs.
2024-09-27 17:39:17 +02:00
parent 748e24cab6
commit 639490d41e
1 changed files with 15 additions and 23 deletions
--- a/38
+++ b/38
@@ -1,15 +1,14 @@
 # Django People
 # ---- base image to inherit from ----
-FROM python:3.10-slim-bullseye as base
+FROM python:3.12.6-alpine3.20 as base
 # Upgrade pip to its latest release to speed up dependencies installation
-RUN python -m pip install --upgrade pip
+RUN python -m pip install --upgrade pip setuptools
 # Upgrade system packages to install security updates
-RUN apt-get update && \
+RUN apk update && \
-  apt-get -y upgrade && \
+  apk upgrade
  rm -rf /var/lib/apt/lists/*
 ### ---- Front-end dependencies image ----
 FROM node:20 as frontend-deps
@@ -88,11 +87,9 @@ FROM base as link-collector
 ARG PEOPLE_STATIC_ROOT=/data/static
 # Install libpangocairo & rdfind
-RUN apt-get update && \
+RUN apk add \
-    apt-get install -y \
+  pango \
-      libpangocairo-1.0-0 \
+  rdfind
      rdfind && \
    rm -rf /var/lib/apt/lists/*
 # Copy installed python dependencies
 COPY --from=back-builder /install /usr/local
@@ -116,16 +113,13 @@ FROM base as core
 ENV PYTHONUNBUFFERED=1
 # Install required system libs
-RUN apt-get update && \
+RUN apk add \
-    apt-get install -y \
+  gettext \
-      gettext \
+  cairo \
-      libcairo2 \
+  libffi-dev \
-      libffi-dev \
+  gdk-pixbuf \
-      libgdk-pixbuf2.0-0 \
+  pango \
-      libpango-1.0-0 \
+  shared-mime-info
      libpangocairo-1.0-0 \
      shared-mime-info && \
  rm -rf /var/lib/apt/lists/*
 # Copy entrypoint
 COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
@@ -155,9 +149,7 @@ FROM core as backend-development
 USER root:root
 # Install psql
-RUN apt-get update && \
+RUN apk add postgresql-client
    apt-get install -y postgresql-client && \
    rm -rf /var/lib/apt/lists/*
 # Uninstall people and re-install it in editable mode along with development
 # dependencies