-
Notifications
You must be signed in to change notification settings - Fork 177
/
Dockerfile
70 lines (54 loc) · 2.17 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
FROM ghcr.io/astral-sh/uv:0.4.20-python3.12-bookworm-slim
# Define the environment variables
ENV UV_SYSTEM_PYTHON=1
ENV HOST=0.0.0.0
ENV PORT=8000
# Expose the application port
EXPOSE $PORT
# Install necessary packages
RUN apt-get update && \
apt-get install -y acl git xmlsec1 && \
rm -rf /var/lib/apt/lists/*
# Copy and run the script to install additional packages
COPY scripts/install-packages.sh .
RUN chmod +x install-packages.sh && \
./install-packages.sh && \
rm install-packages.sh
COPY scripts/auto-update.sh ./auto-update.sh
RUN chmod +x auto-update.sh && \
./auto-update.sh && \
rm auto-update.sh
# Create the apiuser with a specific UID/GID
RUN groupadd -g 1001 apiuser && \
useradd -m -u 1001 -g apiuser apiuser
# Set up directories for uv and pip
RUN mkdir -p /home/apiuser/.cache/uv /home/apiuser/.local && \
chown -R apiuser:apiuser /home/apiuser/.cache /home/apiuser/.local && \
chmod -R 755 /home/apiuser/.cache /home/apiuser/.local
ENV PYTHONUSERBASE="/home/apiuser/.local"
ENV UV_CACHE_DIR="/home/apiuser/.cache/uv"
ENV PYTHONPATH=/home/apiuser/.local:$PYTHONPATH
ENV PATH=/home/apiuser/.local/bin:$PATH
# Set the working directory inside the container
WORKDIR /app
# Copy the application files into the container and set ownership
COPY --chown=apiuser:apiuser ./tracecat /app/tracecat
COPY --chown=apiuser:apiuser ./registry /app/registry
COPY --chown=apiuser:apiuser ./pyproject.toml /app/pyproject.toml
COPY --chown=apiuser:apiuser ./README.md /app/README.md
COPY --chown=apiuser:apiuser ./LICENSE /app/LICENSE
COPY --chown=apiuser:apiuser ./alembic.ini /app/alembic.ini
COPY --chown=apiuser:apiuser ./alembic /app/alembic
# Copy the entrypoint script
COPY --chown=apiuser:apiuser scripts/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh
# Install package and registry
RUN uv pip install .
RUN uv pip install ./registry
# Ensure apiuser has write permissions to necessary directories
RUN chown -R apiuser:apiuser /tmp /home/apiuser
# Change to the non-root user
USER apiuser
ENTRYPOINT ["/app/entrypoint.sh"]
# Command to run the application
CMD ["sh", "-c", "python3 -m uvicorn tracecat.api.app:app --host $HOST --port $PORT"]