diff --git a/Dockerfile b/Dockerfile index 9915ef6..9bc1e48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,11 +5,25 @@ FROM python:3 -# Install dependencies +# Create non-root user +ARG LUMI2_UID +ARG LUMI2_GID +ENV LUMI2_USERNAME=lumi2 +ENV LUMI2_GROUPNAME=lumi2 +RUN groupadd --gid ${LUMI2_GID:-1000} ${LUMI2_GROUPNAME} && \ + useradd --uid ${LUMI2_UID:-1000} --gid ${LUMI2_GID:-1000} --no-create-home --shell /bin/bash ${LUMI2_USERNAME} && \ + mkdir /app && chown ${LUMI2_UID:-1000}:${LUMI2_GID:-1000} /app + +# Copy source files WORKDIR /app -COPY requirements.txt /app/ -COPY lumi2 /app/lumi2/ -COPY tests /app/tests/ -COPY pytest.ini /app/ +COPY --chown=${LUMI2_USERNAME}:${LUMI2_GROUPNAME} requirements.txt /app/ +COPY --chown=${LUMI2_USERNAME}:${LUMI2_GROUPNAME} lumi2 /app/lumi2/ +COPY --chown=${LUMI2_USERNAME}:${LUMI2_GROUPNAME} tests /app/tests/ +COPY --chown=${LUMI2_USERNAME}:${LUMI2_GROUPNAME} pytest.ini /app/ + +# Install dependencies RUN pip install -r requirements.txt + +# Launch WSGI server +USER ${LUMI2_UID:-1000}:${LUMI2_GID:-1000} ENTRYPOINT ["waitress-serve", "--listen=0.0.0.0:80", "--no-ipv6", "--call", "lumi2:create_app"] diff --git a/docker-compose.yml b/docker-compose.yml index 7f6364e..c26730e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,12 +4,16 @@ version: "3" services: lumi2: - build: . container_name: lumi2 + build: + context: . + args: + LUMI2_UID: 1000 + LUMI2_GID: 1000 volumes: - ./config.py/:/app/config.py:ro environment: - - LUMI_CONFIG=/app/config.py + - LUMI2_CONFIG=/app/config.py ports: - "8000:80" depends_on: diff --git a/lumi2/__init__.py b/lumi2/__init__.py index 56cf4a0..c754ed0 100644 --- a/lumi2/__init__.py +++ b/lumi2/__init__.py @@ -20,7 +20,7 @@ def create_app(test_config=None): if test_config is None: # Load the instance config, if it exists, when not testing - app.config.from_envvar('LUMI_CONFIG', silent=True) + app.config.from_envvar('LUMI2_CONFIG', silent=True) else: # Load the test config if passed in app.config.from_mapping(test_config)