bstein/atlasbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security(atlasbot): run images as non-root

Browse Source
This commit is contained in:
jenkins 2026-04-22 00:00:09 -03:00
parent 7908019fc7
commit 48c639e651
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -11,6 +11,9 @@ COPY pyproject.toml /app/pyproject.toml
RUN pip install --no-cache-dir --retries 10 -r /app/requirements.txt RUN pip install --no-cache-dir --retries 10 -r /app/requirements.txt
COPY atlasbot /app/atlasbot COPY atlasbot /app/atlasbot
RUN addgroup --system atlasbot && \
adduser --system --ingroup atlasbot --home /app atlasbot && \
chown -R atlasbot:atlasbot /app
FROM base AS test FROM base AS test
COPY requirements-dev.txt /app/requirements-dev.txt COPY requirements-dev.txt /app/requirements-dev.txt
@ -21,4 +24,5 @@ COPY scripts /app/scripts
FROM base AS runtime FROM base AS runtime
EXPOSE 8090 EXPOSE 8090
USER atlasbot
CMD ["python", "-m", "atlasbot.main"] CMD ["python", "-m", "atlasbot.main"]

7
Dockerfile.base
View File

@ -6,4 +6,9 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
WORKDIR /app WORKDIR /app
COPY requirements.txt /app/requirements.txt COPY requirements.txt /app/requirements.txt
COPY requirements-dev.txt /app/requirements-dev.txt COPY requirements-dev.txt /app/requirements-dev.txt
RUN pip install --no-cache-dir -r /app/requirements.txt -r /app/requirements-dev.txt RUN pip install --no-cache-dir -r /app/requirements.txt -r /app/requirements-dev.txt && \
addgroup --system atlasbot && \
adduser --system --ingroup atlasbot --home /app atlasbot && \
chown -R atlasbot:atlasbot /app
USER atlasbot