diff --git a/Dockerfile b/Dockerfile index 8105de47..82359bbd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,13 @@ -FROM node:23-bullseye AS node_builder +ARG ecr_path=public.ecr.aws/docker/library/ +ARG alpine_version=alpine3.20 +ARG python_version=python:3.11 +ARG node_version=node:23 + +# The node builder image, used to build the virtual environment +FROM ${ecr_path}${node_version}-${alpine_version} AS node_builder + +# Install dependencies for npm install command +RUN apk add --no-cache bash WORKDIR /app COPY . . @@ -6,7 +15,10 @@ COPY . . RUN npm install --omit=dev # The builder image, used to build the virtual environment -FROM python:3.11-buster AS builder +FROM ${ecr_path}${python_version}-${alpine_version} AS python_builder + +# Install dependencies for compiling .po files +RUN apk add --no-cache bash make gettext gcc musl-dev libffi-dev WORKDIR /app COPY --from=node_builder /app . @@ -16,17 +28,13 @@ ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 # Install poetry via pip -RUN pip install poetry==1.7.1 +RUN pip install poetry==1.8.4 ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_IN_PROJECT=1 \ POETRY_VIRTUALENVS_CREATE=1 \ POETRY_CACHE_DIR=/tmp/poetry_cache -# Update and install dependencies for compiling .po files -RUN apt-get update && \ - apt-get install --no-install-recommends -y make gettext - COPY pyproject.toml poetry.lock Makefile ./ COPY lib ./lib COPY locale ./ @@ -35,11 +43,13 @@ RUN poetry install --without dev --no-root && rm -rf $POETRY_CACHE_DIR RUN make compilemessages # The runtime image, used to just run the code provided its virtual environment -FROM python:3.11-slim-buster AS runtime +FROM ${ecr_path}${python_version}-${alpine_version} AS runtime + +# Workaround for CVE-2024-6345 upgrade the installed version of setuptools to the latest version +RUN pip install -U setuptools -# Update and Install Netcat -RUN apt-get update && \ - apt-get install --no-install-recommends -y netcat +# Install dependencies for the runtime image +RUN apk add --no-cache bash make netcat-openbsd WORKDIR /app @@ -48,9 +58,9 @@ ENV VIRTUAL_ENV=/app/.venv \ # copy project and dependencies COPY . . -COPY --from=builder /app/static ./static -COPY --from=builder /app/locale ./locale -COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV} +COPY --from=python_builder /app/static ./static +COPY --from=python_builder /app/locale ./locale +COPY --from=python_builder ${VIRTUAL_ENV} ${VIRTUAL_ENV} RUN chmod +x ./scripts/app-entrypoint.sh