derek-thomas
commited on
Commit
·
271d872
1
Parent(s):
e4449d4
Updating permissions
Browse files- Dockerfile +6 -3
Dockerfile
CHANGED
|
@@ -16,25 +16,28 @@ RUN apt-get update -y && apt-get install -y \
|
|
| 16 |
redis-server \
|
| 17 |
&& apt-get clean && rm -rf /var/lib/apt/lists/*
|
| 18 |
|
| 19 |
-
# Install Python requirements as root
|
| 20 |
COPY ./requirements.txt requirements.txt
|
| 21 |
RUN pip install --no-cache-dir --upgrade -r requirements.txt
|
| 22 |
|
| 23 |
# Switch to the non-root user
|
| 24 |
USER user
|
| 25 |
|
| 26 |
-
# Copy application code
|
| 27 |
COPY --chown=user . .
|
| 28 |
|
| 29 |
# Switch back to root to perform privileged operations
|
| 30 |
USER root
|
| 31 |
|
| 32 |
-
# Compile frontend assets and move to /srv
|
| 33 |
RUN reflex export --frontend-only --no-zip && mv .web/_static/* /srv/ && rm -rf .web
|
| 34 |
|
| 35 |
# Needed until Reflex properly passes SIGTERM on backend.
|
| 36 |
STOPSIGNAL SIGKILL
|
| 37 |
|
|
|
|
|
|
|
|
|
|
| 38 |
# Revert to non-root user for running the app
|
| 39 |
USER user
|
| 40 |
|
|
|
|
| 16 |
redis-server \
|
| 17 |
&& apt-get clean && rm -rf /var/lib/apt/lists/*
|
| 18 |
|
| 19 |
+
# Install Python requirements as root
|
| 20 |
COPY ./requirements.txt requirements.txt
|
| 21 |
RUN pip install --no-cache-dir --upgrade -r requirements.txt
|
| 22 |
|
| 23 |
# Switch to the non-root user
|
| 24 |
USER user
|
| 25 |
|
| 26 |
+
# Copy application code
|
| 27 |
COPY --chown=user . .
|
| 28 |
|
| 29 |
# Switch back to root to perform privileged operations
|
| 30 |
USER root
|
| 31 |
|
| 32 |
+
# Compile frontend assets and move to /srv
|
| 33 |
RUN reflex export --frontend-only --no-zip && mv .web/_static/* /srv/ && rm -rf .web
|
| 34 |
|
| 35 |
# Needed until Reflex properly passes SIGTERM on backend.
|
| 36 |
STOPSIGNAL SIGKILL
|
| 37 |
|
| 38 |
+
# Ensure the non-root user has ownership of the app directory
|
| 39 |
+
RUN chown -R user:user /app
|
| 40 |
+
|
| 41 |
# Revert to non-root user for running the app
|
| 42 |
USER user
|
| 43 |
|