A (very) simple, text only chatbot using Society AI inference endpoint
Update Dockerfile
All checks were successful
society-ai-hub-container-cache Actions Demo / build (push) Successful in 2m19s
All checks were successful
society-ai-hub-container-cache Actions Demo / build (push) Successful in 2m19s
This commit is contained in:
parent
14588f55a8
commit
74e74788b2
20
Dockerfile
20
Dockerfile
@ -1,28 +1,24 @@
|
||||
# Use a slim base image to reduce potential vulnerabilities
|
||||
FROM python:3.10-slim-bookworm
|
||||
|
||||
# Create a non-root user and group
|
||||
RUN groupadd -r appuser && useradd --no-log-init -r -g appuser appuser
|
||||
|
||||
# Set the working directory
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
# Copy the requirements file and install the dependencies
|
||||
COPY requirements.txt .
|
||||
COPY --chown=appuser:appuser requirements.txt .
|
||||
|
||||
# Install uv and the dependencies without caching to reduce image size
|
||||
RUN pip install --no-cache-dir uv==0.4.28 && \
|
||||
pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
# Copy the application code
|
||||
COPY . .
|
||||
# Copy the application code with appropriate ownership
|
||||
COPY --chown=appuser:appuser . .
|
||||
|
||||
# Create a non-root user and group
|
||||
RUN groupadd -r appuser && useradd --no-log-init -r -g appuser appuser
|
||||
|
||||
# Change ownership of the app directory to the new user
|
||||
RUN chown -R appuser:appuser /usr/src/app
|
||||
|
||||
# Restrict permissions on all directories except /usr/src/app and /tmp
|
||||
RUN chmod -R o-rwx / && \
|
||||
chmod -R o+rx /usr/src/app /tmp
|
||||
# Change permissions of the application directory
|
||||
RUN chmod -R 700 /usr/src/app
|
||||
|
||||
# Switch to the non-root user
|
||||
USER appuser
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user