forked from censys/censys-cloud-connector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
60 lines (46 loc) · 2.07 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
ARG PYTHON_VERSION=3.9
ARG BASE_IMAGE=python:${PYTHON_VERSION}-alpine
# Target with build dependencies
FROM ${BASE_IMAGE} as builder
# Environment variables for efficient builds
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PYTHONHASHSEED=random \
PIP_NO_CACHE_DIR=off \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
POETRY_NO_INTERACTION=1 \
POETRY_VERSION=1.4.0 \
PIP_VERSION=23.0.1 \
SETUPTOOLS_VERSION=67.4.0
# Set the working directory
WORKDIR /app
# Copy the source code
COPY src/ /app/src/
# Copy the configuration/dependency files
COPY pyproject.toml poetry.lock poetry.toml README.md /app/
# Install OS dependencies (Rust must be installed for the cryptography package)
RUN apk add --update --no-cache make g++ openssl-dev libffi-dev rust cargo
# Install Python dependencies
RUN pip3 install --upgrade --ignore-installed "pip==$PIP_VERSION" "setuptools==$SETUPTOOLS_VERSION" "poetry==$POETRY_VERSION" && poetry install --without dev
# Target for the final image
FROM ${BASE_IMAGE} as app
# Set labels
LABEL org.opencontainers.image.title="Censys Cloud Connector" \
org.opencontainers.image.description="The Censys Unified Cloud Connector is a standalone connector that gathers assets from various cloud providers and stores them in Censys ASM." \
org.opencontainers.image.authors="Censys, Inc. <[email protected]>" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.source=https://github.com/censys/censys-cloud-connector \
org.opencontainers.image.documentation=https://github.com/censys/censys-cloud-connector#readme \
org.opencontainers.image.base.name="registry.hub.docker.com/library/${BASE_IMAGE}"
# Install OS dependencies and create a non-root user
RUN apk add --update --no-cache libstdc++ && \
addgroup -g 1000 censys && \
adduser -D -h /app -s /bin/bash -G censys -u 1000 censys
# Set the user and working directory
USER censys
WORKDIR /app
# Copy the source code
COPY --from=builder --chown=censys /app ./
# Set the command
CMD ["/app/.venv/bin/censys-cc", "scan"]