|
1 | | - |
2 | | -# code: language=Dockerfile |
3 | | - |
4 | | -# The code for the build image should be identical with the code in |
5 | | -# Dockerfile.nginx to use the caching mechanism of Docker. |
6 | | - |
7 | | -# Ref: https://devguide.python.org/#branchstatus |
8 | 1 | FROM python:3.11.11-slim-bookworm@sha256:42420f737ba91d509fc60d5ed65ed0492678a90c561e1fa08786ae8ba8b52eda AS base |
9 | | -FROM base AS build |
10 | | -WORKDIR /app |
11 | | -RUN \ |
12 | | - apt-get -y update && \ |
13 | | - apt-get -y install --no-install-recommends \ |
14 | | - gcc \ |
15 | | - build-essential \ |
16 | | - dnsutils \ |
17 | | - libpq-dev \ |
18 | | - postgresql-client \ |
19 | | - xmlsec1 \ |
20 | | - git \ |
21 | | - uuid-runtime \ |
22 | | - # libcurl4-openssl-dev is required for installing pycurl python package |
23 | | - libcurl4-openssl-dev \ |
24 | | - && \ |
25 | | - apt-get clean && \ |
26 | | - rm -rf /var/lib/apt/lists && \ |
27 | | - true |
28 | | -COPY requirements.txt ./ |
29 | | -# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully |
30 | | -# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 |
31 | | -RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt |
32 | | - |
33 | | -FROM base AS django |
34 | | -WORKDIR /app |
35 | | -ARG uid=1001 |
36 | | -ARG gid=1337 |
37 | | -ARG appuser=defectdojo |
38 | | -ENV appuser=${appuser} |
39 | | -RUN \ |
40 | | - apt-get -y update && \ |
41 | | - # ugly fix to install postgresql-client without errors |
42 | | - mkdir -p /usr/share/man/man1 /usr/share/man/man7 && \ |
43 | | - apt-get -y install --no-install-recommends \ |
44 | | - # libopenjp2-7 libjpeg62 libtiff are required by the pillow package |
45 | | - libopenjp2-7 \ |
46 | | - libjpeg62 \ |
47 | | - libtiff6 \ |
48 | | - dnsutils \ |
49 | | - xmlsec1 \ |
50 | | - git \ |
51 | | - uuid-runtime \ |
52 | | - libpq-dev \ |
53 | | - # only required for the dbshell (used by the initializer job) |
54 | | - postgresql-client \ |
55 | | - # libcurl4-openssl-dev is required for installing pycurl python package |
56 | | - libcurl4-openssl-dev \ |
57 | | - && \ |
58 | | - apt-get clean && \ |
59 | | - rm -rf /var/lib/apt/lists && \ |
60 | | - true |
61 | | -COPY --from=build /tmp/wheels /tmp/wheels |
62 | | -COPY requirements.txt ./ |
63 | | -RUN export PYCURL_SSL_LIBRARY=openssl && \ |
64 | | - pip3 install \ |
65 | | - --no-cache-dir \ |
66 | | - --no-index \ |
67 | | - --find-links=/tmp/wheels \ |
68 | | - -r ./requirements.txt |
69 | | - |
70 | | -COPY \ |
71 | | - docker/entrypoint-celery-beat.sh \ |
72 | | - docker/entrypoint-celery-worker.sh \ |
73 | | - docker/entrypoint-initializer.sh \ |
74 | | - docker/entrypoint-first-boot.sh \ |
75 | | - docker/entrypoint-uwsgi.sh \ |
76 | | - docker/entrypoint-uwsgi-dev.sh \ |
77 | | - docker/entrypoint-unit-tests.sh \ |
78 | | - docker/entrypoint-unit-tests-devDocker.sh \ |
79 | | - docker/wait-for-it.sh \ |
80 | | - docker/secret-file-loader.sh \ |
81 | | - docker/reach_database.sh \ |
82 | | - docker/certs/* \ |
83 | | - / |
84 | | -COPY wsgi.py manage.py docker/unit-tests.sh ./ |
85 | | -COPY dojo/ ./dojo/ |
86 | | - |
87 | | -# Add extra fixtures to docker image which are loaded by the initializer |
88 | | -COPY docker/extra_fixtures/* /app/dojo/fixtures/ |
89 | | - |
90 | | -COPY tests/ ./tests/ |
91 | | -RUN \ |
92 | | - # Remove placeholder copied from docker/certs |
93 | | - rm -f /readme.txt && \ |
94 | | - # Remove placeholder copied from docker/extra_fixtures |
95 | | - rm -f dojo/fixtures/readme.txt && \ |
96 | | - mkdir -p dojo/migrations && \ |
97 | | - chmod g=u dojo/migrations && \ |
98 | | - true |
99 | | -USER root |
100 | | -RUN \ |
101 | | - addgroup --gid ${gid} ${appuser} && \ |
102 | | - adduser --system --no-create-home --disabled-password --gecos '' \ |
103 | | - --uid ${uid} --gid ${gid} ${appuser} && \ |
104 | | - chown -R root:root /app && \ |
105 | | - chmod -R u+rwX,go+rX,go-w /app && \ |
106 | | - # Allow for bind mounting local_settings.py and other setting overrides |
107 | | - chown -R root:${appuser} /app/dojo/settings && \ |
108 | | - chmod -R 775 /app/dojo/settings && \ |
109 | | - mkdir /var/run/${appuser} && \ |
110 | | - chown ${appuser} /var/run/${appuser} && \ |
111 | | - chmod g=u /var/run/${appuser} && \ |
112 | | - chmod 775 /*.sh && \ |
113 | | - mkdir -p media/threat && chown -R ${uid} media && \ |
114 | | - # To avoid warning: (staticfiles.W004) The directory '/app/components/node_modules' in the STATICFILES_DIRS setting does not exist. |
115 | | - mkdir -p components/node_modules && \ |
116 | | - chown ${appuser} components/node_modules |
117 | | -USER ${uid} |
118 | | -ENV \ |
119 | | - # Only variables that are not defined in settings.dist.py |
120 | | - DD_ADMIN_USER=admin \ |
121 | | - DD_ADMIN_MAIL=admin@defectdojo.local \ |
122 | | - DD_ADMIN_PASSWORD='' \ |
123 | | - DD_ADMIN_FIRST_NAME=Admin \ |
124 | | - DD_ADMIN_LAST_NAME=User \ |
125 | | - DD_CELERY_LOG_LEVEL="INFO" \ |
126 | | - DD_CELERY_WORKER_POOL_TYPE="solo" \ |
127 | | - # Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room. |
128 | | - # See https://docs.celeryproject.org/en/stable/userguide/workers.html#id12 for more details |
129 | | - # DD_CELERY_WORKER_POOL_TYPE="prefork" \ |
130 | | - # DD_CELERY_WORKER_AUTOSCALE_MIN="2" \ |
131 | | - # DD_CELERY_WORKER_AUTOSCALE_MAX="8" \ |
132 | | - # DD_CELERY_WORKER_CONCURRENCY="8" \ |
133 | | - # DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \ |
134 | | - DD_INITIALIZE=true \ |
135 | | - DD_UWSGI_MODE="socket" \ |
136 | | - DD_UWSGI_ENDPOINT="0.0.0.0:3031" \ |
137 | | - DD_UWSGI_NUM_OF_PROCESSES="2" \ |
138 | | - DD_UWSGI_NUM_OF_THREADS="2" |
139 | | -ENTRYPOINT ["/entrypoint-uwsgi.sh"] |
140 | | - |
141 | | -FROM django AS django-unittests |
142 | | -COPY unittests/ ./unittests/ |
0 commit comments