Execute docker as non-root

This commit is contained in:
Eugene Davis 2022-09-13 14:21:44 +02:00
parent 299e5c3aa0
commit 2a5e84730a
No known key found for this signature in database
GPG key ID: 4F8D810C1E74BE07

View file

@ -1,4 +1,4 @@
FROM python:3.8.12-slim-bullseye
FROM python:3.8.12-slim-bullseye as builder
ARG with_models=false
ARG models=
@ -13,24 +13,35 @@ RUN apt-get update -qq \
RUN apt-get update && apt-get upgrade --assume-yes
RUN pip install --upgrade pip
RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip
COPY . .
RUN if [ "$with_models" = "true" ]; then \
# install only the dependencies first
pip install -e .; \
./venv/bin/pip install -e .; \
# initialize the language models
if [ ! -z "$models" ]; then \
./install_models.py --load_only_lang_codes "$models"; \
./venv/bin/python install_models.py --load_only_lang_codes "$models"; \
else \
./install_models.py; \
./venv/bin/python install_models.py; \
fi \
fi
# Install package from source code
RUN pip install . \
&& pip cache purge
RUN ./venv/bin/pip install . \
&& ./venv/bin/pip cache purge
FROM python:3.8.12-slim-bullseye
RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate
RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt
USER libretranslate
COPY --from=builder --chown=libretranslate:libretranslate /app /app
WORKDIR /app
EXPOSE 5000
ENTRYPOINT [ "libretranslate", "--host", "0.0.0.0" ]
ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ]