Execute docker as non-root

2024-11-21 15:31:00 +00:00 · 2022-09-13 14:21:44 +02:00 · 2022-09-13 14:21:44 +02:00 · 2a5e84730a
commit 2a5e84730a
parent 299e5c3aa0
1 changed files with 19 additions and 8 deletions
--- a/27
+++ b/27
@ -1,4 +1,4 @@
-FROM python:3.8.12-slim-bullseye
+FROM python:3.8.12-slim-bullseye as builder

 ARG with_models=false
 ARG models=
@ -13,24 +13,35 @@ RUN apt-get update -qq \

 RUN apt-get update && apt-get upgrade --assume-yes

-RUN pip install --upgrade pip
+RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip

 COPY . .


 RUN if [ "$with_models" = "true" ]; then  \
  # install only the dependencies first
-  pip install -e .;  \
+  ./venv/bin/pip install -e .;  \
  # initialize the language models
  if [ ! -z "$models" ]; then \
-  ./install_models.py --load_only_lang_codes "$models";   \
+  ./venv/bin/python install_models.py --load_only_lang_codes "$models";   \
  else \
-  ./install_models.py;  \
+  ./venv/bin/python install_models.py;  \
  fi \
  fi
 # Install package from source code
-RUN pip install . \
-  && pip cache purge
+RUN ./venv/bin/pip install . \
+  && ./venv/bin/pip cache purge
+
+
+
+FROM python:3.8.12-slim-bullseye
+
+RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate
+RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt
+USER libretranslate
+
+COPY --from=builder --chown=libretranslate:libretranslate /app /app
+WORKDIR /app

 EXPOSE 5000
-ENTRYPOINT [ "libretranslate", "--host", "0.0.0.0" ]
+ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ]