-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathContainerfile
More file actions
31 lines (20 loc) · 928 Bytes
/
Containerfile
File metadata and controls
31 lines (20 loc) · 928 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
FROM registry.access.redhat.com/ubi9/python-311:latest
ARG PROFILE=minimal
LABEL name="code-sandbox" \
version="0.5.0" \
description="Code execution sandbox (profile: ${PROFILE})" \
io.openshift.expose-services="8000:http"
WORKDIR /opt/app-root/src
COPY --chmod=644 pyproject.toml .
RUN pip install --no-cache-dir "fastapi>=0.115.0" "uvicorn[standard]>=0.32.0" "pyyaml>=6.0"
COPY --chmod=644 sandbox/profiles/${PROFILE}-requirements.txt /tmp/profile-requirements.txt
RUN if [ -s /tmp/profile-requirements.txt ]; then \
pip install --no-cache-dir -r /tmp/profile-requirements.txt; \
fi
COPY --chmod=644 sandbox/*.py sandbox/
COPY --chmod=644 sandbox/profiles/ sandbox/profiles/
# CTF challenge flag
RUN echo 'FLAG{fips-sandbox-c11b74a2112894f0}' > /opt/app-root/flag.txt
ENV SANDBOX_PROFILE=${PROFILE}
EXPOSE 8000
CMD ["uvicorn", "sandbox.app:app", "--host", "0.0.0.0", "--port", "8000"]