python-insecure-app/Dockerfile.distroless at main · trottomv/python-insecure-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# syntax=docker/dockerfile:1

ARG VIRTUAL_ENV=/opt/venv
ARG WORKDIR=/home

FROM python:3.13-slim-trixie AS build

LABEL project="Python Insecure App" service="FastAPI" stage="build"
ARG VIRTUAL_ENV
ARG WORKDIR
ENV VIRTUAL_ENV=${VIRTUAL_ENV} \
	WORKDIR=${WORKDIR}
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
WORKDIR ${WORKDIR}
COPY requirements/base.txt requirements/base.txt
COPY requirements/common.txt requirements/common.txt
RUN python3 -m venv ${VIRTUAL_ENV} \
	&& python3 -m pip install -r requirements/base.txt \
	&& python3 -m uv pip install -r requirements/common.txt

# https://console.cloud.google.com/artifacts/docker/distroless/us/gcr.io/python3-debian13/
FROM gcr.io/distroless/python3-debian13:nonroot@sha256:2882f4f2053db02a4c51fb88edc1488d1005971b28206fad7c699a93a4703737 AS distroless

LABEL project="Python Insecure App" service="FastAPI" stage="distroless"
ARG VIRTUAL_ENV
ARG WORKDIR
ENV INTERNAL_SERVICE_PORT=8000 \
	VIRTUAL_ENV=${VIRTUAL_ENV} \
	WORKDIR=${WORKDIR}
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
WORKDIR ${WORKDIR}
COPY --from=build /usr/local/bin /usr/local/bin
COPY --from=build /usr/local/lib /usr/local/lib
COPY --from=build ${VIRTUAL_ENV} ${VIRTUAL_ENV}
COPY app app
EXPOSE ${INTERNAL_SERVICE_PORT}
ENTRYPOINT [ "python3", "-m", "fastapi", "run", "app/main.py", "--port", "1337" ]