Dockerfile-admiral

FROM python:3.10.4-alpine

# For a list of pre-defined annotation keys and value types see:
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
# Note: Additional labels are added by the build workflow.
LABEL org.opencontainers.image.authors="mark.feldhousen@trio.dhs.gov"
LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"

ARG CISA_UID=421
ARG INSTALL_IPYTHON="Yes Please"
ARG CISA_SRC="/usr/src"
ENV CISA_HOME="/home/cisa" \
    ADMIRAL_CONFIG_FILE="/run/secrets/admiral.yml" \
    ADMIRAL_CONFIG_SECTION="dev-mode" \
    ADMIRAL_WORKER_NAME="dev"

RUN addgroup --system --gid ${CISA_UID} cisa \
  && adduser --system --uid ${CISA_UID} --ingroup cisa cisa \
  && mkdir --parents ${CISA_HOME} \
  && chown --recursive cisa:cisa ${CISA_HOME}

RUN apk --no-cache add \
    gcc \
    libffi-dev \
    make  \
    musl-dev \
    nmap \
    nmap-scripts \
    openssl-dev \
    python3-dev \
    sudo

RUN echo "cisa ALL=(root) NOPASSWD: /usr/bin/nmap" > /etc/sudoers.d/cisa_nmap \
  && chmod 0440 /etc/sudoers.d/cisa_nmap

RUN python3 -m pip --no-cache-dir install --upgrade pip setuptools wheel

WORKDIR ${CISA_SRC}

COPY src src
COPY setup.py README.md ./
RUN if [ -n "${INSTALL_IPYTHON}" ]; \
  then python3 -m pip --no-cache-dir install --editable .[test]; \
  else python3 -m pip --no-cache-dir install --editable .; fi

USER cisa
WORKDIR ${CISA_HOME}
ENTRYPOINT ["admiral"]