Skip to content
This repository has been archived by the owner on Jun 26, 2024. It is now read-only.

Dockerfile improvements #11

Merged
merged 8 commits into from
Sep 12, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 19 additions & 25 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -6,38 +6,32 @@ FROM python:3.10.7-alpine3.16
LABEL org.opencontainers.image.authors="jeremy.frasier@trio.dhs.gov"
LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"

ARG CISA_GID=421
ARG CISA_UID=${CISA_GID}
ENV CISA_USER="cisa"
# Unprivileged user information
ARG CISA_UID=421
ENV CISA_GID=${CISA_UID}
ARG CISA_USER="cisa"
ENV CISA_GROUP=${CISA_USER}
ENV CISA_HOME="/home/cisa"
ENV CISA_HOME="/home/${CISA_USER}"

###
# Create unprivileged user
###
RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP}
RUN adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER}
RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \
&& adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER}

##
# Make sure pip, setuptools, and wheel are the latest versions
##
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
# Install core Python packages
RUN python3 -m pip install --no-cache-dir --upgrade \
pip==22.2.2 \
setuptools==65.3.0 \
wheel==0.37.1

##
# Install client-cert-update python requirements
##
# Install client-cert-update Python requirements
COPY src/requirements.txt /tmp
RUN pip install --no-cache-dir --requirement /tmp/requirements.txt
RUN python3 -m pip install --no-cache-dir --requirement /tmp/requirements.txt

# Put this just before we change users because the copy (and every
# step after it) will often be rerun by docker, but we need to be root
# for the chown command.
COPY src/email-update.py src/body.txt src/body.html $CISA_HOME/
RUN chown --recursive ${CISA_USER}:${CISA_USER} $CISA_HOME
# step after it) will often be rerun by Docker.
COPY --chown=${CISA_USER}:${CISA_GROUP} src/email-update.py src/body.txt src/body.html $CISA_HOME/

###
# Prepare to Run
###
# USER $USER
# Prepare to run
WORKDIR $CISA_HOME
ENTRYPOINT ["./email-update.py"]
USER $CISA_USER
ENTRYPOINT ["python3", "email-update.py"]
2 changes: 0 additions & 2 deletions src/email-update.py
100755 → 100644
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
#!/usr/bin/env python

"""email-update.py sends a list of HTTP sites requiring client certs.
Usage: