ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity
Files
402df5f5353167d2c2a23927a274a5faa925c3d3
flaskpaste/Containerfile
Username ee0e1211a6 containerfile: remove vendored jaraco.context dist-info 
setuptools vendors jaraco.context 5.3.0 internally; Trivy detects
this even with 6.1.0 installed separately. Remove the vendored
dist-info to silence the false positive.
2026-01-18 16:29:41 +01:00

66 lines
2.1 KiB
Docker
Raw Blame History

# FlaskPaste Container Image (Multi-Stage Build)
# Build: podman build -t flaskpaste .
# Run: podman run -d -p 5000:5000 -v flaskpaste-data:/app/data flaskpaste
# Stage 1: Build dependencies
FROM python:3.11-slim AS builder
WORKDIR /build
# Install build dependencies
RUN apt update && apt install -y --no-install-recommends gcc \
&& apt clean && rm -rf /var/lib/apt/lists/*
# Create virtual environment and upgrade pip
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir --upgrade pip wheel
# Install Python dependencies (includes security pins for setuptools, jaraco.context)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn \
&& rm -rf /opt/venv/lib/python*/site-packages/setuptools/_vendor/jaraco.context*.dist-info
# Stage 2: Runtime image
FROM python:3.11-slim
LABEL maintainer="FlaskPaste"
LABEL description="Lightweight secure pastebin REST API"
# Cleanup base image, fix base image vulnerabilities, create non-root user
# Note: System packages upgraded for Trivy scan; app runs from venv
RUN apt clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& pip install --no-cache-dir --upgrade pip 'setuptools>=80.0' 'jaraco.context>=6.1.0' \
&& rm -rf /usr/local/lib/python*/site-packages/setuptools/_vendor/jaraco.context*.dist-info \
&& groupadd -r flaskpaste && useradd -r -g flaskpaste flaskpaste
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
WORKDIR /app
# Copy application files
COPY app/ ./app/
COPY wsgi.py .
COPY fpaste .
# Create data directory with correct ownership
RUN mkdir -p /app/data && chown -R flaskpaste:flaskpaste /app
USER flaskpaste
# Environment defaults
ENV FLASK_ENV=production
ENV FLASKPASTE_DB=/app/data/pastes.db
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
EXPOSE 5000
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')" || exit 1
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "2", "--access-logfile", "-", "wsgi:application"]
View Git Blame Copy Permalink