username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
329563f4b9f8bf202e9022d86cf2422995e860d2
flaskpaste/Containerfile.slim
Username 329563f4b9
Some checks failed
CI / Security Scan (push) Successful in 19s
Details
CI / Lint & Format (push) Successful in 22s
Details
CI / Advanced Security Tests (push) Successful in 16s
Details
CI / Memory Leak Check (push) Successful in 20s
Details
CI / Security Tests (push) Successful in 25s
Details
CI / Unit Tests (push) Successful in 33s
Details
CI / Fuzz Testing (push) Successful in 24s
Details
CI / SBOM Generation (push) Successful in 20s
Details
CI / Harbor Vulnerability Scan (push) Has been cancelled
Details
CI / Build & Push Image (push) Has been cancelled
Details
containerfile: force reinstall jaraco.context to fix GHSA-58pv
2026-01-20 08:23:53 +01:00

71 lines
2.3 KiB
Docker
Raw Blame History

# FlaskPaste Slim Container Image (Alpine)
# Build: podman build -f Containerfile.slim -t flaskpaste:slim .
# Run: podman run -d -p 5000:5000 -v flaskpaste-data:/app/data flaskpaste:slim
#
# Alpine: Minimal base image with musl libc, actively maintained security patches
# For debugging with more tools, use the standard Containerfile instead
# Stage 1: Build dependencies
FROM python:3.11-alpine AS builder
WORKDIR /build
# Install build dependencies for compiled Python packages
RUN apk add --no-cache gcc musl-dev libffi-dev
# Create virtual environment and upgrade pip
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir --upgrade "pip>=25.3" wheel
# Install Python dependencies (includes security pins from requirements.txt)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn && \
pip install --no-cache-dir --force-reinstall "jaraco.context>=6.1.0"
# Stage 2: Alpine runtime (minimal)
FROM python:3.11-alpine
LABEL maintainer="FlaskPaste"
LABEL description="Minimal secure pastebin REST API (Alpine)"
# Apply security fixes to base image (versions from requirements.txt)
COPY requirements.txt /tmp/
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r /tmp/requirements.txt && \
pip install --no-cache-dir --force-reinstall "jaraco.context>=6.1.0" && \
rm /tmp/requirements.txt
# Create non-root user
RUN addgroup -g 65532 -S flaskpaste && adduser -u 65532 -S -G flaskpaste flaskpaste
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
WORKDIR /app
# Copy application files
COPY --chown=65532:65532 app/ ./app/
COPY --chown=65532:65532 wsgi.py .
COPY --chown=65532:65532 fpaste .
# Create data directory
RUN mkdir -p /app/data && chown -R flaskpaste:flaskpaste /app
USER flaskpaste
# Environment configuration
ENV FLASK_ENV=production
ENV FLASKPASTE_DB=/app/data/pastes.db
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
EXPOSE 5000
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')" || exit 1
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "2", "--access-logfile", "-", "wsgi:application"]
Reference in New Issue View Git Blame Copy Permalink