username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca1cbd6e73ff3a0b3b05be94b630439ace157008
flaskpaste/Containerfile
Username c31923f491
All checks were successful
CI / Security Scan (push) Successful in 34s
Details
CI / Lint & Format (push) Successful in 38s
Details
CI / Security Tests (push) Successful in 42s
Details
CI / Unit Tests (push) Successful in 1m5s
Details
CI / Advanced Security Tests (push) Successful in 28s
Details
CI / Memory Leak Check (push) Successful in 29s
Details
CI / Fuzz Testing (push) Successful in 40s
Details
CI / SBOM Generation (push) Successful in 29s
Details
CI / Build & Push Image (push) Successful in 37s
Details
CI / Harbor Vulnerability Scan (push) Successful in 37s
Details
containerfile: pin wheel>=0.46.2 in runtime stage
2026-02-16 22:32:55 +01:00

67 lines
2.1 KiB
Docker
Raw Blame History

# FlaskPaste Container Image (Alpine)
# Build: podman build -t flaskpaste .
# Run: podman run -d -p 5000:5000 -v flaskpaste-data:/app/data flaskpaste
# Stage 1: Build dependencies
FROM python:3.11-alpine AS builder
WORKDIR /build
# Install build dependencies for compiled Python packages
RUN apk add --no-cache gcc musl-dev libffi-dev
# Create virtual environment and upgrade pip
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir --upgrade pip 'wheel>=0.46.2'
# Install Python dependencies (includes security pins from requirements.txt)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn \
&& pip cache purge 2>/dev/null || true \
&& rm -rf /opt/venv/lib/python*/site-packages/setuptools/_vendor/jaraco*
# Stage 2: Alpine runtime (minimal)
FROM python:3.11-alpine
LABEL maintainer="FlaskPaste"
LABEL description="Minimal secure pastebin REST API"
# Apply security fixes to base image, remove vendored vulnerable packages
RUN pip install --no-cache-dir --upgrade pip 'wheel>=0.46.2' 'setuptools>=80.0' 'jaraco.context>=6.1.0' \
&& pip cache purge 2>/dev/null || true \
&& rm -rf /root/.cache /usr/local/lib/python*/site-packages/setuptools/_vendor/jaraco*
# Create non-root user
RUN addgroup -g 65532 -S flaskpaste && adduser -u 65532 -S -G flaskpaste flaskpaste
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
WORKDIR /app
# Copy application files
COPY --chown=65532:65532 app/ ./app/
COPY --chown=65532:65532 wsgi.py .
COPY --chown=65532:65532 fpaste .
# Create data directory
RUN mkdir -p /app/data && chown -R flaskpaste:flaskpaste /app
USER flaskpaste
# Environment configuration
ENV FLASK_ENV=production
ENV FLASKPASTE_DB=/app/data/pastes.db
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
EXPOSE 5000
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')" || exit 1
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "2", "--access-logfile", "-", "wsgi:application"]
Reference in New Issue View Git Blame Copy Permalink