From fcf07cb2b36656f01272cd1d2ec0ef513e152cbb Mon Sep 17 00:00:00 2001 From: Kirill Birger Date: Sun, 29 Sep 2024 18:08:22 -0400 Subject: [PATCH] Drop root during base image build and use venv (#1682) --- .github/workflows/release.yml | 4 ++-- Dockerfile.base | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index adaeb6e56..46d57bf31 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,8 +6,8 @@ on: env: PYTHON_VERSION: "3.11" - BASE_IMAGE_VERSION_STABLE: "1.0.10" - BASE_IMAGE_VERSION_BETA: "1.0.10" + BASE_IMAGE_VERSION_STABLE: "1.1.0" + BASE_IMAGE_VERSION_BETA: "1.1.0" jobs: build-artifact: diff --git a/Dockerfile.base b/Dockerfile.base index 3656e8550..09f97d027 100644 --- a/Dockerfile.base +++ b/Dockerfile.base @@ -29,18 +29,24 @@ RUN set -x \ RUN mkdir -p /usr/local/bin/widevine_cdm COPY widevine_cdm/* /usr/local/bin/widevine_cdm/ -# Upgrade pip + Install uv -RUN pip install --upgrade pip \ - && pip install uv==0.2.27 +RUN adduser -D app app \ + && chmod -R 775 /tmp \ + && chgrp -R app /tmp + +WORKDIR /home/app +USER app + # Configure runtime environmental variables ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2" -ENV VIRTUAL_ENV=/opt/venv +ENV VIRTUAL_ENV=/home/app/venv # create venv and set some permissions to allow running the container as non-root RUN python3 -m venv $VIRTUAL_ENV && \ - chmod -R 777 $VIRTUAL_ENV && \ - chmod -R 777 /tmp + + source $VIRTUAL_ENV/bin/activate && \ + pip install --upgrade pip \ + && pip install uv==0.4.17 ENV PATH="$VIRTUAL_ENV/bin:$PATH" WORKDIR $VIRTUAL_ENV