-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathamd64.dockerfile
87 lines (75 loc) · 2.88 KB
/
amd64.dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# :: Build
FROM python:3.11-alpine as build
ENV APP_VERSION=v1.13
RUN set -ex; \
apk add --update --no-cache \
curl \
wget \
unzip \
build-base \
linux-headers \
make \
cmake \
g++ \
git; \
git clone https://github.com/niccokunzmann/open-web-calendar.git; \
cd /open-web-calendar; \
git checkout ${APP_VERSION};
# :: Header
FROM python:3.11-alpine
ENV APP_ROOT=/ics
COPY --from=build /open-web-calendar/ ${APP_ROOT}/bin
# :: Run
USER root
# :: update image
RUN set -ex; \
apk --update --no-cache add \
curl \
tzdata \
shadow; \
apk update; \
apk upgrade;
# :: create user
RUN set -ex; \
addgroup --gid 1000 -S docker; \
adduser --uid 1000 -D -S -h / -s /sbin/nologin -G docker docker;
# :: prepare image
RUN set -ex; \
mkdir -p ${APP_ROOT}/bin/static/etc; \
ln -s ${APP_ROOT}/bin/static/etc ${APP_ROOT}/etc;
# :: install application
RUN set -ex; \
cd ${APP_ROOT}/bin; \
# fix security
# https://nvd.nist.gov/vuln/detail/CVE-2023-25577
# https://nvd.nist.gov/vuln/detail/CVE-2023-23934
# https://nvd.nist.gov/vuln/detail/CVE-2023-30861
# https://nvd.nist.gov/vuln/detail/CVE-2023-32681
rm requirements.txt; \
pip install --upgrade pip-tools -r requirements.in; \
pip-compile -o requirements.txt requirements.in; \
pip install --upgrade --no-cache-dir -r requirements.txt;
# :: copy root filesystem changes and add execution rights to init scripts
COPY ./rootfs /
RUN set -ex; \
chmod +x -R /usr/local/bin
# :: modify application
COPY ./build ${APP_ROOT}/bin
RUN set -ex; \
cd ${APP_ROOT}/bin; \
sed -i 's#<a class="item" id="infoIcon".\+</a>##' ./templates/calendars/dhtmlx.html; \
sed -i 's#DEBUG = os.environ.get("APP_DEBUG", "true").lower() == "true"#DEBUG = os.environ.get("ICS_DEBUG", "false").lower() == "false"#' ./app.py; \
sed -i 's#PORT = int(os.environ.get("PORT", "5000"))#PORT = int(os.environ.get("ICS_PORT", "5000"))#' ./app.py; \
sed -i 's#CACHE_REQUESTED_URLS_FOR_SECONDS = int(os.environ.get("CACHE_REQUESTED_URLS_FOR_SECONDS", 600))#CACHE_REQUESTED_URLS_FOR_SECONDS = int(os.environ.get("ICS_CACHE_LIFETIME", 60))#' ./app.py; \
sed -i 's#DEFAULT_SPECIFICATION_PATH = os.path.join(HERE, "default_specification.yml")#DEFAULT_SPECIFICATION_PATH = os.path.join(HERE, "static", "etc", "default.json")#' ./app.py; \
sed -i 's#PARAM_SPECIFICATION_URL = "specification_url"#PARAM_SPECIFICATION_URL = "calendar"#' ./app.py;
# :: change home path for existing user and set correct permission
RUN set -ex; \
usermod -d ${APP_ROOT} docker; \
chown -R 1000:1000 \
${APP_ROOT};
# :: Volumes
VOLUME ["${APP_ROOT}/etc"]
# :: Start
USER docker
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]