From 7c0db68c104b514e3fcea927192e843a01c85a36 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Fri, 17 Feb 2023 11:54:33 -0400
Subject: [PATCH] Update Dockerfile

- Run as aura with AURA_UID
- Use WORKDIR /app
- Install Poetry in /opt/poetry
---
 Dockerfile | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0cce9774..25f207a9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,18 @@
 FROM python:3.10-slim-bullseye AS base
 
-ENV PYTHONDONTWRITEBYTECODE 1
+ENV AURA_UID=2872
+ENV POETRY_CACHE_DIR=/app/.cache
+ENV POETRY_HOME=/opt/poetry
+ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
+ENV PATH="${POETRY_HOME}/bin:${PATH}"
 
-WORKDIR /steering
-COPY poetry.lock pyproject.toml ./
+WORKDIR /app
+
+COPY poetry.lock pyproject.toml /app/
 
 RUN apt-get update && apt-get install -y curl gcc graphviz ldap-utils libldap2-dev libmagic1 libsasl2-dev
+RUN python -m venv ${POETRY_HOME}
 RUN pip install poetry==1.3.2
 RUN poetry install
 
@@ -14,11 +20,19 @@ EXPOSE 8000
 
 FROM base AS dev
 
-VOLUME ["/steering"]
-CMD ["poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000"]
+COPY . .
+
+VOLUME ["/app"]
 
+RUN adduser --home /app --no-create-home --system --uid ${AURA_UID} --group app
+RUN chown -R app:app /app
+
+USER app
+
+CMD ["poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000"]
 
 FROM base AS prod
 
 COPY . .
+
 CMD ["sh", "-c", "poetry run gunicorn --bind 0.0.0.0:8000 --workers $(nproc) steering.wsgi"]
-- 
GitLab