Refactor Containerfile

* Bump Python version 3.9 -> 3.12 * Add ability to specify Python version as build argument * Use a 2-stage-build with virtual environment * Build in stage 0 * Execute in stage 1 * Do not call setup.py anymore, instead use pip install * Remove installation of sudo which seems to do nothing * Add .git folder to .dockerignore
nabla-c0d3 · Jun 14, 2024 · bddced6 · bddced6
1 parent 761892b
commit bddced6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 10 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -2,4 +2,5 @@
 **/__pycache__
 /tests
 /docs
-/.github
+/.github
+/.git
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,23 @@
-FROM python:3.9-slim
+# set python version
+ARG PYTHON_VERSION="3.12"
+
+FROM docker.io/python:${PYTHON_VERSION}-slim AS build
 COPY . /sslyze/
-# install latest updates as root
-RUN apt-get update \
-        && apt-get install -y sudo
+WORKDIR /sslyze
+# use a venv
+RUN python -m venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
 # install sslyze based on sourcecode
-RUN python -m pip install --upgrade pip setuptools wheel
-RUN python /sslyze/setup.py install
+RUN pip install --upgrade pip setuptools wheel
+RUN pip install .
+
+FROM docker.io/python:${PYTHON_VERSION}-slim AS run
 # set user to a non-root user sslyze
 RUN adduser --no-create-home --disabled-password --gecos "" --uid 1001 sslyze
 USER sslyze
-# restrict execution to sslyze
 WORKDIR /sslyze
-ENTRYPOINT ["python", "-m", "sslyze"]
-CMD ["-h"]
+# copy sslyze from build stage
+COPY --from=build /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+ENTRYPOINT ["sslyze"]
+CMD ["-h"]