Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
# code: language=Dockerfile
# The code for the build image should be identical with the code in
# Dockerfile.nginx to use the caching mechanism of Docker.
# Ref: https://devguide.python.org/#branchstatus
FROM python:3.8.12-slim-bullseye@sha256:3d3edc52cfae3ed6fb8303559f10184f962a8069194b2dee93baaac66ebedeb5 as base
FROM base as build
WORKDIR /app
RUN \
apt-get -y update && \
apt-get -y install --no-install-recommends \
gcc \
build-essential \
dnsutils \
default-mysql-client \
libmariadb-dev-compat \
postgresql-client \
xmlsec1 \
git \
uuid-runtime \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists && \
true
COPY requirements.txt ./
# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully
# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096
RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
FROM base as django
WORKDIR /app
ARG uid=1001
ARG gid=1337
ARG appuser=defectdojo
ENV appuser ${appuser}
RUN \
apt-get -y update && \
# ugly fix to install postgresql-client without errors
mkdir -p /usr/share/man/man1 /usr/share/man/man7 && \
apt-get -y install --no-install-recommends \
# libopenjp2-7 libjpeg62 libtiff5 are required by the pillow package
libopenjp2-7 \
libjpeg62 \
libtiff5 \
dnsutils \
default-mysql-client \
libmariadb3 \
xmlsec1 \
git \
uuid-runtime \
# only required for the dbshell (used by the initializer job)
postgresql-client \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists && \
true
COPY --from=build /tmp/wheels /tmp/wheels
COPY requirements.txt ./
RUN pip3 install \
--no-cache-dir \
--no-index \
--find-links=/tmp/wheels \
-r ./requirements.txt
COPY \
docker/entrypoint-celery-beat.sh \
docker/entrypoint-celery-worker.sh \
docker/entrypoint-initializer.sh \
docker/entrypoint-uwsgi.sh \
docker/entrypoint-uwsgi-dev.sh \
docker/entrypoint-unit-tests.sh \
docker/entrypoint-unit-tests-devDocker.sh \
docker/wait-for-it.sh \
docker/certs/* \
/
COPY wsgi.py manage.py docker/unit-tests.sh ./
COPY dojo/ ./dojo/
# Add extra fixtures to docker image which are loaded by the initializer
COPY docker/extra_fixtures/* /app/dojo/fixtures/
COPY tests/ ./tests/
RUN \
# Remove placeholder copied from docker/certs
rm -f /readme.txt && \
# Remove placeholder copied from docker/extra_fixtures
rm -f dojo/fixtures/readme.txt && \
mkdir -p dojo/migrations && \
chmod g=u dojo/migrations && \
true
USER root
RUN \
addgroup --gid ${gid} ${appuser} && \
adduser --system --no-create-home --disabled-password --gecos '' \
--uid ${uid} --gid ${gid} ${appuser} && \
chown -R root:root /app && \
chmod -R u+rwX,go+rX,go-w /app && \
# Allow for bind mounting local_settings.py and other setting overrides
chown -R root:${appuser} /app/dojo/settings && \
chmod -R 775 /app/dojo/settings && \
mkdir /var/run/${appuser} && \
chown ${appuser} /var/run/${appuser} && \
chmod g=u /var/run/${appuser} && \
mkdir -p media/threat && chown -R ${uid} media
USER ${uid}
ENV \
# Only variables that are not defined in settings.dist.py
DD_ADMIN_USER=admin \
DD_ADMIN_MAIL=admin@defectdojo.local \
DD_ADMIN_PASSWORD='' \
DD_ADMIN_FIRST_NAME=Admin \
DD_ADMIN_LAST_NAME=User \
DD_CELERY_LOG_LEVEL="INFO" \
DD_CELERY_WORKER_POOL_TYPE="solo" \
# Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room.
# See https://docs.celeryproject.org/en/stable/userguide/workers.html#id12 for more details
# DD_CELERY_WORKER_POOL_TYPE="prefork" \
# DD_CELERY_WORKER_AUTOSCALE_MIN="2" \
# DD_CELERY_WORKER_AUTOSCALE_MAX="8" \
# DD_CELERY_WORKER_CONCURRENCY="8" \
# DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \
DD_INITIALIZE=true \
DD_UWSGI_MODE="socket" \
DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
DD_UWSGI_NUM_OF_PROCESSES="2" \
DD_UWSGI_NUM_OF_THREADS="2"
ENTRYPOINT ["/entrypoint-uwsgi.sh"]
FROM django as django-unittests
COPY unittests/ ./unittests/