Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
132 lines (124 sloc)
4.05 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # code: language=Dockerfile | |
| # The code for the build image should be identical with the code in | |
| # Dockerfile.nginx to use the caching mechanism of Docker. | |
| # Ref: https://devguide.python.org/#branchstatus | |
| FROM python:3.8.12-slim-bullseye@sha256:3d3edc52cfae3ed6fb8303559f10184f962a8069194b2dee93baaac66ebedeb5 as base | |
| FROM base as build | |
| WORKDIR /app | |
| RUN \ | |
| apt-get -y update && \ | |
| apt-get -y install --no-install-recommends \ | |
| gcc \ | |
| build-essential \ | |
| dnsutils \ | |
| default-mysql-client \ | |
| libmariadb-dev-compat \ | |
| postgresql-client \ | |
| xmlsec1 \ | |
| git \ | |
| uuid-runtime \ | |
| && \ | |
| apt-get clean && \ | |
| rm -rf /var/lib/apt/lists && \ | |
| true | |
| COPY requirements.txt ./ | |
| # CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully | |
| # https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 | |
| RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt | |
| FROM base as django | |
| WORKDIR /app | |
| ARG uid=1001 | |
| ARG gid=1337 | |
| ARG appuser=defectdojo | |
| ENV appuser ${appuser} | |
| RUN \ | |
| apt-get -y update && \ | |
| # ugly fix to install postgresql-client without errors | |
| mkdir -p /usr/share/man/man1 /usr/share/man/man7 && \ | |
| apt-get -y install --no-install-recommends \ | |
| # libopenjp2-7 libjpeg62 libtiff5 are required by the pillow package | |
| libopenjp2-7 \ | |
| libjpeg62 \ | |
| libtiff5 \ | |
| dnsutils \ | |
| default-mysql-client \ | |
| libmariadb3 \ | |
| xmlsec1 \ | |
| git \ | |
| uuid-runtime \ | |
| # only required for the dbshell (used by the initializer job) | |
| postgresql-client \ | |
| && \ | |
| apt-get clean && \ | |
| rm -rf /var/lib/apt/lists && \ | |
| true | |
| COPY --from=build /tmp/wheels /tmp/wheels | |
| COPY requirements.txt ./ | |
| RUN pip3 install \ | |
| --no-cache-dir \ | |
| --no-index \ | |
| --find-links=/tmp/wheels \ | |
| -r ./requirements.txt | |
| COPY \ | |
| docker/entrypoint-celery-beat.sh \ | |
| docker/entrypoint-celery-worker.sh \ | |
| docker/entrypoint-initializer.sh \ | |
| docker/entrypoint-uwsgi.sh \ | |
| docker/entrypoint-uwsgi-dev.sh \ | |
| docker/entrypoint-unit-tests.sh \ | |
| docker/entrypoint-unit-tests-devDocker.sh \ | |
| docker/wait-for-it.sh \ | |
| docker/certs/* \ | |
| / | |
| COPY wsgi.py manage.py docker/unit-tests.sh ./ | |
| COPY dojo/ ./dojo/ | |
| # Add extra fixtures to docker image which are loaded by the initializer | |
| COPY docker/extra_fixtures/* /app/dojo/fixtures/ | |
| COPY tests/ ./tests/ | |
| RUN \ | |
| # Remove placeholder copied from docker/certs | |
| rm -f /readme.txt && \ | |
| # Remove placeholder copied from docker/extra_fixtures | |
| rm -f dojo/fixtures/readme.txt && \ | |
| mkdir -p dojo/migrations && \ | |
| chmod g=u dojo/migrations && \ | |
| true | |
| USER root | |
| RUN \ | |
| addgroup --gid ${gid} ${appuser} && \ | |
| adduser --system --no-create-home --disabled-password --gecos '' \ | |
| --uid ${uid} --gid ${gid} ${appuser} && \ | |
| chown -R root:root /app && \ | |
| chmod -R u+rwX,go+rX,go-w /app && \ | |
| # Allow for bind mounting local_settings.py and other setting overrides | |
| chown -R root:${appuser} /app/dojo/settings && \ | |
| chmod -R 775 /app/dojo/settings && \ | |
| mkdir /var/run/${appuser} && \ | |
| chown ${appuser} /var/run/${appuser} && \ | |
| chmod g=u /var/run/${appuser} && \ | |
| mkdir -p media/threat && chown -R ${uid} media | |
| USER ${uid} | |
| ENV \ | |
| # Only variables that are not defined in settings.dist.py | |
| DD_ADMIN_USER=admin \ | |
| DD_ADMIN_MAIL=admin@defectdojo.local \ | |
| DD_ADMIN_PASSWORD='' \ | |
| DD_ADMIN_FIRST_NAME=Admin \ | |
| DD_ADMIN_LAST_NAME=User \ | |
| DD_CELERY_LOG_LEVEL="INFO" \ | |
| DD_CELERY_WORKER_POOL_TYPE="solo" \ | |
| # Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room. | |
| # See https://docs.celeryproject.org/en/stable/userguide/workers.html#id12 for more details | |
| # DD_CELERY_WORKER_POOL_TYPE="prefork" \ | |
| # DD_CELERY_WORKER_AUTOSCALE_MIN="2" \ | |
| # DD_CELERY_WORKER_AUTOSCALE_MAX="8" \ | |
| # DD_CELERY_WORKER_CONCURRENCY="8" \ | |
| # DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \ | |
| DD_INITIALIZE=true \ | |
| DD_UWSGI_MODE="socket" \ | |
| DD_UWSGI_ENDPOINT="0.0.0.0:3031" \ | |
| DD_UWSGI_NUM_OF_PROCESSES="2" \ | |
| DD_UWSGI_NUM_OF_THREADS="2" | |
| ENTRYPOINT ["/entrypoint-uwsgi.sh"] | |
| FROM django as django-unittests | |
| COPY unittests/ ./unittests/ |