-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile.python3.9
58 lines (52 loc) · 1.98 KB
/
Dockerfile.python3.9
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
FROM alpine:3.15 as builder
RUN set -eux \
&& apk add --no-cache \
bc \
gcc \
libxml2-dev \
libxslt-dev \
musl-dev \
py3-pip \
python3 \
python3-dev
ARG BANDIT_VERSION
RUN set -eux \
&& if [ "${BANDIT_VERSION}" = "latest" ]; then \
pip3 install --no-cache-dir --no-compile bandit; \
else \
pip3 install --no-cache-dir --no-compile "bandit>=${BANDIT_VERSION},<$(echo "${BANDIT_VERSION}+1" | bc)"; \
fi \
\
&& bandit --version | grep -E '^bandit\s[0-9]+' \
\
&& pip3 install --no-cache-dir \
lxml \
\
&& find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \
&& find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf
FROM alpine:3.15 as production
ARG BANDIT_VERSION
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <[email protected]>"
LABEL "org.opencontainers.image.authors"="cytopia <[email protected]>"
LABEL "org.opencontainers.image.vendor"="cytopia"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-bandit"
LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-bandit"
LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-bandit"
LABEL "org.opencontainers.image.ref.name"="bandit ${BANDIT_VERSION}"
LABEL "org.opencontainers.image.title"="bandit ${BANDIT_VERSION}"
LABEL "org.opencontainers.image.description"="bandit ${BANDIT_VERSION}"
RUN set -eux \
&& apk add --no-cache \
python3 \
&& ln -sf /usr/bin/python3 /usr/bin/python \
&& find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \
&& find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf
COPY --from=builder /usr/lib/python3.9/site-packages/ /usr/lib/python3.9/site-packages/
COPY --from=builder /usr/bin/bandit /usr/bin/bandit
WORKDIR /data
ENTRYPOINT ["bandit"]