From a114e94b518d5ac2e8817be8d03ba4e337011c2a Mon Sep 17 00:00:00 2001 From: mahesh-naxa Date: Fri, 20 Oct 2023 10:01:25 +0545 Subject: [PATCH 1/3] add: sonarcube suggestions on disable package install recommends --- Dockerfile | 2 +- scripts/docker/tasking-manager/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ed62c181d0..569f644f3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,7 +91,7 @@ FROM runtime as prod USER root # Get the necessary bits for the health check RUN apt-get update && \ - apt-get install -y curl && \ + apt-get install --no-install-recommends -y curl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # Pre-compile packages to .pyc (init speed gains) diff --git a/scripts/docker/tasking-manager/Dockerfile b/scripts/docker/tasking-manager/Dockerfile index 274ebc5f57..62d77b0549 100644 --- a/scripts/docker/tasking-manager/Dockerfile +++ b/scripts/docker/tasking-manager/Dockerfile @@ -15,7 +15,7 @@ RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - # Install dependencies RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install -y nodejs libgeos-dev \ + && apt-get install -y --no-install-recommends nodejs libgeos-dev \ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Upgrade pip @@ -35,7 +35,7 @@ RUN pip install --no-cache-dir pdm \ && pdm install --prod --no-lock --no-editable # Setup and build frontend -RUN cd frontend && npm install && npm run build +RUN cd frontend && npm install --ignore-scripts && npm run build # INITIALIZATION From 1dbab2173e70d7abc4ae1a480c128ee80a78e1b9 Mon Sep 17 00:00:00 2001 From: mahesh-naxa Date: Fri, 20 Oct 2023 11:13:31 +0545 Subject: [PATCH 2/3] sonarcube: removed PATH & PYTHON_PATH that were never used. --- scripts/docker/tasking-manager/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/docker/tasking-manager/Dockerfile b/scripts/docker/tasking-manager/Dockerfile index 62d77b0549..394b4703bf 100644 --- a/scripts/docker/tasking-manager/Dockerfile +++ b/scripts/docker/tasking-manager/Dockerfile @@ -4,9 +4,6 @@ FROM python:${PYTHON_IMG_TAG}-bookworm RUN mkdir -p /usr/src/app WORKDIR /usr/src/app -ENV PATH="/usr/src/app/__pypackages__/${PYTHON_IMG_TAG}/bin:$PATH" \ - PYTHONPATH="/usr/src/app/__pypackages__/${PYTHON_IMG_TAG}/lib" - # INSTALLATION # Add repository for node From b12e816072ee4b6fda61e3a406b305abb78401a8 Mon Sep 17 00:00:00 2001 From: mahesh-naxa Date: Fri, 20 Oct 2023 11:17:53 +0545 Subject: [PATCH 3/3] docker: added appuser to override default root user in python3 image --- scripts/docker/tasking-manager/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/docker/tasking-manager/Dockerfile b/scripts/docker/tasking-manager/Dockerfile index 394b4703bf..09ec524cbb 100644 --- a/scripts/docker/tasking-manager/Dockerfile +++ b/scripts/docker/tasking-manager/Dockerfile @@ -4,8 +4,6 @@ FROM python:${PYTHON_IMG_TAG}-bookworm RUN mkdir -p /usr/src/app WORKDIR /usr/src/app -# INSTALLATION - # Add repository for node RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - @@ -23,6 +21,10 @@ ARG branch=develop RUN git clone --depth=1 git://github.com/hotosm/tasking-manager.git \ --branch $branch /usr/src/app +## Create & use new user to run pdm +RUN useradd --uid 9000 --create-home --home /home/appuser --shell /bin/false appuser +USER appuser:appuser + ## SETUP # Setup backend dependencies