From 08695650afa9f745a4e0aed0b91eba146e16278f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 21 Jul 2024 09:02:48 +0000 Subject: [PATCH 1/6] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 - https://snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620 - https://snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0df8083..fb0559c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM python:3.11-slim +FROM python:3.13.0b3-slim WORKDIR /app From 51ee6f32c57deb83bbea366de4ff2ca1ffae4f4a Mon Sep 17 00:00:00 2001 From: Anselm Hahn Date: Sun, 21 Jul 2024 11:51:16 +0200 Subject: [PATCH 2/6] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fb0559c..575a0a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM python:3.13.0b3-slim +FROM python:3.13-slim WORKDIR /app From 3824d9bb6834a59990f67f1d4a375e90480f1a86 Mon Sep 17 00:00:00 2001 From: Anselm Hahn Date: Sun, 21 Jul 2024 11:54:23 +0200 Subject: [PATCH 3/6] Update Dockerfile --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 575a0a1..3290daf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM python:3.13-slim +FROM python:3.13.0b4-slim-bullseye WORKDIR /app @@ -8,9 +8,7 @@ COPY poetry.lock /app COPY pyproject.toml /app -RUN pip3 install --no-cache-dir poetry &&\ - poetry config virtualenvs.create false &&\ - poetry install --no-interaction +RUN pip3 install . COPY . /app From 78573c6da6fd3afb7a0f20f018e8a0598cddf918 Mon Sep 17 00:00:00 2001 From: Anselm Hahn Date: Sun, 21 Jul 2024 11:58:11 +0200 Subject: [PATCH 4/6] fix: Update Dockerfile --- Dockerfile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3290daf..52c3382 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,12 +4,17 @@ FROM python:3.13.0b4-slim-bullseye WORKDIR /app -COPY poetry.lock /app -COPY pyproject.toml /app +# Copying the poetry files first to cache the dependencies installation +COPY poetry.lock pyproject.toml /app/ +# Install poetry +RUN pip install poetry -RUN pip3 install . +# Install dependencies using poetry +RUN poetry config virtualenvs.create false \ + && poetry install --no-dev +# Copy the rest of the application code COPY . /app CMD ["python3", "-m", "tanabesugano"] From be8406d9b9bb3f668c1545eccb3c56f30e26efbb Mon Sep 17 00:00:00 2001 From: Anselm Hahn Date: Sun, 21 Jul 2024 12:00:17 +0200 Subject: [PATCH 5/6] fix: Update `pip install` --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 52c3382..a39982b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ WORKDIR /app COPY poetry.lock pyproject.toml /app/ # Install poetry -RUN pip install poetry +RUN pip install --no-cache-dir poetry # Install dependencies using poetry RUN poetry config virtualenvs.create false \ From b13bc68d0a386332fd163eb495f63df9795a47cd Mon Sep 17 00:00:00 2001 From: Anselm Hahn Date: Sun, 21 Jul 2024 12:03:42 +0200 Subject: [PATCH 6/6] fix: Add `python -m` for install --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a39982b..c2c9bda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,11 +8,12 @@ WORKDIR /app COPY poetry.lock pyproject.toml /app/ # Install poetry -RUN pip install --no-cache-dir poetry +RUN python -m pip install --upgrade pip \ + && python -m pip install --no-cache-dir poetry # Install dependencies using poetry -RUN poetry config virtualenvs.create false \ - && poetry install --no-dev +RUN python -m poetry config virtualenvs.create false \ + && python -m poetry install --no-dev # Copy the rest of the application code COPY . /app