sv/tsun-gen3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S allius/issue216 (#235)

Browse Source 
* improve docker run

- establish multistage Dockerfile
- build a python wheel for all needed packages
- remove unneeded tools like apk for runtime

* pin versions, fix hadolint warnings

* merge from dev-0.12

---------

Co-authored-by: Michael Metz <michael.metz@siemens.com>
This commit is contained in:
Stefan Allius
2024-12-13 23:54:17 +01:00
committed by GitHub
parent 5501288b51
commit 4f0918ef83
3 changed files with 44 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Dockerfile
View File

@@ -5,13 +5,12 @@ ARG GID=1000
# #
# first stage for our base image # first stage for our base image
FROM python:3.13-alpine AS base FROM python:3.13-alpine AS base
USER root
COPY --chmod=0700 ./hardening_base.sh . COPY --chmod=0700 ./hardening_base.sh /
RUN apk upgrade --no-cache && \ RUN apk upgrade --no-cache && \
apk add --no-cache su-exec && \ apk add --no-cache su-exec=0.2-r3 && \
./hardening_base.sh && \ /hardening_base.sh && \
rm ./hardening_base.sh rm /hardening_base.sh
# #
# second stage for building wheels packages # second stage for building wheels packages
@@ -19,8 +18,8 @@ FROM base AS builder
# copy the dependencies file to the root dir and install requirements # copy the dependencies file to the root dir and install requirements
COPY ./requirements.txt /root/ COPY ./requirements.txt /root/
RUN apk add --no-cache build-base && \ RUN apk add --no-cache build-base=0.5-r3 && \
python -m pip install --no-cache-dir -U pip wheel && \ python -m pip install --no-cache-dir pip==24.3.1 wheel==0.45.1 && \
python -OO -m pip wheel --no-cache-dir --wheel-dir=/root/wheels -r /root/requirements.txt python -OO -m pip wheel --no-cache-dir --wheel-dir=/root/wheels -r /root/requirements.txt
@@ -50,9 +49,9 @@ VOLUME ["/home/$SERVICE_NAME/log", "/home/$SERVICE_NAME/config"]
# and unistall python packages and alpine package manger to reduce attack surface # and unistall python packages and alpine package manger to reduce attack surface
COPY --from=builder /root/wheels /root/wheels COPY --from=builder /root/wheels /root/wheels
COPY --chmod=0700 ./hardening_final.sh . COPY --chmod=0700 ./hardening_final.sh .
RUN python -m pip install --no-cache --no-index /root/wheels/* && \ RUN python -m pip install --no-cache-dir --no-cache --no-index /root/wheels/* && \
rm -rf /root/wheels && \ rm -rf /root/wheels && \
python -m pip uninstall --yes setuptools wheel pip && \ python -m pip uninstall --yes wheel pip && \
apk --purge del apk-tools && \ apk --purge del apk-tools && \
./hardening_final.sh && \ ./hardening_final.sh && \
rm ./hardening_final.sh rm ./hardening_final.sh

73
ha_addons/ha_addon/Dockerfile
View File

@@ -10,36 +10,40 @@
###################### ######################
# 1 Build Image # # 1 Build Base Image #
###################### ######################
ARG BUILD_FROM="ghcr.io/hassio-addons/base:stable" ARG BUILD_FROM="ghcr.io/hassio-addons/base:stable"
FROM $BUILD_FROM # hadolint ignore=DL3006
FROM $BUILD_FROM AS base
#######################
# 2 Modify Image #
#######################
#######################
# 3 Install apps #
#######################
# Installiere Python, pip und virtuelle Umgebungstools # Installiere Python, pip und virtuelle Umgebungstools
RUN apk add --no-cache python3 py3-pip py3-virtualenv RUN apk add --no-cache python3=3.12.8-r1 py3-pip=24.3.1-r0
# Erstelle ein virtuelles Umfeld und aktiviere es
RUN python3 -m venv /opt/venv
RUN . /opt/venv/bin/activate
# Stelle sicher, dass das Add-on das virtuelle Umfeld nutzt #######################
ENV PATH="/opt/venv/bin:$PATH" # 2 Build wheel #
#######################
FROM base AS builder
COPY rootfs/requirements.txt /root/
RUN apk add --no-cache build-base=0.5-r3 && \
python -m pip install --no-cache-dir wheel==0.45.1 && \
python -OO -m pip wheel --no-cache-dir --wheel-dir=/root/wheels -r /root/requirements.txt
#######################
# 3 Build runtime #
#######################
FROM base AS runtime
ARG SERVICE_NAME
ARG VERSION
ENV SERVICE_NAME=${SERVICE_NAME}
@@ -47,36 +51,31 @@ ENV PATH="/opt/venv/bin:$PATH"
# 4 Install libraries # # 4 Install libraries #
####################### #######################
# install the requirements from the wheels packages from the builder stage
# and unistall python packages and alpine package manger to reduce attack surface
# Kopiere die requirements.txt Datei in das Image COPY --from=builder /root/wheels /root/wheels
COPY rootfs/requirements.txt /tmp/requirements.txt RUN python -m pip install --no-cache-dir --no-cache --no-index /root/wheels/* && \
rm -rf /root/wheels && \
# installiere die Pakete aus requirements.txt python -m pip uninstall --yes wheel pip && \
RUN pip install --no-cache-dir -r /tmp/requirements.txt apk --purge del apk-tools
####################### #######################
# 5 copy data # # 5 copy data #
####################### #######################
# Add rootfs
COPY rootfs/ / COPY rootfs/ /
# make run.sh executable
RUN chmod a+x /run.sh
####################### #######################
# 6 run app # # 6 run app #
####################### #######################
ARG SERVICE_NAME # make run.sh executable
ARG VERSION RUN chmod a+x /run.sh && \
ENV SERVICE_NAME=${SERVICE_NAME} echo ${VERSION} > /proxy-version.txt
RUN echo ${VERSION} > /proxy-version.txt
# command to run on container start # command to run on container start
CMD [ "/run.sh" ] CMD [ "/run.sh" ]

3
repository.yaml
View File

@@ -1,3 +0,0 @@
name: TSUN-Proxy
url: https://github.com/s-allius/tsun-gen3-proxy/ha_addons
maintainer: Stefan Allius