mirror of
https://github.com/LibreTranslate/LibreTranslate.git
synced 2024-12-18 08:27:03 +02:00
Execute docker as non-root
This commit is contained in:
parent
299e5c3aa0
commit
2a5e84730a
27
Dockerfile
27
Dockerfile
@ -1,4 +1,4 @@
|
|||||||
FROM python:3.8.12-slim-bullseye
|
FROM python:3.8.12-slim-bullseye as builder
|
||||||
|
|
||||||
ARG with_models=false
|
ARG with_models=false
|
||||||
ARG models=
|
ARG models=
|
||||||
@ -13,24 +13,35 @@ RUN apt-get update -qq \
|
|||||||
|
|
||||||
RUN apt-get update && apt-get upgrade --assume-yes
|
RUN apt-get update && apt-get upgrade --assume-yes
|
||||||
|
|
||||||
RUN pip install --upgrade pip
|
RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
|
|
||||||
RUN if [ "$with_models" = "true" ]; then \
|
RUN if [ "$with_models" = "true" ]; then \
|
||||||
# install only the dependencies first
|
# install only the dependencies first
|
||||||
pip install -e .; \
|
./venv/bin/pip install -e .; \
|
||||||
# initialize the language models
|
# initialize the language models
|
||||||
if [ ! -z "$models" ]; then \
|
if [ ! -z "$models" ]; then \
|
||||||
./install_models.py --load_only_lang_codes "$models"; \
|
./venv/bin/python install_models.py --load_only_lang_codes "$models"; \
|
||||||
else \
|
else \
|
||||||
./install_models.py; \
|
./venv/bin/python install_models.py; \
|
||||||
fi \
|
fi \
|
||||||
fi
|
fi
|
||||||
# Install package from source code
|
# Install package from source code
|
||||||
RUN pip install . \
|
RUN ./venv/bin/pip install . \
|
||||||
&& pip cache purge
|
&& ./venv/bin/pip cache purge
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
FROM python:3.8.12-slim-bullseye
|
||||||
|
|
||||||
|
RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate
|
||||||
|
RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt
|
||||||
|
USER libretranslate
|
||||||
|
|
||||||
|
COPY --from=builder --chown=libretranslate:libretranslate /app /app
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
EXPOSE 5000
|
EXPOSE 5000
|
||||||
ENTRYPOINT [ "libretranslate", "--host", "0.0.0.0" ]
|
ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ]
|
||||||
|
Loading…
Reference in New Issue
Block a user