From 2a5e84730a82ebea4ea50e950629e0936826ff62 Mon Sep 17 00:00:00 2001 From: Eugene Davis Date: Tue, 13 Sep 2022 14:21:44 +0200 Subject: [PATCH 1/4] Execute docker as non-root --- Dockerfile | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index f6de520..ff9d55e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.8.12-slim-bullseye +FROM python:3.8.12-slim-bullseye as builder ARG with_models=false ARG models= @@ -13,24 +13,35 @@ RUN apt-get update -qq \ RUN apt-get update && apt-get upgrade --assume-yes -RUN pip install --upgrade pip +RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip COPY . . RUN if [ "$with_models" = "true" ]; then \ # install only the dependencies first - pip install -e .; \ + ./venv/bin/pip install -e .; \ # initialize the language models if [ ! -z "$models" ]; then \ - ./install_models.py --load_only_lang_codes "$models"; \ + ./venv/bin/python install_models.py --load_only_lang_codes "$models"; \ else \ - ./install_models.py; \ + ./venv/bin/python install_models.py; \ fi \ fi # Install package from source code -RUN pip install . \ - && pip cache purge +RUN ./venv/bin/pip install . \ + && ./venv/bin/pip cache purge + + + +FROM python:3.8.12-slim-bullseye + +RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate +RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt +USER libretranslate + +COPY --from=builder --chown=libretranslate:libretranslate /app /app +WORKDIR /app EXPOSE 5000 -ENTRYPOINT [ "libretranslate", "--host", "0.0.0.0" ] +ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ] From 81f667b2149fdecda693c2584dbfe41ebf01ed5a Mon Sep 17 00:00:00 2001 From: Eugene Davis Date: Tue, 13 Sep 2022 21:24:18 +0200 Subject: [PATCH 2/4] Move initialization into final image build --- Dockerfile | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index ff9d55e..4b65676 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,23 +17,11 @@ RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip COPY . . - -RUN if [ "$with_models" = "true" ]; then \ - # install only the dependencies first - ./venv/bin/pip install -e .; \ - # initialize the language models - if [ ! -z "$models" ]; then \ - ./venv/bin/python install_models.py --load_only_lang_codes "$models"; \ - else \ - ./venv/bin/python install_models.py; \ - fi \ - fi # Install package from source code RUN ./venv/bin/pip install . \ && ./venv/bin/pip cache purge - FROM python:3.8.12-slim-bullseye RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate @@ -43,5 +31,14 @@ USER libretranslate COPY --from=builder --chown=libretranslate:libretranslate /app /app WORKDIR /app +RUN if [ "$with_models" = "true" ]; then \ + # initialize the language models + if [ ! -z "$models" ]; then \ + ./venv/bin/python install_models.py --load_only_lang_codes "$models"; \ + else \ + ./venv/bin/python install_models.py; \ + fi \ + fi + EXPOSE 5000 ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ] From 9d6d06ceeb31e462ef151407ffb976b4b853165c Mon Sep 17 00:00:00 2001 From: Eugene Davis Date: Tue, 13 Sep 2022 23:09:20 +0200 Subject: [PATCH 3/4] Minor fixes --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4b65676..e23ae01 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,5 @@ FROM python:3.8.12-slim-bullseye as builder -ARG with_models=false -ARG models= - WORKDIR /app ARG DEBIAN_FRONTEND=noninteractive @@ -24,11 +21,14 @@ RUN ./venv/bin/pip install . \ FROM python:3.8.12-slim-bullseye +ARG with_models=false +ARG models= + RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt USER libretranslate -COPY --from=builder --chown=libretranslate:libretranslate /app /app +COPY --from=builder --chown=1032:1032 /app /app WORKDIR /app RUN if [ "$with_models" = "true" ]; then \ From cabb8872126908920923907a021d5e20673fe7f9 Mon Sep 17 00:00:00 2001 From: Eugene Davis Date: Wed, 14 Sep 2022 00:35:04 +0200 Subject: [PATCH 4/4] Update base image --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e23ae01..aea119a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.8.12-slim-bullseye as builder +FROM python:3.8.14-slim-bullseye as builder WORKDIR /app @@ -19,7 +19,7 @@ RUN ./venv/bin/pip install . \ && ./venv/bin/pip cache purge -FROM python:3.8.12-slim-bullseye +FROM python:3.8.14-slim-bullseye ARG with_models=false ARG models=