mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 14:04:20 +01:00
1215 dockerfile improvements (#1461)
* Switch Dockerfile from alpine to debian. Switch entrypoint from sh to bash * Closes #1215
This commit is contained in:
Kevin Chung
1
.github/workflows/tests.yml
vendored
1
.github/workflows/tests.yml
vendored
@@ -49,7 +49,6 @@ jobs:
|
|||||||
python -m pip install -r development.txt
|
python -m pip install -r development.txt
|
||||||
sudo yarn install --non-interactive
|
sudo yarn install --non-interactive
|
||||||
sudo yarn global add prettier@1.17.0
|
sudo yarn global add prettier@1.17.0
|
||||||
sudo python3.6 -m pip install black==19.3b0
|
|
||||||
|
|
||||||
- name: Lint
|
- name: Lint
|
||||||
run: make lint
|
run: make lint
|
||||||
|
|||||||
34
Dockerfile
34
Dockerfile
@@ -1,33 +1,37 @@
|
|||||||
FROM python:3.7-alpine
|
FROM python:3.7-slim-buster
|
||||||
WORKDIR /opt/CTFd
|
WORKDIR /opt/CTFd
|
||||||
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
|
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
|
||||||
|
|
||||||
RUN apk update && \
|
# hadolint ignore=DL3008
|
||||||
apk add --no-cache \
|
RUN apt-get update \
|
||||||
python \
|
&& apt-get install -y --no-install-recommends \
|
||||||
|
build-essential \
|
||||||
|
default-mysql-client \
|
||||||
python-dev \
|
python-dev \
|
||||||
linux-headers \
|
|
||||||
libffi-dev \
|
libffi-dev \
|
||||||
gcc \
|
libssl-dev \
|
||||||
make \
|
git\
|
||||||
musl-dev \
|
&& apt-get clean \
|
||||||
py-pip \
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
mysql-client \
|
|
||||||
git \
|
|
||||||
openssl-dev
|
|
||||||
|
|
||||||
COPY . /opt/CTFd
|
COPY . /opt/CTFd
|
||||||
|
|
||||||
RUN pip install -r requirements.txt --no-cache-dir
|
RUN pip install -r requirements.txt --no-cache-dir
|
||||||
|
# hadolint ignore=SC2086
|
||||||
RUN for d in CTFd/plugins/*; do \
|
RUN for d in CTFd/plugins/*; do \
|
||||||
if [ -f "$d/requirements.txt" ]; then \
|
if [ -f "$d/requirements.txt" ]; then \
|
||||||
pip install -r $d/requirements.txt --no-cache-dir; \
|
pip install -r $d/requirements.txt --no-cache-dir; \
|
||||||
fi; \
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
RUN chmod +x /opt/CTFd/docker-entrypoint.sh
|
RUN adduser \
|
||||||
RUN adduser -D -u 1001 -s /bin/sh ctfd
|
--disabled-login \
|
||||||
RUN chown -R 1001:1001 /opt/CTFd /var/log/CTFd /var/uploads
|
-u 1001 \
|
||||||
|
--gecos "" \
|
||||||
|
--shell /bin/bash \
|
||||||
|
ctfd
|
||||||
|
RUN chmod +x /opt/CTFd/docker-entrypoint.sh \
|
||||||
|
&& chown -R 1001:1001 /opt/CTFd /var/log/CTFd /var/uploads
|
||||||
|
|
||||||
USER 1001
|
USER 1001
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
set -eo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
WORKERS=${WORKERS:-1}
|
WORKERS=${WORKERS:-1}
|
||||||
WORKER_CLASS=${WORKER_CLASS:-gevent}
|
WORKER_CLASS=${WORKER_CLASS:-gevent}
|
||||||
ACCESS_LOG=${ACCESS_LOG:--}
|
ACCESS_LOG=${ACCESS_LOG:--}
|
||||||
ERROR_LOG=${ERROR_LOG:--}
|
ERROR_LOG=${ERROR_LOG:--}
|
||||||
WORKER_TEMP_DIR=${WORKER_TEMP_DIR:-/dev/shm}
|
WORKER_TEMP_DIR=${WORKER_TEMP_DIR:-/dev/shm}
|
||||||
|
SECRET_KEY=${SECRET_KEY:-}
|
||||||
|
DATABASE_URL=${DATABASE_URL:-}
|
||||||
|
|
||||||
# Check that a .ctfd_secret_key file or SECRET_KEY envvar is set
|
# Check that a .ctfd_secret_key file or SECRET_KEY envvar is set
|
||||||
if [ ! -f .ctfd_secret_key ] && [ -z "$SECRET_KEY" ]; then
|
if [ ! -f .ctfd_secret_key ] && [ -z "$SECRET_KEY" ]; then
|
||||||
|
|||||||
Reference in New Issue
Block a user