cve-explorer-cli/Dockerfile at main · meddlin/cve-explorer-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Multi-stage build for CVE Explorer CLI
# Stage 1: Build the binary
FROM python:3.11-slim AS builder

# Set working directory
WORKDIR /app

# Install system dependencies for building
RUN apt-get update && apt-get install -y \
    gcc \
    g++ \
    && rm -rf /var/lib/apt/lists/*

# Copy requirements and install Python dependencies
COPY requirements.txt requirements-dev.txt ./
RUN pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt

# Copy source code
COPY src/ ./src/
COPY cvex.spec ./

# Build the binary
RUN pyinstaller cvex.spec

# Stage 2: Runtime image
FROM python:3.11-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN groupadd -g 1000 cvex && \
    useradd -r -s /bin/bash -u 1000 -g cvex cvex

# Copy the binary from builder stage
COPY --from=builder /app/dist/cvex /usr/local/bin/cvex

# Make binary executable
RUN chmod +x /usr/local/bin/cvex

# Switch to non-root user
USER cvex

# Set the binary as entrypoint
ENTRYPOINT ["cvex"]

# Default command
CMD ["--help"]