Spaces:
Running
Running
Commit
β’
9d4ec9f
1
Parent(s):
382bae7
feat: π³ run as non-root user and update file ownership
Browse files- Added non-root user 'user' with UID 1000
- Set environment variables for user home and updated PATH
- Changed COPY commands to preserve user ownership with --chown option
- Updated WORKDIR to new user home directory
- Enabled 'uv sync' command in the build process
This enhances security by avoiding root privileges in the container and ensures proper permissions for application files.
- Dockerfile +10 -5
Dockerfile
CHANGED
|
@@ -2,12 +2,17 @@ FROM python:3.12
|
|
| 2 |
|
| 3 |
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
|
| 4 |
|
| 5 |
-
|
| 6 |
-
|
| 7 |
-
|
|
|
|
| 8 |
|
| 9 |
-
|
|
|
|
|
|
|
| 10 |
|
| 11 |
-
|
|
|
|
|
|
|
| 12 |
|
| 13 |
CMD [ "uv", "run", "dagster", "dev", "-h", "0.0.0.0", "-p", "7860" ]
|
|
|
|
| 2 |
|
| 3 |
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
|
| 4 |
|
| 5 |
+
RUN useradd -m -u 1000 user
|
| 6 |
+
USER user
|
| 7 |
+
ENV HOME=/home/user \
|
| 8 |
+
PATH=/home/user/.local/bin:$PATH
|
| 9 |
|
| 10 |
+
COPY --chown=user datalia/ $HOME/app/datalia/
|
| 11 |
+
COPY --chown=user dbt/ $HOME/app/dbt/
|
| 12 |
+
COPY --chown=user Makefile pyproject.toml uv.lock $HOME/app/
|
| 13 |
|
| 14 |
+
WORKDIR $HOME/app
|
| 15 |
+
|
| 16 |
+
RUN [ "uv", "sync" ]
|
| 17 |
|
| 18 |
CMD [ "uv", "run", "dagster", "dev", "-h", "0.0.0.0", "-p", "7860" ]
|