-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile.ubi9
50 lines (41 loc) · 2.16 KB
/
Dockerfile.ubi9
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
FROM redhat/ubi9-minimal:9.4 as base
# Metadata Labels
LABEL org.opencontainers.image.title="Merly Mentor Assets"
LABEL org.opencontainers.image.description="Serves static files for the Merly Mentor Application. Contact: Debugging Department, Merly, Inc. ([email protected])"
LABEL org.opencontainers.image.version="1.0.0"
LABEL org.opencontainers.image.url="https://github.com/merly-ai/MP-CodeCheckBin-Windows"
LABEL org.opencontainers.image.vendor="Merly, Inc."
LABEL org.opencontainers.image.licenses="Proprietary"
LABEL org.opencontainers.image.documentation=""
LABEL org.opencontainers.image.maintainers="Urs C. Muff <[email protected]>, Justin Gottschlich <[email protected]>"
LABEL org.opencontainers.image.authors="Urs C. Muff <[email protected], Saif Zaman <[email protected]>"
# Create a non-root user and group for security
RUN groupadd -r appgroup && useradd -r -g appgroup -d /merly -s /sbin/nologin appuser
# Set working directory
WORKDIR /app
# Copy only necessary files
COPY models/CPP_model.bin /app/.models/CPP_model.bin
COPY models/C_SHARP_model.bin /app/.models/C_SHARP_model.bin
COPY models/FORTRAN_model.bin /app/.models/FORTRAN_model.bin
COPY models/GO_model.bin /app/.models/GO_model.bin
COPY models/JAVA_model.bin /app/.models/JAVA_model.bin
COPY models/JAVASCRIPT_model.bin /app/.models/JAVASCRIPT_model.bin
COPY models/OBJ_C_model.bin /app/.models/OBJ_C_model.bin
COPY models/PHP_model.bin /app/.models/PHP_model.bin
COPY models/PYTHON_model.bin /app/.models/PYTHON_model.bin
COPY models/RUST_model.bin /app/.models/RUST_model.bin
COPY models/TYPESCRIPT_model.bin /app/.models/TYPESCRIPT_model.bin
COPY models/VHDL_model.bin /app/.models/VHDL_model.bin
# Change ownership of files to the non-root user
RUN chown -R appuser:appgroup /app
# Stage for runtime
FROM base AS final
# Ensure the base image is as lightweight as possible
# Install ca-certificates as a runtime dependency using microdnf
RUN microdnf install -y ca-certificates && \
microdnf clean all && \
rm -rf /var/cache/yum /var/log/yum.log /tmp/* /var/tmp/*
# Switch to the non-root user
USER appuser
# Set correct file permissions (best practice to avoid permission issues)
RUN chmod -R 755 /app/.models