Initial distroless versions of get-checksum and version-bump

9 months ago · a8953721ea
4 changed files with 38 additions and 15 deletions
--- a/get-checksum/.dockerignore
+++ b/get-checksum/.dockerignore
@ -0,0 +1,2 @@
 *
 !main.py
--- a/get-checksum/Dockerfile
+++ b/get-checksum/Dockerfile
@ -1,12 +1,22 @@
-FROM python:3-slim
+FROM debian:12-slim AS build
 RUN apt-get update && \
    apt-get install --no-install-suggests -y --no-install-recommends python3-venv gcc libpython3-dev && \
    python3 -m venv /venv && \
    /venv/bin/pip install --upgrade pip setuptools wheel
 ADD . /app
-WORKDIR /app
+FROM build AS build-venv
 RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir lxml
 RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir pyyaml 
 FROM gcr.io/distroless/python3-debian12:nonroot AS final
-RUN pip3 install lxml --target=/app
+USER nonroot
 RUN pip3 install pyyaml --target=/app
-ENV PYTHONPATH /app
+COPY --from=build-venv /venv /venv
 # Must chown files since non-root user doesn't have access to /app to write output file
 COPY --chown=nonroot:nonroot . /app
 WORKDIR /app
-ENTRYPOINT [ "python", "/app/main.py" ]
+ENTRYPOINT ["/venv/bin/python3", "main.py"]
--- a/version-bump/.dockerignore
+++ b/version-bump/.dockerignore
@ -0,0 +1,2 @@
 *
 !main.py
--- a/version-bump/Dockerfile
+++ b/version-bump/Dockerfile
@ -1,13 +1,22 @@
-FROM python:3-slim
+FROM debian:12-slim AS build
 RUN apt-get update && \
    apt-get install --no-install-suggests -y --no-install-recommends python3-venv gcc libpython3-dev && \
    python3 -m venv /venv && \
    /venv/bin/pip install --upgrade pip setuptools wheel
 ADD . /app
-WORKDIR /app
+FROM build AS build-venv
 RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir lxml
 RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir pyyaml 
 FROM gcr.io/distroless/python3-debian12:debug-nonroot AS final
-RUN pip3 install lxml --target=/app
+USER nonroot
 RUN pip3 install pyyaml --target=/app
-ENV PYTHONPATH /app
+COPY --from=build-venv /venv /venv
 # Must chown files since non-root user doesn't have access to /app to write output file
 COPY --chown=nonroot:nonroot . /app
 WORKDIR /app
-CMD ["/app/main.py"]
+ENTRYPOINT ["/venv/bin/python3", "main.py"]
 ENTRYPOINT [ "python", "-u" ]