Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add non-root user to frontend and backend containers #1228

Merged
merged 4 commits into from
Dec 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/startup-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,10 @@ jobs:
working-directory: ${{ env.frontend-directory }}
run: pnpm exec playwright install
- name: Build the Docker app
run: docker compose -f docker-compose-build.yml up -d
run: |
rm -rf db
mkdir db
docker compose -f docker-compose-build.yml up -d
- name: Create backend environment variables file
working-directory: ${{ env.backend-directory }}
run: |
Expand Down
2 changes: 2 additions & 0 deletions backend/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ RUN pip install --upgrade pip && \
RUN poetry install
RUN rm -rf $POETRY_CACHE_DIR

RUN addgroup -g 1001 -S app && adduser -u 1001 -S -G app app
USER app

ENTRYPOINT ["poetry", "run", "bash", "startup.sh"]
EXPOSE 8000
18 changes: 9 additions & 9 deletions backend/ciso_assistant/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -375,15 +375,15 @@ def set_ciso_assistant_url(_, __, event_dict):
# OTHER SETTINGS
}

HUEY = {
"huey_class": "huey.SqliteHuey", # Huey implementation to use.
"name": "huey-ciso-assistant", # Use db name for huey.
"results": True, # Store return values of tasks.
"store_none": False, # If a task returns None, do not save to results.
"immediate": DEBUG, # If DEBUG=True, run synchronously.
"utc": True, # Use UTC for all times internally.
"filename": "db/huey.sqlite3",
}
# HUEY = {
# "huey_class": "huey.SqliteHuey", # Huey implementation to use.
# "name": "huey-ciso-assistant", # Use db name for huey.
# "results": True, # Store return values of tasks.
# "store_none": False, # If a task returns None, do not save to results.
# "immediate": DEBUG, # If DEBUG=True, run synchronously.
# "utc": True, # Use UTC for all times internally.
# "filename": "db/huey.sqlite3",
# }

# SSO with allauth

Expand Down
2 changes: 1 addition & 1 deletion backend/startup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ fi

if [ ! -n "$DJANGO_SECRET_KEY" ]; then
if [ ! -f db/django_secret_key ]; then
cat /proc/sys/kernel/random/uuid >db/django_secret_key
install -m 600 <(cat /proc/sys/kernel/random/uuid) db/django_secret_key
echo "generating initial Django secret key"
fi
export DJANGO_SECRET_KEY=$(<db/django_secret_key)
Expand Down
2 changes: 1 addition & 1 deletion docker-compose-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ else

# Simple wait for database migrations
echo "Giving some time for the database to be ready, please wait ..."
sleep 30
sleep 60

echo "Initialize your superuser account..."
docker compose exec backend poetry run python manage.py createsuperuser
Expand Down
4 changes: 4 additions & 0 deletions frontend/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,8 @@ COPY package.json .
EXPOSE 3000
ENV NODE_ENV=production
ENV BODY_SIZE_LIMIT=20000000

RUN addgroup -g 1001 -S app && adduser -u 1001 -S -G app app
USER app

CMD [ "node", "server" ]
Loading