From 373a87753cfa0d46ff6689a323b8c9cd0f5783e5 Mon Sep 17 00:00:00 2001 From: Tommy Carpenter Date: Mon, 17 Jun 2019 10:39:53 -0400 Subject: Switch to alpine, non root. Also closes issue DCAEGEN2-1564 Issue-ID: DCAEGEN2-1553 Change-Id: Ife5bd346343f329dbd6012909d9cb2bf4c1d4fa6 Signed-off-by: Tommy Carpenter --- Changelog.md | 4 ++++ Dockerfile | 20 ++++++++++++++++---- pom.xml | 2 +- setup.py | 2 +- version.properties | 2 +- 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/Changelog.md b/Changelog.md index 7576d1e..2f29e66 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [2.5.1] - 6/17/2019 +* Switch to alpine base +* use a non root user + ## [2.5.0] - 6/5/2019 * Add back HTTPS support and a flag to enable it * Move exceptions into a common file diff --git a/Dockerfile b/Dockerfile index 1e65511..abfbad5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,26 @@ -FROM python:3.6 +FROM python:3.6-alpine MAINTAINER tommy@research.att.com COPY . /tmp WORKDIR /tmp -RUN pip install --upgrade pip -RUN pip install . -RUN mkdir -p /opt/logs/ EXPOSE 10000 +# it is an ONAP requirement to make, and switch to, a non root user +ENV CBSUSER cbs +RUN addgroup -S $CBSUSER && adduser -S -G $CBSUSER $CBSUSER + +# create logs dir and install +# alpine does not come with GCC like the standard "python" docker base does, which the install needs, see https://wiki.alpinelinux.org/wiki/GCC +RUN apk add build-base && \ + mkdir -p /opt/logs/ && \ + chown $CBSUSER:$CBSUSER /opt/logs && \ + pip install --upgrade pip && \ + pip install . + +# turn on file based EELF logging ENV PROD_LOGGING 1 +# Run the application +USER $CBSUSER CMD run.py diff --git a/pom.xml b/pom.xml index b4fcda6..904c3c7 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property. org.onap.dcaegen2.platform configbinding dcaegen2-platform-configbinding - 2.5.0-SNAPSHOT + 2.5.1-SNAPSHOT http://maven.apache.org UTF-8 diff --git a/setup.py b/setup.py index a94ed38..b276e94 100644 --- a/setup.py +++ b/setup.py @@ -20,7 +20,7 @@ from setuptools import setup, find_packages setup( name="config_binding_service", - version="2.5.0", + version="2.5.1", packages=find_packages(exclude=["tests.*", "tests"]), author="Tommy Carpenter", author_email="tommy@research.att.com", diff --git a/version.properties b/version.properties index 6c69733..23c0525 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=2 minor=5 -patch=0 +patch=1 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg