Python
base image
Imagem para build
# original base image
FROM python:3.8-bookworm
# updating to avoid security issues
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean -y && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/*
Imagem para runtime
# original base image
FROM python:3.8-slim-bookworm
# updating to avoid security issues
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean -y && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/*
single stage
Exemplo de Dockerfile one-stage para python.
# original base image
FROM python:3.8-bookworm
# updating to avoid security issues
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean -y && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/*
# set working directory
WORKDIR /app
# copy the requirements from project to container
COPY ./requirements.txt /app
# install the dependencies
RUN pip install --no-cache-dir -r requirements.txt
# creating user and grupo to run unprivileged
RUN groupadd app && \
useradd -m -g app -s /usr/sbin/nologin app
# definind user o run
USER app
# copy the application code
COPY --chown=app:app . /app
# expose the port
EXPOSE 5000
# defining entrypoind and cmd
ENTRYPOINT ["python"]
CMD ["app.py"]
multi-stage
Exemplo de Dockerfile multi-stage para python.
### stage 1 ###################################################
# using the base imagem
#FROM registry.rnp.br/macde/imagens/python.3.8-builder
FROM python:3.8-bookworm AS builder
# removing unecessary packages
#RUN apt-get purge git git-man wget -y
# updating packages avoid security issues
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean -y && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/*
# set working directory
WORKDIR /app
# add pyenv dir to path
ENV PATH="/app:$PATH"
# copying files
COPY ./requirements.txt /app
# install the python requirements
RUN pip install --no-cache-dir -r requirements.txt
### stage 2 ######################################################
# using the base imagem
#FROM registry.rnp.br/macde/imagens/python.3.8-runtime
FROM python:3.8-slim-bookworm AS runtime
# removing unecessary packages
#RUN apt-get purge git git-man wget -y
# updating packages avoid security issues
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean -y && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/*
# defining the workdir
WORKDIR /app
# creating user and group to run unprivileged
RUN groupadd app && \
useradd -m -g app -s /usr/sbin/nologin app
# definind user o run the app
USER app
# Copy the built dependencies from the backend-builder stage
COPY --from=builder /usr/local/lib/python3.8/site-packages/ /usr/local/lib/python3.8/site-packages/
# copying files from the builder stage to runtime stage
COPY --chown=app:app ./requirements.txt /app
COPY --chown=app:app ./app.py /app
COPY --chown=app:app ./src/ /app/src/
# expose the port
EXPOSE 5010
# defining entrypoind and cmd
ENTRYPOINT ["python"]
CMD ["app.py"]
docker-compose
Exemplo de docker-compose para essa app.