diff --git a/backend/Dockerfile b/backend/Dockerfile index 219b34d84f93b376d257e2014444b3451063071e..4471fa7449c526ba121bb7f6c9dffa78b04c4fdb 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -14,15 +14,19 @@ RUN poetry export -f requirements.txt --output requirements.txt --without-hashes FROM python:3.11.4-slim-bookworm -RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev +RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev cron + +RUN useradd -ms /bin/bash worker + +USER worker WORKDIR /code -COPY --from=requirements-stage /tmp/requirements.txt /code/requirements.txt +COPY --chown=worker:worker --from=requirements-stage /tmp/requirements.txt /code/requirements.txt -RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt +RUN pip install --user --no-cache-dir --upgrade -r /code/requirements.txt -COPY . ./ +COPY --chown=worker:worker . ./ EXPOSE 8000 diff --git a/deploy/charts/djangoninja/values.yaml b/deploy/charts/djangoninja/values.yaml index 858f109edc2dd62afae1342e25ced6ba7204dfdf..fada31570746de523f19e0e20caa38a6fcfb81e8 100644 --- a/deploy/charts/djangoninja/values.yaml +++ b/deploy/charts/djangoninja/values.yaml @@ -37,8 +37,8 @@ securityContext: # - ALL # readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1001 - fsGroup: 1001 + runAsUser: 1000 + fsGroup: 1000 service: type: ClusterIP