1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
FROM containers.torproject.org/tpo/tpa/base-images/python:trixie
ARG UID
ARG GID
ENV PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
WORKDIR=/home/sbws/app \
VIRTUAL_ENV=/home/sbws/venv \
HOME=/home/sbws \
PATH="/home/sbws/venv/bin:$PATH"
# run-time dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
tor python3.13-venv cron && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
echo $HOME
# Create unprivileged sbws user/group
RUN groupadd -r -g $GID sbws && \
useradd --no-log-init -r -m -u $UID -g sbws sbws
COPY ./docker/sbws.cron /etc/cron.d/sbws.cron
RUN chmod 0644 /etc/cron.d/sbws.cron && crontab /etc/cron.d/sbws.cron
# Work in application directory
WORKDIR /home/sbws/app
# Switch to sbws user
USER sbws
# Copy all project files (minus those ignored)
COPY --chown=sbws:sbws . .
# Create virtualenv and install sbws
# then make home directory owned by the right user
RUN --mount=type=cache,uid=$UID,gid=$GID,target=/cache \
python3 -m venv /home/sbws/venv && \
PIP_CACHE_DIR=/cache/pip \
pip install .
# ENV HOME /home/sbws
# Launch the app
CMD ["sbws", "scanner"]
|
