-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile.server
More file actions
26 lines (18 loc) · 838 Bytes
/
Dockerfile.server
File metadata and controls
26 lines (18 loc) · 838 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
FROM python:3.13-slim AS base
WORKDIR /app
# Copy source first, then create user, then install as non-root
COPY pyproject.toml README.md ./
COPY policyshield/ policyshield/
# Create non-root user for security (before pip install)
RUN groupadd -r pshield && useradd -r -g pshield -d /app pshield \
&& chown -R pshield:pshield /app
# Default rules directory (mount your rules via volume)
RUN mkdir -p /app/rules && chown pshield:pshield /app/rules
# Install as non-root
USER pshield
RUN pip install --no-cache-dir --user ".[server]"
EXPOSE 8100
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8100/api/v1/health')"
ENTRYPOINT ["policyshield", "server"]
CMD ["--rules", "/app/rules/rules.yaml", "--port", "8100", "--host", "0.0.0.0"]