Skip to content

Commit fdeba79

Browse files
tuxpeopletuxpeople
committed
fix(docker): place venv under opt
1 parent 0c3056b commit fdeba79

2 files changed

Lines changed: 12 additions & 12 deletions

File tree

AGENTS.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -376,18 +376,18 @@ Complete documentation: **API.md**
376376
```dockerfile
377377
# Stage 1: Build dependencies in -dev image
378378
FROM cgr.dev/chainguard/python:latest-dev AS build
379-
RUN python -m venv /home/nonroot/venv && \
380-
/home/nonroot/venv/bin/pip install --upgrade 'pip<25.2' setuptools wheel
379+
RUN python -m venv /tmp/venv && \
380+
/tmp/venv/bin/pip install --upgrade 'pip<25.2' setuptools wheel
381381

382382
# Stage 2: Install Python packages
383383
FROM build AS build-venv
384384
COPY requirements.txt /tmp/requirements.txt
385-
RUN /home/nonroot/venv/bin/pip install -r /tmp/requirements.txt
385+
RUN /tmp/venv/bin/pip install -r /tmp/requirements.txt
386386

387387
# Stage 3: Minimal runtime image (distroless)
388388
FROM cgr.dev/chainguard/python:latest
389-
COPY --from=build-venv /home/nonroot/venv /home/nonroot/venv
390-
ENV PATH="/home/nonroot/venv/bin:$PATH"
389+
COPY --from=build-venv /tmp/venv /opt/venv
390+
ENV PATH="/opt/venv/bin:$PATH"
391391
```
392392

393393
**Kubernetes** (if used):

Dockerfile

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ FROM cgr.dev/chainguard/python:latest-dev AS build
55

66
# Create virtualenv and upgrade build tools
77
# Pin pip to avoid CVE-2025-8869 in pip 25.2 (when fix is available)
8-
RUN python -m venv /home/nonroot/venv && \
9-
/home/nonroot/venv/bin/pip install --upgrade 'pip<25.2' setuptools wheel
8+
RUN python -m venv /tmp/venv && \
9+
/tmp/venv/bin/pip install --upgrade 'pip<25.2' setuptools wheel
1010

1111
# Stage 2: Install Python dependencies
1212
FROM build AS build-venv
1313
COPY --chown=nonroot:nonroot requirements.txt /tmp/requirements.txt
14-
RUN /home/nonroot/venv/bin/pip install \
14+
RUN /tmp/venv/bin/pip install \
1515
--disable-pip-version-check \
1616
--no-cache-dir \
1717
-r /tmp/requirements.txt
@@ -26,13 +26,13 @@ LABEL org.opencontainers.image.source="https://github.com/tuxpeople/python-ipam"
2626
LABEL org.opencontainers.image.description="Secure IPAM built on Chainguard distroless Python"
2727

2828
# Copy virtualenv from build stage with correct ownership
29-
COPY --from=build-venv --chown=nonroot:nonroot /home/nonroot/venv /home/nonroot/venv
29+
COPY --from=build-venv --chown=nonroot:nonroot /tmp/venv /opt/venv
3030

3131
# Set PATH to use virtualenv
32-
ENV PATH="/home/nonroot/venv/bin:$PATH"
32+
ENV PATH="/opt/venv/bin:$PATH"
3333

3434
# Activate virtualenv by setting VIRTUAL_ENV
35-
ENV VIRTUAL_ENV="/home/nonroot/venv"
35+
ENV VIRTUAL_ENV="/opt/venv"
3636

3737
# Set Flask environment variables
3838
ENV FLASK_APP=app.py
@@ -53,5 +53,5 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
5353
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/').read()" || exit 1
5454

5555
# Use virtualenv Python so installed packages (e.g., gunicorn) are available
56-
ENTRYPOINT ["/home/nonroot/venv/bin/python"]
56+
ENTRYPOINT ["/opt/venv/bin/python"]
5757
CMD ["-m","gunicorn","--bind","0.0.0.0:5000","--workers","4","--timeout","120","app:app"]

0 commit comments

Comments
 (0)