From ab280d7a344daf9a3ed7a7c39d3c3b9f19d41a7e Mon Sep 17 00:00:00 2001
From: PhiBo <phibo@dinotools.org>
Date: Thu, 24 Oct 2024 20:18:29 +0200
Subject: [PATCH] Update Dockerfile (#571)

* Use multi-stage build to reduce image size
* Add ARGS to be more flexible during image builds
* Create user and use it instead of root
* Don't update pip in container. The Python image should have a recent
  version
---
 Dockerfile | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a532a7ee..e5dc8ca7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,35 @@
-FROM python:3.9-slim
+ARG BASE_IMAGE=python:3.9-slim
+ARG USERNAME=parsedmarc
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+## build
+
+FROM $BASE_IMAGE AS build
 
 WORKDIR /app
+
+RUN pip install hatch
+
 COPY parsedmarc/ parsedmarc/
 COPY README.md pyproject.toml ./
 
-RUN pip install -U pip
-RUN pip install hatch
 RUN hatch build
-RUN pip install dist/*.whl
+
+## image
+
+FROM $BASE_IMAGE
+ARG USERNAME
+ARG USER_UID
+ARG USER_GID
+
+COPY --from=build /app/dist/*.whl /tmp/dist/
+RUN set -ex; \
+    groupadd --gid ${USER_GID} ${USERNAME}; \
+    useradd --uid ${USER_UID} --gid ${USER_GID} -m ${USERNAME}; \
+    pip install /tmp/dist/*.whl; \
+    rm -rf /tmp/dist
+
+USER $USERNAME
 
 ENTRYPOINT ["parsedmarc"]