scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard
verified publisher icon aboutcode-org

Docker: run as non-root user, use venv

Open aalexanderr opened this issue 3 years ago • 4 comments

  1. Run as non-elevated user by default
  2. Install scancodeio in venv
  3. Make it possible to set up UNAME/UID/GID on buildtime
  4. Move scancodeio from /app to /opt to be more in-line with: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
  5. Set cache to /tmp as it is disposable after build
  6. Upgrade pip to have less red in build log

Resolves #260 Resolves #399

Signed-off-by: Alexander Mazuruk [email protected]

aalexanderr avatar Feb 15 '22 12:02 aalexanderr

Thanks!

pombredanne avatar Feb 24 '22 19:02 pombredanne

Hi @aalexanderr this looks great. I see it's still labeled as WIP, anything else you planned to add?

tdruez avatar Apr 12 '22 07:04 tdruez

gentle ping

pombredanne avatar Apr 15 '22 08:04 pombredanne

sorry for late come-back. added home dir (scancode-toolkit cache defaults to this dir), set group id for opt, should be ready to merge

aalexanderr avatar Jun 29 '22 22:06 aalexanderr

Implemented in https://github.com/nexB/scancode.io/pull/821 using some of the ideas form this PR. Thanks @aalexanderr !

tdruez avatar Jul 26 '23 11:07 tdruez