From 0ab465cd8ee4061f00d6abf6ea34bc28ab81f217 Mon Sep 17 00:00:00 2001
From: Jacques ROUSSEL <jacques.roussel@rouaje.com>
Date: Fri, 27 Sep 2024 17:39:17 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=EF=B8=8F(backend)=20fixe=20CVEs=20?=
 =?UTF-8?q?in=20backend=20image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use alpine version for production image instead of debian in order
to have less CVEs.
---
 Dockerfile | 38 +++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fc0a9bb16..79c0c5bea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,14 @@
 # Django People
 
 # ---- base image to inherit from ----
-FROM python:3.10-slim-bullseye as base
+FROM python:3.12.6-alpine3.20 as base
 
 # Upgrade pip to its latest release to speed up dependencies installation
-RUN python -m pip install --upgrade pip
+RUN python -m pip install --upgrade pip setuptools
 
 # Upgrade system packages to install security updates
-RUN apt-get update && \
-  apt-get -y upgrade && \
-  rm -rf /var/lib/apt/lists/*
+RUN apk update && \
+  apk upgrade
 
 ### ---- Front-end dependencies image ----
 FROM node:20 as frontend-deps
@@ -88,11 +87,9 @@ FROM base as link-collector
 ARG PEOPLE_STATIC_ROOT=/data/static
 
 # Install libpangocairo & rdfind
-RUN apt-get update && \
-    apt-get install -y \
-      libpangocairo-1.0-0 \
-      rdfind && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add \
+  pango \
+  rdfind
 
 # Copy installed python dependencies
 COPY --from=back-builder /install /usr/local
@@ -116,16 +113,13 @@ FROM base as core
 ENV PYTHONUNBUFFERED=1
 
 # Install required system libs
-RUN apt-get update && \
-    apt-get install -y \
-      gettext \
-      libcairo2 \
-      libffi-dev \
-      libgdk-pixbuf2.0-0 \
-      libpango-1.0-0 \
-      libpangocairo-1.0-0 \
-      shared-mime-info && \
-  rm -rf /var/lib/apt/lists/*
+RUN apk add \
+  gettext \
+  cairo \
+  libffi-dev \
+  gdk-pixbuf \
+  pango \
+  shared-mime-info
 
 # Copy entrypoint
 COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
@@ -155,9 +149,7 @@ FROM core as backend-development
 USER root:root
 
 # Install psql
-RUN apt-get update && \
-    apt-get install -y postgresql-client && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add postgresql-client
 
 # Uninstall people and re-install it in editable mode along with development
 # dependencies