mirror of
https://github.com/tmdinosaurcenter/kiosk-guestbook.git
synced 2026-06-04 00:10:16 -06:00
steve
1a0a1371bc
- Fixed scrolling marquee to use a fixed px/s speed via JS instead of a fixed duration, preventing it from speeding up as entries are added - Added inline TODO comments throughout codebase to track known issues (rate limiting, CSRF, unbounded queries, deprecated Flask decorator, PII logging, schema versioning, Docker non-root user, etc.) - Added todo-to-issue GitHub Action to auto-create Issues from TODOs on push to main - Added .claude/ to .gitignore
34 lines
1006 B
Docker
34 lines
1006 B
Docker
# Use a lightweight Python image
|
|
FROM python:3.9-slim
|
|
|
|
# Set the working directory
|
|
WORKDIR /app
|
|
|
|
# Install system dependencies (including gettext for envsubst)
|
|
RUN apt-get update && apt-get install -y gettext && rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install Python dependencies
|
|
COPY requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
# Copy the application code and template files
|
|
COPY . .
|
|
|
|
# Copy the entrypoint script into the container and make it executable
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
# Set environment variables (can be overridden by .env)
|
|
ENV FLASK_ENV=production
|
|
|
|
# Expose the port (Gunicorn will run on 8000)
|
|
EXPOSE 8000
|
|
|
|
# TODO: No USER directive — container runs as root. Add a non-root user for security.
|
|
# example.env has PID/GID=1000 vars suggesting this was intended. e.g.:
|
|
# RUN useradd -u 1000 -g 1000 appuser && chown -R appuser /app /data
|
|
# USER appuser
|
|
|
|
# Use the entrypoint script as the container's command
|
|
CMD ["/entrypoint.sh"]
|