yujunjun/unstructured
1
0
Fork 0
mirror of https://github.com/Unstructured-IO/unstructured.git synced 2025-07-24 17:41:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set user for container to same as api image. (#1239)

Browse Source 
This is security best practice, a user can override this with their own
Dockerfile if required.
This commit is contained in:
Trevor Bossert 2023-08-29 18:01:44 -07:00 committed by GitHub
parent dde3eb058b
commit e4535d29ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -1,4 +1,4 @@
## 0.10.9-dev3 ## 0.10.9
### Enhancements ### Enhancements

17
Dockerfile
View File

@ -1,16 +1,23 @@
# syntax=docker/dockerfile:experimental # syntax=docker/dockerfile:experimental
FROM quay.io/unstructured-io/base-images:rocky8.7-5 as base FROM quay.io/unstructured-io/base-images:rocky8.7-5 as base
# NOTE(crag): NB_USER ARG for mybinder.org compat:
# https://mybinder.readthedocs.io/en/latest/tutorials/dockerfile.html
ARG NB_USER=notebook-user
ARG NB_UID=1000
ARG PIP_VERSION ARG PIP_VERSION
# Set up environment # Set up environment
ENV HOME /home/ ENV HOME /home/${NB_USER}
WORKDIR ${HOME}
RUN mkdir ${HOME}/.ssh && chmod go-rwx ${HOME}/.ssh \
&& ssh-keyscan -t rsa github.com >> /home/.ssh/known_hosts
ENV PYTHONPATH="${PYTHONPATH}:${HOME}" ENV PYTHONPATH="${PYTHONPATH}:${HOME}"
ENV PATH="/home/usr/.local/bin:${PATH}" ENV PATH="/home/usr/.local/bin:${PATH}"
RUN groupadd --gid ${NB_UID} ${NB_USER}
RUN useradd --uid ${NB_UID} --gid ${NB_UID} ${NB_USER}
WORKDIR ${HOME}
RUN mkdir ${HOME}/.ssh && chmod go-rwx ${HOME}/.ssh \
&& ssh-keyscan -t rsa github.com >> ${HOME}/.ssh/known_hosts
FROM base as deps FROM base as deps
# Copy and install Unstructured # Copy and install Unstructured
COPY requirements requirements COPY requirements requirements
@ -55,6 +62,8 @@ RUN python3.10 -c "import nltk; nltk.download('punkt')" && \
FROM deps as code FROM deps as code
USER ${NB_USER}
COPY example-docs example-docs COPY example-docs example-docs
COPY unstructured unstructured COPY unstructured unstructured

4
Makefile
View File

@ -404,8 +404,8 @@ docker-start-bash:
.PHONY: docker-test .PHONY: docker-test
docker-test: docker-test:
docker run --rm \ docker run --rm \
-v ${CURRENT_DIR}/test_unstructured:/home/test_unstructured \ -v ${CURRENT_DIR}/test_unstructured:/home/notebook-user/test_unstructured \
-v ${CURRENT_DIR}/test_unstructured_ingest:/home/test_unstructured_ingest \ -v ${CURRENT_DIR}/test_unstructured_ingest:/home/notebook-user/test_unstructured_ingest \
$(if $(wildcard uns_test_env_file),--env-file uns_test_env_file,) \ $(if $(wildcard uns_test_env_file),--env-file uns_test_env_file,) \
$(DOCKER_IMAGE) \ $(DOCKER_IMAGE) \
bash -c "CI=$(CI) pytest $(if $(TEST_NAME),-k $(TEST_NAME),) test_unstructured" bash -c "CI=$(CI) pytest $(if $(TEST_NAME),-k $(TEST_NAME),) test_unstructured"

2
scripts/docker-smoke-test.sh
View File

@ -39,7 +39,7 @@ await_container
# Run the tests # Run the tests
docker cp test_unstructured_ingest $CONTAINER_NAME:/home docker cp test_unstructured_ingest $CONTAINER_NAME:/home
docker exec "$CONTAINER_NAME" /bin/bash -c "/home/test_unstructured_ingest/test-ingest-wikipedia.sh" docker exec "$CONTAINER_NAME" /bin/bash -c "/home/notebook_user/test_unstructured_ingest/test-ingest-wikipedia.sh"
result=$? result=$?
exit $result exit $result

2
unstructured/__version__.py
View File

@ -1 +1 @@
__version__ = "0.10.9-dev3" # pragma: no cover __version__ = "0.10.9" # pragma: no cover