unstructured/scripts/docker-build.sh
Matt Robinson 612905e311
build: wolfi base image for Dockerfile (#3016)
### Summary

Updates the `Dockerfile` to use the Chainguard `wolfi-base` image to
reduce CVEs. Also adds a step in the docker publish job that scans the
images and checks for CVEs before publishing. The job will fail if there
are high or critical vulnerabilities.

### Testing

Run `make docker-run-dev` and then `python3.11` once you're in. And that
point, you can try:

```python
from unstructured.partition.auto import partition
elements = partition(filename="example-docs/DA-1p.pdf", skip_infer_table_types=["pdf"])
elements
```

Stop the container once you're done.
2024-05-15 22:53:15 +00:00

22 lines
672 B
Bash
Executable File

#!/usr/bin/env bash
set -euo pipefail
DOCKER_REPOSITORY="${DOCKER_REPOSITORY:-quay.io/unstructured-io/unstructured}"
PIP_VERSION="${PIP_VERSION:-23.1.2}"
DOCKER_IMAGE="${DOCKER_IMAGE:-unstructured:dev}"
DOCKER_BUILD_CMD=(docker buildx build --load -f Dockerfile
--build-arg PIP_VERSION="$PIP_VERSION"
--build-arg BUILDKIT_INLINE_CACHE=1
--progress plain
--platform linux/amd64
--cache-from "$DOCKER_REPOSITORY":latest
-t "$DOCKER_IMAGE" .)
# only build for specific platform if DOCKER_BUILD_PLATFORM is set
if [ -n "${DOCKER_BUILD_PLATFORM:-}" ]; then
DOCKER_BUILD_CMD+=("--platform=$DOCKER_BUILD_PLATFORM")
fi
DOCKER_BUILDKIT=1 "${DOCKER_BUILD_CMD[@]}"