From 3d0aaab8b39528febe37f154da96e56452b74b8c Mon Sep 17 00:00:00 2001
From: Pongsatorn <pongsatorn.kanja@gmail.com>
Date: Sun, 13 Jul 2025 15:06:03 +0700
Subject: [PATCH] update Docker File to low vulnerabilities

---
 .gitignore |  4 ++++
 Dockerfile | 26 +++++++++++++-------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index d64668d..0f86c21 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,7 @@
+# Do not know how to use
+archive/
+Dockerfile
+
 /models
 app.log
 *.pt
diff --git a/Dockerfile b/Dockerfile
index fd55f68..f7c3612 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,20 +1,20 @@
-# Use the official Python image from the Docker Hub
-FROM python:3.13-bookworm
+# Use newer, more secure base image
+FROM python:3.13-alpine
 
-# Set the working directory in the container
-WORKDIR /app
+# Update system packages first
+RUN apk update && apk upgrade
 
-# Copy the requirements file into the container at /app
+# Install minimal dependencies
+RUN apk add --no-cache mesa-gl
+
+# Use specific package versions
 COPY requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
 
-# Update apt, install libgl1, and clear apt cache
-RUN apt update && apt install -y libgl1 && rm -rf /var/lib/apt/lists/*
+# Run as non-root user
+RUN adduser -D -s /bin/sh appuser
+USER appuser
 
-# Install any dependencies specified in requirements.txt
-RUN pip install --no-cache-dir -r requirements.txt
-
-# Copy the rest of the application code into the container at /app
 COPY . .
-
-# Run the application
 CMD ["python3", "-m", "fastapi", "run", "--host", "0.0.0.0", "--port", "8000"]
\ No newline at end of file