jlengrand/ghost-mcp
1
0
Fork 0
mirror of https://github.com/jlengrand/ghost-mcp.git synced 2026-03-10 08:21:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒️ Improve the security

Browse Source
This commit is contained in:
Fanyang Meng
2025-02-12 16:25:07 -05:00
parent 0f936bb52e
commit 936871810e
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@@ -21,9 +21,17 @@ RUN --mount=type=cache,target=/root/.cache/uv uv sync --frozen --no-dev --no
FROM python:3.12-slim-bookworm FROM python:3.12-slim-bookworm
# Create non-root user for security
RUN useradd --create-home app \
&& mkdir -p /app \
&& chown app:app /app
WORKDIR /app WORKDIR /app
COPY --from=uv /app/.venv /app/.venv COPY --from=uv /app/.venv /app/.venv
RUN chown -R app:app /app/.venv
USER app
# Place executables in the environment at the front of the path # Place executables in the environment at the front of the path
ENV PATH="/app/.venv/bin:$PATH" ENV PATH="/app/.venv/bin:$PATH"