reduce vulnerabilities

Author: christophdb

starter/Dockerfile

@@ -1,17 +1,23 @@
 ARG BASE_IMAGE="python:3.12-slim-bookworm@sha256:31a416db24bd8ade7dac5fd5999ba6c234d7fa79d4add8781e95f41b187f4c9a"
 FROM ${BASE_IMAGE} AS compile-image
 
+ARG DOCKER_VERSION="28.1.1"
+
 RUN apt-get update --fix-missing && \
     apt-get upgrade -y && \
-    apt-get install -y gcc
+    apt-get install -y gcc curl bzip2 unzip
+
+# Get docker binary 
+ADD https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /
+RUN tar --extract --file docker-${DOCKER_VERSION}.tgz --directory /tmp/ --strip-components 1
 
 WORKDIR /opt/seatable-python-starter
 COPY ["./requirements.txt", "/opt/seatable-python-starter/"]
 
 # Upgrade setuptools to fix vulnerabilities
 RUN pip install --upgrade setuptools && \
     pip install --upgrade --user setuptools && \
-    pip install -r /opt/seatable-python-starter/requirements.txt --user --break-system-packages
+    pip install -r /opt/seatable-python-starter/requirements.txt --user
 
 ### Runtime image
 FROM ${BASE_IMAGE} AS runtime-image
@@ -23,13 +29,13 @@ RUN apt-get update --fix-missing && \
         tzdata \
         procps \
         cron \
-        logrotate \
-        docker.io \
-        gcc \
-        curl && \
+        logrotate && \
     apt-get autoremove -y && \
     apt-get clean
 
+COPY --from=build-image /tmp/docker /usr/local/bin/docker
+RUN chmod +x /usr/local/bin/docker
+
 WORKDIR /opt/seatable-python-starter
 COPY ["./", "./"]
 

starter/entrypoint.sh

@@ -69,7 +69,8 @@ fi
 echo "** uWSGI is starting now"
 uwsgi --ini /opt/seatable-python-starter/uwsgi.ini 2>&1 &
 sleep 1
-if curl -IsSf http://127.0.0.1:8080/ping/ >/dev/null 2>&1; then
+if echo -e "HEAD /ping/ HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: close\r\n\r\n" | \
+   timeout 2 bash -c 'cat < /dev/tcp/127.0.0.1/8080' >/dev/null 2>&1; then
     echo "** SeaTable Python Starter ready"
 else
     echo "** Error: SeaTable Python Starter is not ready. uWSGI is not answering."