Convert to Distroless

.github/workflows/container.yml

@@ -1,33 +1,34 @@
 name: Build Podman Flask container
 on:
-  - push
+  pull_request:
+  push:
+  workflow_dispatch:
 
 jobs:
   build:
-    name: Build image
+    name: Build Images
     runs-on: ubuntu-latest
-    env:
-      IMAGE_NAME: "podman-flask"
-      REGISTRY: "ghcr.io/53845714nf"
-    steps:
-
-      - name: Clone the repository
-        uses: actions/checkout@v3
+    permissions:
+      contents: read
+      packages: write
 
-      - name: Build Container image
-        run: podman build -t $IMAGE_NAME --file Containerfile .
+    steps:
+    - uses: actions/checkout@v4
 
-      - name: Log in to the GitHub Container registry
-        uses: redhat-actions/podman-login@v1
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Buildah Action
+      id: build_image
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ghcr.io/distroless_flask
+        oci: true
+        context: ./
+        containerfiles: |
+          ./Containerfile
 
-      - name: Push to GitHub Container Repository
-        id: push-to-ghcr
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: podman-flask
-          tags: latest
-          registry: ${{ env.REGISTRY }}
+    - name: Push Image to GitHub Container Registry
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.build_image.outputs.image }}
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}

Containerfile

@@ -1,11 +1,20 @@
-FROM alpine
-RUN mkdir /opt/app
-WORKDIR /opt/app
-ADD app.py /opt/app/app.py
-ADD requirements.txt /opt/app/requirements.txt
-RUN apk update
-RUN apk add py-pip
-RUN pip3 install -r /opt/app/requirements.txt
-
-EXPOSE 8000
-CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app"]
+FROM debian:12-slim AS build
+RUN apt-get update && \
+    apt-get install --no-install-suggests --no-install-recommends --yes python3-venv gcc libpython3-dev && \
+    python3 -m venv /venv && \
+    /venv/bin/pip install --upgrade pip setuptools wheel
+
+
+FROM build AS build-env
+COPY requirements.txt ./
+RUN /venv/bin/pip install --disable-pip-version-check -r requirements.txt --target /packages
+
+FROM gcr.io/distroless/python3-debian12
+USER 1001:1001
+WORKDIR /app
+COPY --from=build-env /packages /packages
+COPY /src /app
+
+ENV PYTHONPATH=/packages
+EXPOSE 10000
+CMD ["standalone.py"]

README.md

@@ -1,3 +1,4 @@
-# podman_test
+# distroless_flask
 
-A little fun with podman inspired by [ubi-flask](https://github.com/major/ubi-flask).
+Example repo with flask inside a Distroless container build with buildah.
+This Project is inspired by [ubi-flask](https://github.com/major/ubi-flask).

app.py → src/app.py

@@ -1,9 +1,8 @@
 from datetime import datetime
-
 from flask import Flask
 
 app = Flask(__name__)
 
-@app.route("/")
+@app.route('/')
 def hello_world():
-    return f"Hello, World! The current date is: {datetime.now()}"
+    return f'Hello, World! The current date is: {datetime.now()}'

src/standalone.py

@@ -0,0 +1,31 @@
+from app import app
+from multiprocessing import cpu_count
+from gunicorn.app.base import BaseApplication
+
+def number_of_workers():
+    return (cpu_count() * 2) + 1
+
+
+class StandaloneApplication(BaseApplication):
+
+    def __init__(self, app, options=None):
+        self.options = options or {}
+        self.application = app
+        super().__init__()
+
+    def load_config(self):
+        config = {key: value for key, value in self.options.items()
+                  if key in self.cfg.settings and value is not None}
+        for key, value in config.items():
+            self.cfg.set(key.lower(), value)
+
+    def load(self):
+        return self.application
+
+
+if __name__ == '__main__':
+    options = {
+        'bind': '%s:%s' % ('0.0.0.0', '10000'),
+        'workers': number_of_workers(),
+    }
+    StandaloneApplication(app, options).run()