This is a combo patch for both the Dockerfile and the Poetry lockfile.
Simplify Poetry installation in Docker image.
docker/Dockerfile:
set ARG PYTHON_VERSION to 3.10
use ${PYTHON_VERSION}-slim-bullseye as builder from now on
cleanup RUN where we install dependencies for the image
cleanup RUN where we install Poetry:
update to Poetry 1.2.1 from 1.1.14
keep magic - we like magic - but simplify the installation
This should make installation easier on everyone by explicitly stating cache location for pip and installing as, yes, root.
Installing as user venom is too complicated and this Dockerfile should be safe as-is even running as root.
There are still ways to harden to image that don't require huge lines to add a user environment and it's less hacky this way.
docker/README:
specify Yggdrasil as tag
docker trust no longer functions as expected; remove instructions
building as newly defined tag still works, pull from the hub or build local
This is a combo patch for both the Dockerfile and the Poetry lockfile.
Simplify Poetry installation in Docker image.
docker/Dockerfile:
ARG PYTHON_VERSION
to 3.10${PYTHON_VERSION}-slim-bullseye
as builder from now onRUN
where we install dependencies for the imageRUN
where we install Poetry:This should make installation easier on everyone by explicitly stating cache location for pip and installing as, yes, root. Installing as user
venom
is too complicated and this Dockerfile should be safe as-is even running as root. There are still ways to harden to image that don't require huge lines to add a user environment and it's less hacky this way.docker/README:
Yggdrasil
as tagpoetry.lock:
Package operations: 0 installs, 8 updates, 0 removals
Signing is not working anymore so this tag is not signed with
docker trust
. :/Latest Docker image: f0b27b1a30e22b3ef6e8d77d24c532e73b0792caf9b1858243c600460d20e3f5