web-check/Dockerfile at main · KevinDeBenedetti/web-check · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Dockerfile for Web-Check API
FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim

WORKDIR /app

# Enable bytecode compilation
ENV UV_COMPILE_BYTECODE=1

# Copy from the cache instead of linking since it's a mounted volume
ENV UV_LINK_MODE=copy

# Install system dependencies (git for XSStrike)
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    && rm -rf /var/lib/apt/lists/*

# Copy dependency files
COPY pyproject.toml README.md ./

# Copy lockfile for reproducible builds
COPY uv.lock ./

# Install dependencies using uv sync (best practice)
RUN uv sync --frozen --no-install-project --no-dev

# Copy application code
COPY api/ ./api/
COPY alembic/ ./alembic/
COPY alembic.ini ./

# Install project
RUN uv sync --frozen --no-dev

# Install XSStrike from GitHub (no official package)
RUN git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
WORKDIR /opt/xsstrike
RUN uv pip install --python /app/.venv/bin/python -r requirements.txt
WORKDIR /app

# Create outputs directory and copy config
RUN mkdir -p outputs/temp
COPY config/ ./config/

# Place executables in the environment at the front of the path
ENV PATH="/app/.venv/bin:$PATH"

# Reset the entrypoint, don't invoke `uv`
ENTRYPOINT []

# Expose API port
EXPOSE 8000

# Run with uvicorn
CMD ["uvicorn", "api.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]