forked from cartsnitch/cartsnitch
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
committed by
Barcode Betty
parent
c7b7494151
commit
1bb669f3ca
@@ -5,6 +5,7 @@ WORKDIR /app
|
||||
|
||||
# build-essential and libpq-dev are needed to compile any C-extension wheels
|
||||
# (e.g. psycopg2 fallback). No git needed — common/ is copied from the repo root.
|
||||
ARG APT_CACHE_BUST=0
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
libpq-dev \
|
||||
build-essential \
|
||||
@@ -25,6 +26,7 @@ FROM python:3.12-slim AS prod
|
||||
WORKDIR /app
|
||||
|
||||
# Install Playwright system dependencies for Chromium
|
||||
ARG APT_CACHE_BUST=0
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
libnss3 \
|
||||
libatk1.0-0 \
|
||||
|
||||
Reference in New Issue
Block a user