mirror of
https://github.com/Zie619/n8n-workflows.git
synced 2025-11-25 03:15:25 +08:00
54770f7865
GitHub Pages Fixes: - Updated search-index.json stats from 2057 to 4343 workflows - Updated index.html title from "2000+" to "4300+" workflows - Updated tagline to show "4343" workflows - The JavaScript loads stats from search-index.json, not stats.json Docker ARM64 Fix: - Added gcc and python3-dev to Dockerfile - Required for building psutil wheel on ARM64 architecture - This fixes: "error: command 'gcc' failed: No such file or directory" The GitHub Pages should now correctly display: - Total Workflows: 4,343 - Active Workflows: 434 - Integrations: 268 - Categories: 16 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
63 lines
2.1 KiB
Docker
63 lines
2.1 KiB
Docker
# Use official Python runtime as base image - stable secure version
|
|
FROM python:3.11-slim-bookworm AS base
|
|
|
|
# Security: Set up non-root user first
|
|
RUN groupadd -g 1001 appuser && \
|
|
useradd -m -u 1001 -g appuser appuser
|
|
|
|
# Set environment variables for security and performance
|
|
ENV PYTHONUNBUFFERED=1 \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONHASHSEED=random \
|
|
PIP_NO_CACHE_DIR=1 \
|
|
PIP_DISABLE_PIP_VERSION_CHECK=1 \
|
|
PIP_DEFAULT_TIMEOUT=100 \
|
|
PIP_ROOT_USER_ACTION=ignore \
|
|
DEBIAN_FRONTEND=noninteractive \
|
|
PYTHONIOENCODING=utf-8
|
|
|
|
# Install security updates and build dependencies for ARM64
|
|
RUN apt-get update && \
|
|
apt-get upgrade -y && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
gcc \
|
|
python3-dev \
|
|
&& apt-get autoremove -y \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache \
|
|
&& update-ca-certificates
|
|
|
|
# Create app directory with correct permissions
|
|
WORKDIR /app
|
|
RUN chown -R appuser:appuser /app
|
|
|
|
# Copy requirements as root to ensure they're readable
|
|
COPY --chown=appuser:appuser requirements.txt .
|
|
|
|
# Install Python dependencies with security hardening
|
|
# Use pip without pinning versions for better ARM64 compatibility
|
|
RUN python -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
|
|
python -m pip install --no-cache-dir -r requirements.txt && \
|
|
find /usr/local -type f -name '*.pyc' -delete && \
|
|
find /usr/local -type d -name '__pycache__' -delete
|
|
|
|
# Copy application code with correct ownership
|
|
COPY --chown=appuser:appuser . .
|
|
|
|
# Create necessary directories with correct permissions
|
|
RUN mkdir -p /app/database /app/workflows /app/static /app/src && \
|
|
chown -R appuser:appuser /app
|
|
|
|
# Security: Switch to non-root user
|
|
USER appuser
|
|
|
|
# Healthcheck
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
|
CMD python -c "import requests; requests.get('http://localhost:8000/api/stats')" || exit 1
|
|
|
|
# Expose port (informational)
|
|
EXPOSE 8000
|
|
|
|
# Security: Run with minimal privileges
|
|
CMD ["python", "-u", "run.py", "--host", "0.0.0.0", "--port", "8000"] |