phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-25 18:54:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

(Fix) security of base image (#7620)

Browse source 
* fix security of base images

* fix dockerfile
This commit is contained in:
Ishaan Jaff 2025-01-07 20:35:57 -08:00 committed by GitHub
parent 59133e8fe6
commit 60c89a3e8a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 26 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
Dockerfile
View file

@ -1,18 +1,20 @@
# Base image for building # Base image for building
ARG LITELLM_BUILD_IMAGE=python:3.13.1-slim ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/python:latest-dev
# Runtime image # Runtime image
ARG LITELLM_RUNTIME_IMAGE=python:3.13.1-slim ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/python:latest-dev
# Builder stage # Builder stage
FROM $LITELLM_BUILD_IMAGE AS builder FROM $LITELLM_BUILD_IMAGE AS builder
# Set the working directory to /app # Set the working directory to /app
WORKDIR /app WORKDIR /app
USER root
# Install build dependencies # Install build dependencies
RUN apt-get clean && apt-get update && \ RUN apk update && \
apt-get install -y gcc python3-dev && \ apk add --no-cache gcc python3-dev openssl openssl-dev
rm -rf /var/lib/apt/lists/*
RUN pip install --upgrade pip && \ RUN pip install --upgrade pip && \
pip install build pip install build
@ -49,8 +51,12 @@ RUN chmod +x docker/build_admin_ui.sh && ./docker/build_admin_ui.sh
# Runtime stage # Runtime stage
FROM $LITELLM_RUNTIME_IMAGE AS runtime FROM $LITELLM_RUNTIME_IMAGE AS runtime
# Update dependencies and clean up - handles debian security issue # Ensure runtime stage runs as root
RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/* USER root
# Install runtime dependencies
RUN apk update && \
apk add --no-cache openssl
WORKDIR /app WORKDIR /app
# Copy the current directory contents into the container at /app # Copy the current directory contents into the container at /app

20
docker/Dockerfile.database
View file

@ -1,18 +1,20 @@
# Base image for building # Base image for building
ARG LITELLM_BUILD_IMAGE=python:3.13.1-slim ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/python:latest-dev
# Runtime image # Runtime image
ARG LITELLM_RUNTIME_IMAGE=python:3.13.1-slim ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/python:latest-dev
# Builder stage # Builder stage
FROM $LITELLM_BUILD_IMAGE AS builder FROM $LITELLM_BUILD_IMAGE AS builder
# Set the working directory to /app # Set the working directory to /app
WORKDIR /app WORKDIR /app
USER root
# Install build dependencies # Install build dependencies
RUN apt-get clean && apt-get update && \ RUN apk update && \
apt-get install -y gcc python3-dev && \ apk add --no-cache gcc python3-dev openssl openssl-dev
rm -rf /var/lib/apt/lists/*
RUN pip install --upgrade pip && \ RUN pip install --upgrade pip && \
pip install build pip install build
@ -38,8 +40,12 @@ RUN pip wheel --no-cache-dir --wheel-dir=/wheels/ -r requirements.txt
# Runtime stage # Runtime stage
FROM $LITELLM_RUNTIME_IMAGE AS runtime FROM $LITELLM_RUNTIME_IMAGE AS runtime
# Update dependencies and clean up - handles debian security issue # Ensure runtime stage runs as root
RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/* USER root
# Install runtime dependencies
RUN apk update && \
apk add --no-cache openssl
WORKDIR /app WORKDIR /app
# Copy the current directory contents into the container at /app # Copy the current directory contents into the container at /app