Adiciona Dockerfile Makefile docker-compose.yml #1483
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| - | - | Generic Password | 4c6fea5 | scielomanager/docker-compose.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
There was a problem hiding this comment.
Pull Request Overview
This PR adds Docker containerization support to the SciELO Manager project by introducing Docker Compose orchestration, a Dockerfile for the Django application, and a comprehensive Makefile for development workflow management.
- Adds complete Docker development environment with PostgreSQL, Redis, and Elasticsearch services
- Creates Dockerfile for Python 2.7/Django 1.4 legacy application with specific package versions
- Provides Makefile with 25+ development commands for container management and Django operations
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| docker-compose.yml | Orchestrates multi-service environment with database, cache, search, and application containers |
| Dockerfile | Builds Python 2.7 container with legacy Django dependencies and system packages |
| Makefile | Provides development workflow commands for Docker operations and Django management |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| condition: service_healthy | ||
| elasticsearch: | ||
| condition: service_healthy | ||
| user: root # For development only |
There was a problem hiding this comment.
Running containers as root user creates security risks. Consider using a non-privileged user or removing the user directive to use the default user from the Dockerfile.
| - db | ||
| - redis | ||
| - elasticsearch | ||
| user: root # For development only |
There was a problem hiding this comment.
Running containers as root user creates security risks. Consider using a non-privileged user or removing the user directive to use the default user from the Dockerfile.
| depends_on: | ||
| - db | ||
| - redis | ||
| user: root # For development only |
There was a problem hiding this comment.
Running containers as root user creates security risks. Consider using a non-privileged user or removing the user directive to use the default user from the Dockerfile.
| user: root # For development only |
| services: | ||
| # PostgreSQL Database | ||
| db: | ||
| image: postgres:9.6-alpine |
There was a problem hiding this comment.
PostgreSQL 9.6 reached end-of-life in November 2021 and no longer receives security updates. Consider upgrading to a supported version like postgres:13-alpine or newer.
| image: postgres:9.6-alpine | |
| image: postgres:13-alpine |
| # Elasticsearch 1.x for legacy compatibility | ||
| elasticsearch: | ||
| image: elasticsearch:1.7.6 | ||
| environment: | ||
| - discovery.type=single-node | ||
| - ES_JAVA_OPTS=-Xms512m -Xmx512m | ||
| ports: | ||
| - "9200:9200" | ||
| - "9300:9300" | ||
| volumes: | ||
| - es_data:/usr/share/elasticsearch/data |
There was a problem hiding this comment.
Elasticsearch 1.7.6 is extremely outdated (released in 2015) and contains multiple known security vulnerabilities. Consider upgrading to a supported version or use OpenSearch as an alternative.
| # Elasticsearch 1.x for legacy compatibility | |
| elasticsearch: | |
| image: elasticsearch:1.7.6 | |
| environment: | |
| - discovery.type=single-node | |
| - ES_JAVA_OPTS=-Xms512m -Xmx512m | |
| ports: | |
| - "9200:9200" | |
| - "9300:9300" | |
| volumes: | |
| - es_data:/usr/share/elasticsearch/data | |
| # OpenSearch (replacement for Elasticsearch 1.x) | |
| elasticsearch: | |
| image: opensearchproject/opensearch:2.13.0 | |
| environment: | |
| - discovery.type=single-node | |
| - DISABLE_INSTALL_DEMO_CONFIG=true | |
| - DISABLE_SECURITY_PLUGIN=true | |
| - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m | |
| ports: | |
| - "9200:9200" | |
| - "9600:9600" | |
| volumes: | |
| - es_data:/usr/share/opensearch/data |
| @@ -0,0 +1,97 @@ | |||
| # Use Python 2.7 as Django < 1.5 requires Python 2 | |||
| FROM python:2.7-slim-buster | |||
There was a problem hiding this comment.
Python 2.7 reached end-of-life in January 2020 and no longer receives security updates. This creates significant security risks for production deployments.
| POSTGRES_DB: scielo_db | ||
| POSTGRES_USER: scielo_user | ||
| POSTGRES_PASSWORD: scielo_pass |
There was a problem hiding this comment.
Database credentials are hardcoded in plain text. Use environment variables or Docker secrets for sensitive configuration data.
1 participant
No description provided.