fix: Dockerfile warnings

[fcecagno]

Description

When building the latest code, I got a few warnings from Docker:

5 warnings found (use --debug to expand):
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 8)
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 9)
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 35)
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 144)
- LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 40)

Docker version:

$ docker --version
Docker version 27.0.1, build 7fafd33

This PR doesn't change any functionality, just handles the warnings.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on updating the Docker build infrastructure for the application, including the Dockerfiles for the integration tests, the Django application, and the Nginx web server. The changes primarily involve updating base images, installing dependencies, generating pre-compiled Python packages, and configuring the various components of the application's deployment.

From an application security perspective, the changes introduce several security-conscious practices, such as:

1. Specific Base Image Versions: The Dockerfiles use specific SHA256 digests for the base images, ensuring the same versions are used consistently, which helps with reproducibility and security.
2. Dependency Management: The Dockerfiles install various system-level dependencies required for the application, such as database clients, XML security libraries, and development tools. Proper management of these dependencies is crucial for minimizing the risk of vulnerabilities.
3. User Isolation: The Dockerfiles set up dedicated non-root users to run the application, which helps isolate the application from the host system and reduce the potential impact of security vulnerabilities.
4. Permissions Management: The Dockerfiles set appropriate permissions for the application files and directories, ensuring the application can access the necessary resources while minimizing the risk of unauthorized access or modification.
5. Environment Variable Handling: The Dockerfiles set various environment variables for the application, including sensitive information like admin user details. Ensuring these variables are properly secured and not exposed in the build process is important for maintaining application security.

Overall, the changes in this pull request appear to be focused on improving the build infrastructure and deployment of the application, with a strong emphasis on security best practices. As an application security engineer, I would recommend closely reviewing the application's overall security posture, including the configuration and deployment of the Docker images, to ensure the continued security and integrity of the application.

Files Changed:

1. Dockerfile.integration-tests-debian: This Dockerfile is used for building the Docker image for the application's integration tests. The changes include updating the base images, installing additional dependencies (such as Google Chrome and its driver), and setting up various utility scripts for the integration tests.
2. Dockerfile.django-alpine: This Dockerfile is used for building the Docker image for the Django application running on Alpine Linux. The changes include updating the base image, renaming build stages, and improving the handling of the unit tests.
3. Dockerfile.nginx-alpine: This Dockerfile is used for building the Docker image for the Nginx web server in the application's deployment. The changes include updating the base image, installing Node.js and Yarn, and configuring the Nginx server.
4. Dockerfile.django-debian: This Dockerfile is used for building the Docker image for the Django application running on Debian Linux. The changes include updating the base image, installing dependencies, generating pre-compiled Python packages, and setting up the application's deployment.
5. Dockerfile.nginx-debian: This Dockerfile is used for building the Docker image for the Nginx web server in the Debian-based deployment. The changes include updating the base image, installing additional dependencies, and configuring the Nginx server.

Powered by DryRun Security

[kiblik]

Some linter would be helpful. Would this one help? https://github.com/marketplace/actions/docker-lint If so, it might be added.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.