make alpine builds work with docker compose

[valentijnscholten]

The docker compose expects django as target image, not django-alpine.

The release keys for Node where outdated, fixed as well.

[dryrunsecurity]

DryRun Security Summary

The code changes involve updates to two Dockerfiles, with minor image name changes in Dockerfile.django-alpine and Node.js/Yarn version updates in Dockerfile.nginx-alpine, both maintaining security best practices such as using non-root users, secure dependency installation, and proper key management.

Expand for full summary

Summary:

The provided code changes involve updates to two Dockerfiles: Dockerfile.django-alpine and Dockerfile.nginx-alpine. The changes in the Dockerfile.django-alpine file appear to be a minor update to the image name, which is unlikely to have any significant impact on the application's security. The Dockerfile.nginx-alpine file, on the other hand, includes updates to the Node.js and Yarn versions used in the image.

From an application security perspective, both Dockerfiles follow security best practices, such as using a non-root user, installing dependencies securely, and including various entrypoint scripts for different components of the application. The update to the Node.js and Yarn versions in the Dockerfile.nginx-alpine file is a positive change, as it helps keep dependencies up-to-date and address potential security vulnerabilities. Additionally, the secure key management and caching mechanism used in the Dockerfile.nginx-alpine file are also noteworthy security-related features.

Files Changed:

1. Dockerfile.django-alpine:

   • The code change updates the image name from "django-alpine" to "django".
   • The Dockerfile uses a secure and up-to-date Python base image (python:3.11.9-alpine3.20).
   • The Dockerfile installs various system dependencies required for the Django application, including packages for image processing, database connectivity, and security-related libraries.
   • The Dockerfile sets up the necessary environment variables for the Django application, including settings for Celery and uWSGI.
   • The Dockerfile creates a non-root user for running the Django application, which is a good security practice.
   • The Dockerfile includes several entrypoint scripts for running different parts of the Django application.

2. Dockerfile.nginx-alpine:

   • The code changes update the Node.js version from an unspecified version to 20.11.0.
   • The code also updates the Yarn version from an unspecified version to 1.22.19.
   • The code includes the download and verification of GPG keys for both Node.js and Yarn, ensuring the integrity of the downloaded packages.
   • The Dockerfile is designed to leverage the caching mechanism of Docker, which can improve build times and reduce the risk of unnecessary downloads.
   • The code sets several environment variables, such as DD_UWSGI_PASS, DD_UWSGI_HOST, and DD_UWSGI_PORT, which may be used to configure the nginx-alpine image. These variables should be properly sanitized and validated to prevent potential security issues.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[kiblik]

We are on the same page 😀
#11654

[valentijnscholten]

Happy to close mine, but I added another fix that is needed when you're not buildng on x64.

[Maffooch]

I think both PRs can go in