About Deploying Custom Builds Using Your Own Dockerfile

The default Dockerfile built the image from the baseline image (fnproject/python:3.9-dev) and could be missing various latest versions of dependent packages. If you want more control over the Docker image created, you can create your own Dockerfile. When you build or deploy the function, OCI Functions uses the instructions in the custom Dockerfile to build the Docker image.

About Updating All Packages

Make a copy of the default Dockerfile, and include the following command to update packages with latest versions. This command updates all packages with the latest versions, including security updates. Save the Dockerfile to the directory containing the func.yaml file.

RUN microdnf update

Your final version of Dockerfile may resemble the following:

FROM fnproject/python:3.9-dev as build-stage

WORKDIR /function

ADD requirements.txt /function/

                                           RUN pip3 install --target /python/  --no-cache --no-cache-dir -r requirements.txt &&\

                                               rm -fr ~/.cache/pip /tmp* requirements.txt func.yaml Dockerfile .venv &&\

                                               chmod -R o+r /python

ADD . /function/

RUN rm -fr /function/.pip_cache

FROM fnproject/python:3.9

WORKDIR /function

COPY --from=build-stage /python /python

COPY --from=build-stage /function /function

RUN chmod -R o+r /function

ENV PYTHONPATH=/function:/python

RUN microdnf update

ENTRYPOINT ["/python/bin/fdk", "/function/func.py", "handler"]

About Updating Specific Packages

You can update specific CVE or advisory by adding the following commands to your Dockerfile (if you do not want to update all packages).

RUN microdnf install dnf

RUN dnf upgrade --cve CVE-2021-0342

RUN dnf upgrade --advisory ELBA-2024-6977