From 3a37f06dc6174060eea0209d25a5d11b3da2a118 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:14:24 +0400
Subject: [PATCH 1/6] Switch .dockerignore to whitelist approach

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 .dockerignore | 63 +++++++++++++++++++--------------------------------
 1 file changed, 23 insertions(+), 40 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 33f1d990..944ff270 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,40 +1,23 @@
-**/.*
-**/.git
-**/.gitignore
-**/.github
-**/.vscode
-**/.idea
-**/coverage
-**/.aws
-**/.ssh
-**/.DS_Store
-**/.aof
-**/venv
-**/.venv
-**/env
-**/bin
-# **/docs we want to keep dje/templates/rest_framework/docs/
-docs/
-# **/dist we want to keep ./thirdparty/dist/
-# **/etc we need to keep ./etc/
-**/lib
-**/include
-**/share
-**/var
-**/*.egg-info
-**/*.log
-**/__pycache__
-**/.*cache
-*.pyc
-.dockerignore
-.readthedocs.yaml
-docker.env
-.env
-Makefile
-Dockerfile
-README.rst
-CHANGELOG.rst
-CONTRIBUTING.rst
-MANIFEST.in
-docker-compose.yml
-pyvenv.cfg
+# Ignore everything
+*
+
+# Allow only what the build needs
+!component_catalog/
+!data/
+!dejacode/
+!dejacode_toolkit/
+!dje/
+!license_library/
+!notification/
+!organization/
+!policy/
+!product_portfolio/
+!purldb/
+!reporting/
+!thirdparty/
+!vulnerability/
+!workflow/
+!LICENSE
+!manage.py
+!NOTICE
+!pyproject.toml

From 42a910c318a0f7a49898d301b90dc0937bc5f8a5 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:14:46 +0400
Subject: [PATCH 2/6] Set name and pin down image dependencies in compose file

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 docker-compose.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fb853b70..7531bf62 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,7 @@
+name: dejacode
 services:
   db:
-    image: postgres:16
+    image: docker.io/library/postgres:16.13
     env_file:
       - docker.env
     volumes:
@@ -15,7 +16,7 @@ services:
       retries: 5
 
   redis:
-    image: redis:alpine
+    image: docker.io/library/redis:8.6-alpine
     # Enable redis data persistence using the "Append Only File" with the
     # default policy of fsync every second. See https://redis.io/topics/persistence
     command: redis-server --appendonly yes
@@ -78,7 +79,7 @@ services:
       - web
 
   nginx:
-    image: nginx:alpine
+    image: docker.io/library/nginx:1.29-alpine
     ports:
       - "${NGINX_PUBLISHED_HTTP_PORT:-80}:80"
       - "${NGINX_PUBLISHED_HTTPS_PORT:-443}:443"
@@ -91,7 +92,7 @@ services:
     restart: always
 
   clamav:
-    image: clamav/clamav
+    image: docker.io/clamav/clamav:1.5_base
     volumes:
       - clamav_data:/var/lib/clamav
       - media:/var/dejacode/media

From a177758c92bf67c9b9bc60d383a798749f446455 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:15:18 +0400
Subject: [PATCH 3/6] Fix the build warning in Dockerfile

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a56a4615..058abaea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,8 +27,8 @@ ENV VENV_LOCATION=/opt/$APP_NAME/.venv
 ENV PYTHONUNBUFFERED=1
 # Do not write Python .pyc files
 ENV PYTHONDONTWRITEBYTECODE=1
-# Add the app dir in the Python path for entry points availability
-ENV PYTHONPATH=$PYTHONPATH:$APP_DIR
+# Set the app dir in the Python path for entry points availability
+ENV PYTHONPATH=$APP_DIR
 
 # OS requirements
 RUN apt-get update \

From 51cdf5c072fb358e0718c353f78827f36fc51e24 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:16:07 +0400
Subject: [PATCH 4/6] Refine build and bash commands in Makefile

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 Makefile | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 88ac3d48..3a976ae2 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,7 @@ DB_CONTAINER_NAME=db
 DB_INIT_FILE=./data/postgresql/initdb.sql.gz
 POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8
 TIMESTAMP=$(shell date +"%Y-%m-%d_%H%M")
+IMAGE_NAME=dejacode
 
 # Use sudo for postgres, only on Linux
 UNAME := $(shell uname)
@@ -156,11 +157,11 @@ docs:
 	@${ACTIVATE} sphinx-build -b html ${DOCS_LOCATION} ${DOCS_LOCATION}/_build/html/
 
 build:
-	@echo "-> Build the Docker images"
-	${DOCKER_COMPOSE} build
+	@echo "-> Build the Docker image"
+	docker build -t $(IMAGE_NAME) .
 
 bash:
-	${DOCKER_EXEC} web bash
+	docker run -it $(IMAGE_NAME) bash
 
 shell:
 	${DOCKER_EXEC} web ./manage.py shell

From 3655a445de0feada849729fb7de467b742d708ce Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:54:50 +0400
Subject: [PATCH 5/6] Remove the open port for clamav service

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7531bf62..1a5b033d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -96,8 +96,6 @@ services:
     volumes:
       - clamav_data:/var/lib/clamav
       - media:/var/dejacode/media
-    ports:
-      - "3310:3310"
     restart: always
 
 volumes:

From 08355d2c38bfe83b92e504eb8fa4d45ca019d4c9 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@aboutcode.org>
Date: Mon, 6 Apr 2026 15:55:10 +0400
Subject: [PATCH 6/6] Add missing aboutcode/ and vulnerabilities/ for the build

Signed-off-by: tdruez <tdruez@aboutcode.org>
---
 .dockerignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.dockerignore b/.dockerignore
index 944ff270..1eb63a0d 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,6 +2,7 @@
 *
 
 # Allow only what the build needs
+!aboutcode/
 !component_catalog/
 !data/
 !dejacode/
@@ -15,7 +16,7 @@
 !purldb/
 !reporting/
 !thirdparty/
-!vulnerability/
+!vulnerabilities/
 !workflow/
 !LICENSE
 !manage.py