-
Notifications
You must be signed in to change notification settings - Fork 325
/
Dockerfile.c10s
108 lines (93 loc) · 4.87 KB
/
Dockerfile.c10s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
FROM quay.io/centos/centos:stream10-development-minimal
EXPOSE 8080
ENV PYTHON_VERSION=3.12 \
PYTHONUNBUFFERED=1 \
PYTHONIOENCODING=UTF-8 \
LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
CNB_STACK_ID=com.redhat.stacks.ubi10-python-312 \
CNB_USER_ID=1001 \
CNB_GROUP_ID=0 \
PIP_NO_CACHE_DIR=off \
# The following variables are usually available from parent s2i images \
STI_SCRIPTS_PATH=/usr/libexec/s2i \
APP_ROOT=/opt/app-root \
HOME=/opt/app-root/src \
PLATFORM="el10"
# /opt/app-root/bin - the main venv
# /opt/app-root/src/bin - app-specific binaries
# /opt/app-root/src/.local/bin - tools like pipenv
ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH
# RHEL7 base images automatically set these envvars to run scl_enable. RHEl8
# images, however, don't as most images don't need SCLs any more. But we want
# to run it even on RHEL8, because we set the virtualenv environment as part of
# that script
ENV BASH_ENV=${APP_ROOT}/etc/scl_enable \
ENV=${APP_ROOT}/etc/scl_enable \
PROMPT_COMMAND=". ${APP_ROOT}/etc/scl_enable"
ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \
DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
building and running various Python $PYTHON_VERSION applications and frameworks. \
Python is an easy to learn, powerful programming language. It has efficient high-level \
data structures and a simple but effective approach to object-oriented programming. \
Python's elegant syntax and dynamic typing, together with its interpreted nature, \
make it an ideal language for scripting and rapid application development in many areas \
on most platforms."
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="Python 3.12" \
io.openshift.expose-services="8080:http" \
io.openshift.tags="builder,python,python312,python-312,rh-python312" \
com.redhat.component="python-312-container" \
name="sclorg/python-312-minimal-c10s" \
version="1" \
usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.12-minimal/test/setup-test-app/ ubi10/python-312-minimal python-sample-app" \
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-312-minimal" \
maintainer="SoftwareCollections.org <[email protected]>"
# Very minimal set of packages
# Python is obvious in the Python container :)
# glibc-langpack-en is needed to set locale to en_US and disable warning about it
# findutils - find command is needed for fix-permissions script
# nss_wrapper - used in generate_container_user script
RUN INSTALL_PKGS="python3.12 glibc-langpack-en findutils nss_wrapper-libs" && \
microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
microdnf -y clean all --enablerepo='*'
# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
COPY 3.12-minimal/s2i/bin/ $STI_SCRIPTS_PATH
# Copy extra files to the image.
COPY 3.12-minimal/root/ /
# Python 3.7+ only
# Yes, the directory below is already copied by the previous command.
# The problem here is that the wheels directory is copied as a symlink.
# Only if you specify symlink directly as a source, COPY copies all the
# files from the symlink destination.
COPY 3.12/root/opt/wheels /opt/wheels
# This command sets (and also creates if necessary)
# the home directory - it has to be done here so the latter
# fix-permissions fixes this directory as well.
WORKDIR ${HOME}
# - Create a Python virtual environment for use by any application to avoid
# potential conflicts with Python packages preinstalled in the main Python
# installation.
# - In order to drop the root user, we have to make some directories world
# writable as OpenShift default security model is to run the container
# under random UID.
RUN \
python3.12 -m venv ${APP_ROOT} && \
# We have to upgrade pip to a newer version because \
# pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
# support platforms like ppc64le, aarch64 or armv7 \
# We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
# because it's tested better then whatever version from PyPI and contains useful patches. \
# We have to do it here so the permissions are correctly fixed and pip is able \
# to reinstall itself in the next build phases in the assemble script if user wants the latest version \
${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
rm -r /opt/wheels && \
chown -R 1001:0 ${APP_ROOT} && \
fix-permissions ${APP_ROOT} -P && \
rpm-file-permissions
USER 1001
# Set the default CMD to print the usage of the language image.
CMD $STI_SCRIPTS_PATH/usage