|
| 1 | +FROM quay.io/centos/centos:stream10-development-minimal |
| 2 | + |
| 3 | + |
| 4 | +EXPOSE 8080 |
| 5 | + |
| 6 | +ENV PYTHON_VERSION=3.12 \ |
| 7 | + PYTHONUNBUFFERED=1 \ |
| 8 | + PYTHONIOENCODING=UTF-8 \ |
| 9 | + LC_ALL=en_US.UTF-8 \ |
| 10 | + LANG=en_US.UTF-8 \ |
| 11 | + CNB_STACK_ID=com.redhat.stacks.ubi10-python-312 \ |
| 12 | + CNB_USER_ID=1001 \ |
| 13 | + CNB_GROUP_ID=0 \ |
| 14 | + PIP_NO_CACHE_DIR=off \ |
| 15 | + # The following variables are usually available from parent s2i images \ |
| 16 | + STI_SCRIPTS_PATH=/usr/libexec/s2i \ |
| 17 | + APP_ROOT=/opt/app-root \ |
| 18 | + HOME=/opt/app-root/src \ |
| 19 | + PLATFORM="el10" |
| 20 | + |
| 21 | +# /opt/app-root/bin - the main venv |
| 22 | +# /opt/app-root/src/bin - app-specific binaries |
| 23 | +# /opt/app-root/src/.local/bin - tools like pipenv |
| 24 | +ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH |
| 25 | + |
| 26 | +# RHEL7 base images automatically set these envvars to run scl_enable. RHEl8 |
| 27 | +# images, however, don't as most images don't need SCLs any more. But we want |
| 28 | +# to run it even on RHEL8, because we set the virtualenv environment as part of |
| 29 | +# that script |
| 30 | +ENV BASH_ENV=${APP_ROOT}/etc/scl_enable \ |
| 31 | + ENV=${APP_ROOT}/etc/scl_enable \ |
| 32 | + PROMPT_COMMAND=". ${APP_ROOT}/etc/scl_enable" |
| 33 | + |
| 34 | +ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \ |
| 35 | + DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ |
| 36 | +building and running various Python $PYTHON_VERSION applications and frameworks. \ |
| 37 | +Python is an easy to learn, powerful programming language. It has efficient high-level \ |
| 38 | +data structures and a simple but effective approach to object-oriented programming. \ |
| 39 | +Python's elegant syntax and dynamic typing, together with its interpreted nature, \ |
| 40 | +make it an ideal language for scripting and rapid application development in many areas \ |
| 41 | +on most platforms." |
| 42 | + |
| 43 | +LABEL summary="$SUMMARY" \ |
| 44 | + description="$DESCRIPTION" \ |
| 45 | + io.k8s.description="$DESCRIPTION" \ |
| 46 | + io.k8s.display-name="Python 3.12" \ |
| 47 | + io.openshift.expose-services="8080:http" \ |
| 48 | + io.openshift.tags="builder,python,python312,python-312,rh-python312" \ |
| 49 | + com.redhat.component="python-312-container" \ |
| 50 | + name="sclorg/python-312-minimal-c10s" \ |
| 51 | + version="1" \ |
| 52 | + usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.12-minimal/test/setup-test-app/ ubi10/python-312-minimal python-sample-app" \ |
| 53 | + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ |
| 54 | + io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-312-minimal" \ |
| 55 | + maintainer="SoftwareCollections.org < [email protected]>" |
| 56 | + |
| 57 | +# Very minimal set of packages |
| 58 | +# Python is obvious in the Python container :) |
| 59 | +# glibc-langpack-en is needed to set locale to en_US and disable warning about it |
| 60 | +# findutils - find command is needed for fix-permissions script |
| 61 | +# nss_wrapper - used in generate_container_user script |
| 62 | +RUN INSTALL_PKGS="python3.12 glibc-langpack-en findutils nss_wrapper" && \ |
| 63 | + microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \ |
| 64 | + microdnf -y clean all --enablerepo='*' |
| 65 | + |
| 66 | +# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH. |
| 67 | +COPY 3.12-minimal/s2i/bin/ $STI_SCRIPTS_PATH |
| 68 | + |
| 69 | +# Copy extra files to the image. |
| 70 | +COPY 3.12-minimal/root/ / |
| 71 | + |
| 72 | +# Python 3.7+ only |
| 73 | +# Yes, the directory below is already copied by the previous command. |
| 74 | +# The problem here is that the wheels directory is copied as a symlink. |
| 75 | +# Only if you specify symlink directly as a source, COPY copies all the |
| 76 | +# files from the symlink destination. |
| 77 | +COPY 3.12/root/opt/wheels /opt/wheels |
| 78 | + |
| 79 | +# This command sets (and also creates if necessary) |
| 80 | +# the home directory - it has to be done here so the latter |
| 81 | +# fix-permissions fixes this directory as well. |
| 82 | +WORKDIR ${HOME} |
| 83 | + |
| 84 | +# - Create a Python virtual environment for use by any application to avoid |
| 85 | +# potential conflicts with Python packages preinstalled in the main Python |
| 86 | +# installation. |
| 87 | +# - In order to drop the root user, we have to make some directories world |
| 88 | +# writable as OpenShift default security model is to run the container |
| 89 | +# under random UID. |
| 90 | +RUN \ |
| 91 | + python3.12 -m venv ${APP_ROOT} && \ |
| 92 | + # We have to upgrade pip to a newer version because \ |
| 93 | + # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \ |
| 94 | + # support platforms like ppc64le, aarch64 or armv7 \ |
| 95 | + # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \ |
| 96 | + # because it's tested better then whatever version from PyPI and contains useful patches. \ |
| 97 | + # We have to do it here so the permissions are correctly fixed and pip is able \ |
| 98 | + # to reinstall itself in the next build phases in the assemble script if user wants the latest version \ |
| 99 | + ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \ |
| 100 | + rm -r /opt/wheels && \ |
| 101 | + chown -R 1001:0 ${APP_ROOT} && \ |
| 102 | + fix-permissions ${APP_ROOT} -P && \ |
| 103 | + rpm-file-permissions |
| 104 | + |
| 105 | +USER 1001 |
| 106 | + |
| 107 | +# Set the default CMD to print the usage of the language image. |
| 108 | +CMD $STI_SCRIPTS_PATH/usage |
0 commit comments