Merge pull request #42 from jpower432/chore/update-to-ubi

chore: updates the base images to UBI minimal
RedHatProductSecurity · Sep 1, 2023 · a6c90f4 · a6c90f4
2 parents e6e0d6f + b182794
commit a6c90f4
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 30 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
-# kics-scan disable=fd54f200-402c-4333-a5a4-36ef6709af2f,b03a748a-542d-44f4-bb86-9199ab4fd2d5
-FROM python:3.9-slim as python-base
+# Use the UBI 8 minimal base image
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as python-base
 
 ENV PYTHONUNBUFFERED=1 \
     # prevents python creating .pyc files
@@ -29,36 +29,45 @@ ENV PYTHONUNBUFFERED=1 \
 # prepend poetry and venv to path
 ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
 
+RUN microdnf update -y \
+    && microdnf install -y python3.9 \
+    && microdnf clean all \
+    && rm -rf /var/lib/apt/lists/*
+
 FROM python-base as dependencies
-RUN apt-get update \
-    && apt-get install --no-install-recommends -y \
-        # deps for building python deps
-        build-essential \
-        git
+
+RUN microdnf update -y \
+    && microdnf install -y git
 
 # install poetry - respects $POETRY_VERSION & $POETRY_HOME
 RUN  python3.9 -m pip install --no-cache-dir --upgrade pip \
-     && pip install --no-cache-dir poetry=="$POETRY_VERSION"
+    && pip install --no-cache-dir poetry=="$POETRY_VERSION"
 
 # Cache runtime deps
 WORKDIR $PYSETUP_PATH
-COPY ./ $PYSETUP
+COPY ./ $PYSETUP_PATH
+
+# Install runtime deps
+RUN poetry install --without tests,dev --no-root
 
-RUN poetry install --without tests,dev
+# install the root project in non-editable mode
+RUN  poetry build -f wheel -n && \
+  pip install --no-cache-dir --no-deps dist/*.whl && \
+  rm -rf dist *.egg-info
 
 # final image
 FROM python-base as final
 
 COPY --from=dependencies $PYSETUP_PATH $PYSETUP_PATH
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends -y git \
-    && apt-get clean \
+RUN microdnf install -y git \
+    && microdnf clean all \
     && rm -rf /var/lib/apt/lists/*
 
 COPY ./entrypoint.sh /
 
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT ["python3.9", "-m" , "trestlebot"]
+CMD ["--help"]
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -21,7 +21,7 @@ trestle-bot = "trestlebot.cli:run"
 [tool.poetry.dependencies]
 python = '^3.8.1'
 gitpython = "^3.1.31"
-compliance-trestle = {git = "https://github.com/RedHatProductSecurity/compliance-trestle.git", rev = "bb19091d08025f630379da59cba42b64e4701839"}
+compliance-trestle = {git = "https://github.com/IBM/compliance-trestle.git", rev = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0"}
 github3-py = "^4.0.1"
 python-gitlab = "^3.15.0"