diff --git a/Dockerfile b/Dockerfile index c90f6393..72588f2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -# kics-scan disable=fd54f200-402c-4333-a5a4-36ef6709af2f,b03a748a-542d-44f4-bb86-9199ab4fd2d5 -FROM python:3.9-slim as python-base +# Use the UBI 8 minimal base image +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as python-base ENV PYTHONUNBUFFERED=1 \ # prevents python creating .pyc files @@ -29,31 +29,39 @@ ENV PYTHONUNBUFFERED=1 \ # prepend poetry and venv to path ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH" +RUN microdnf update -y \ + && microdnf install -y python3.9 \ + && microdnf clean all \ + && rm -rf /var/lib/apt/lists/* + FROM python-base as dependencies -RUN apt-get update \ - && apt-get install --no-install-recommends -y \ - # deps for building python deps - build-essential \ - git + +RUN microdnf update -y \ + && microdnf install -y git # install poetry - respects $POETRY_VERSION & $POETRY_HOME RUN python3.9 -m pip install --no-cache-dir --upgrade pip \ - && pip install --no-cache-dir poetry=="$POETRY_VERSION" + && pip install --no-cache-dir poetry=="$POETRY_VERSION" # Cache runtime deps WORKDIR $PYSETUP_PATH -COPY ./ $PYSETUP +COPY ./ $PYSETUP_PATH + +# Install runtime deps +RUN poetry install --without tests,dev --no-root -RUN poetry install --without tests,dev +# install the root project in non-editable mode +RUN poetry build -f wheel -n && \ + pip install --no-cache-dir --no-deps dist/*.whl && \ + rm -rf dist *.egg-info # final image FROM python-base as final COPY --from=dependencies $PYSETUP_PATH $PYSETUP_PATH -RUN apt-get update \ - && apt-get install --no-install-recommends -y git \ - && apt-get clean \ +RUN microdnf install -y git \ + && microdnf clean all \ && rm -rf /var/lib/apt/lists/* COPY ./entrypoint.sh / @@ -61,4 +69,5 @@ COPY ./entrypoint.sh / RUN chmod +x /entrypoint.sh ENTRYPOINT ["python3.9", "-m" , "trestlebot"] +CMD ["--help"] diff --git a/poetry.lock b/poetry.lock index 652f2bc6..c15f875e 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2,24 +2,24 @@ [[package]] name = "anyio" -version = "3.7.1" +version = "4.0.0" description = "High level compatibility layer for multiple asynchronous event loop implementations" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "anyio-3.7.1-py3-none-any.whl", hash = "sha256:91dee416e570e92c64041bd18b900d1d6fa78dff7048769ce5ac5ddad004fbb5"}, - {file = "anyio-3.7.1.tar.gz", hash = "sha256:44a3c9aba0f5defa43261a8b3efb97891f2bd7d804e0e1f56419befa1adfc780"}, + {file = "anyio-4.0.0-py3-none-any.whl", hash = "sha256:cfdb2b588b9fc25ede96d8db56ed50848b0b649dca3dd1df0b11f683bb9e0b5f"}, + {file = "anyio-4.0.0.tar.gz", hash = "sha256:f7ed51751b2c2add651e5747c891b47e26d2a21be5d32d9311dfe9692f3e5d7a"}, ] [package.dependencies] -exceptiongroup = {version = "*", markers = "python_version < \"3.11\""} +exceptiongroup = {version = ">=1.0.2", markers = "python_version < \"3.11\""} idna = ">=2.8" sniffio = ">=1.1" [package.extras] -doc = ["Sphinx", "packaging", "sphinx-autodoc-typehints (>=1.2.0)", "sphinx-rtd-theme (>=1.2.2)", "sphinxcontrib-jquery"] -test = ["anyio[trio]", "coverage[toml] (>=4.5)", "hypothesis (>=4.0)", "mock (>=4)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "uvloop (>=0.17)"] -trio = ["trio (<0.22)"] +doc = ["Sphinx (>=7)", "packaging", "sphinx-autodoc-typehints (>=1.2.0)"] +test = ["anyio[trio]", "coverage[toml] (>=7)", "hypothesis (>=4.0)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "uvloop (>=0.17)"] +trio = ["trio (>=0.22)"] [[package]] name = "argcomplete" @@ -457,9 +457,9 @@ dev = ["gitpython", "livereload", "markdown-include", "mkdocs", "mkdocs-material [package.source] type = "git" -url = "https://github.com/RedHatProductSecurity/compliance-trestle.git" -reference = "bb19091d08025f630379da59cba42b64e4701839" -resolved_reference = "bb19091d08025f630379da59cba42b64e4701839" +url = "https://github.com/IBM/compliance-trestle.git" +reference = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0" +resolved_reference = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0" [[package]] name = "coverage" @@ -1449,13 +1449,13 @@ test = ["appdirs (==1.4.4)", "covdefaults (>=2.3)", "pytest (>=7.4)", "pytest-co [[package]] name = "pluggy" -version = "1.2.0" +version = "1.3.0" description = "plugin and hook calling mechanisms for python" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "pluggy-1.2.0-py3-none-any.whl", hash = "sha256:c2fd55a7d7a3863cba1a013e4e2414658b1d07b6bc57b3919e0c63c9abb99849"}, - {file = "pluggy-1.2.0.tar.gz", hash = "sha256:d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3"}, + {file = "pluggy-1.3.0-py3-none-any.whl", hash = "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7"}, + {file = "pluggy-1.3.0.tar.gz", hash = "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12"}, ] [package.extras] @@ -2161,4 +2161,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = "^3.8.1" -content-hash = "9e1f358be63844ce1effaa60eedef4844f964b939b6b7f6db9f1f0fd6ba74940" +content-hash = "dc135b1d664ebef87813b2f13020f4675f36835b78ff141100033054ca907b17" diff --git a/pyproject.toml b/pyproject.toml index fd463986..d67dd512 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -21,7 +21,7 @@ trestle-bot = "trestlebot.cli:run" [tool.poetry.dependencies] python = '^3.8.1' gitpython = "^3.1.31" -compliance-trestle = {git = "https://github.com/RedHatProductSecurity/compliance-trestle.git", rev = "bb19091d08025f630379da59cba42b64e4701839"} +compliance-trestle = {git = "https://github.com/IBM/compliance-trestle.git", rev = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0"} github3-py = "^4.0.1" python-gitlab = "^3.15.0"