From e1e791aaa06738ebcd37d79dec2b7f02654f7557 Mon Sep 17 00:00:00 2001
From: Jennifer Power <barnabei.jennifer@gmail.com>
Date: Wed, 30 Aug 2023 10:09:33 -0400
Subject: [PATCH 1/2] chore: updates the base images to UBI minimal

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 Dockerfile | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c90f6393..72588f2d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-# kics-scan disable=fd54f200-402c-4333-a5a4-36ef6709af2f,b03a748a-542d-44f4-bb86-9199ab4fd2d5
-FROM python:3.9-slim as python-base
+# Use the UBI 8 minimal base image
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as python-base
 
 ENV PYTHONUNBUFFERED=1 \
     # prevents python creating .pyc files
@@ -29,31 +29,39 @@ ENV PYTHONUNBUFFERED=1 \
 # prepend poetry and venv to path
 ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
 
+RUN microdnf update -y \
+    && microdnf install -y python3.9 \
+    && microdnf clean all \
+    && rm -rf /var/lib/apt/lists/*
+
 FROM python-base as dependencies
-RUN apt-get update \
-    && apt-get install --no-install-recommends -y \
-        # deps for building python deps
-        build-essential \
-        git
+
+RUN microdnf update -y \
+    && microdnf install -y git
 
 # install poetry - respects $POETRY_VERSION & $POETRY_HOME
 RUN  python3.9 -m pip install --no-cache-dir --upgrade pip \
-     && pip install --no-cache-dir poetry=="$POETRY_VERSION"
+    && pip install --no-cache-dir poetry=="$POETRY_VERSION"
 
 # Cache runtime deps
 WORKDIR $PYSETUP_PATH
-COPY ./ $PYSETUP
+COPY ./ $PYSETUP_PATH
+
+# Install runtime deps
+RUN poetry install --without tests,dev --no-root
 
-RUN poetry install --without tests,dev
+# install the root project in non-editable mode
+RUN  poetry build -f wheel -n && \
+  pip install --no-cache-dir --no-deps dist/*.whl && \
+  rm -rf dist *.egg-info
 
 # final image
 FROM python-base as final
 
 COPY --from=dependencies $PYSETUP_PATH $PYSETUP_PATH
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends -y git \
-    && apt-get clean \
+RUN microdnf install -y git \
+    && microdnf clean all \
     && rm -rf /var/lib/apt/lists/*
 
 COPY ./entrypoint.sh /
@@ -61,4 +69,5 @@ COPY ./entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT ["python3.9", "-m" , "trestlebot"]
+CMD ["--help"]
            

From b1827944400d4f7c000bdfd8c4846269d0b844cc Mon Sep 17 00:00:00 2001
From: Jennifer Power <barnabei.jennifer@gmail.com>
Date: Wed, 30 Aug 2023 19:02:00 -0400
Subject: [PATCH 2/2] build(deps): update compliance-trestle dep to the latest
 commit

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 poetry.lock    | 32 ++++++++++++++++----------------
 pyproject.toml |  2 +-
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 652f2bc6..c15f875e 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -2,24 +2,24 @@
 
 [[package]]
 name = "anyio"
-version = "3.7.1"
+version = "4.0.0"
 description = "High level compatibility layer for multiple asynchronous event loop implementations"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "anyio-3.7.1-py3-none-any.whl", hash = "sha256:91dee416e570e92c64041bd18b900d1d6fa78dff7048769ce5ac5ddad004fbb5"},
-    {file = "anyio-3.7.1.tar.gz", hash = "sha256:44a3c9aba0f5defa43261a8b3efb97891f2bd7d804e0e1f56419befa1adfc780"},
+    {file = "anyio-4.0.0-py3-none-any.whl", hash = "sha256:cfdb2b588b9fc25ede96d8db56ed50848b0b649dca3dd1df0b11f683bb9e0b5f"},
+    {file = "anyio-4.0.0.tar.gz", hash = "sha256:f7ed51751b2c2add651e5747c891b47e26d2a21be5d32d9311dfe9692f3e5d7a"},
 ]
 
 [package.dependencies]
-exceptiongroup = {version = "*", markers = "python_version < \"3.11\""}
+exceptiongroup = {version = ">=1.0.2", markers = "python_version < \"3.11\""}
 idna = ">=2.8"
 sniffio = ">=1.1"
 
 [package.extras]
-doc = ["Sphinx", "packaging", "sphinx-autodoc-typehints (>=1.2.0)", "sphinx-rtd-theme (>=1.2.2)", "sphinxcontrib-jquery"]
-test = ["anyio[trio]", "coverage[toml] (>=4.5)", "hypothesis (>=4.0)", "mock (>=4)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "uvloop (>=0.17)"]
-trio = ["trio (<0.22)"]
+doc = ["Sphinx (>=7)", "packaging", "sphinx-autodoc-typehints (>=1.2.0)"]
+test = ["anyio[trio]", "coverage[toml] (>=7)", "hypothesis (>=4.0)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "uvloop (>=0.17)"]
+trio = ["trio (>=0.22)"]
 
 [[package]]
 name = "argcomplete"
@@ -457,9 +457,9 @@ dev = ["gitpython", "livereload", "markdown-include", "mkdocs", "mkdocs-material
 
 [package.source]
 type = "git"
-url = "https://github.com/RedHatProductSecurity/compliance-trestle.git"
-reference = "bb19091d08025f630379da59cba42b64e4701839"
-resolved_reference = "bb19091d08025f630379da59cba42b64e4701839"
+url = "https://github.com/IBM/compliance-trestle.git"
+reference = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0"
+resolved_reference = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0"
 
 [[package]]
 name = "coverage"
@@ -1449,13 +1449,13 @@ test = ["appdirs (==1.4.4)", "covdefaults (>=2.3)", "pytest (>=7.4)", "pytest-co
 
 [[package]]
 name = "pluggy"
-version = "1.2.0"
+version = "1.3.0"
 description = "plugin and hook calling mechanisms for python"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "pluggy-1.2.0-py3-none-any.whl", hash = "sha256:c2fd55a7d7a3863cba1a013e4e2414658b1d07b6bc57b3919e0c63c9abb99849"},
-    {file = "pluggy-1.2.0.tar.gz", hash = "sha256:d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3"},
+    {file = "pluggy-1.3.0-py3-none-any.whl", hash = "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7"},
+    {file = "pluggy-1.3.0.tar.gz", hash = "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12"},
 ]
 
 [package.extras]
@@ -2161,4 +2161,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.8.1"
-content-hash = "9e1f358be63844ce1effaa60eedef4844f964b939b6b7f6db9f1f0fd6ba74940"
+content-hash = "dc135b1d664ebef87813b2f13020f4675f36835b78ff141100033054ca907b17"
diff --git a/pyproject.toml b/pyproject.toml
index fd463986..d67dd512 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,7 +21,7 @@ trestle-bot = "trestlebot.cli:run"
 [tool.poetry.dependencies]
 python = '^3.8.1'
 gitpython = "^3.1.31"
-compliance-trestle = {git = "https://github.com/RedHatProductSecurity/compliance-trestle.git", rev = "bb19091d08025f630379da59cba42b64e4701839"}
+compliance-trestle = {git = "https://github.com/IBM/compliance-trestle.git", rev = "01a5a3358b7f1c35d98ea5ab32d51bbc107ff5a0"}
 github3-py = "^4.0.1"
 python-gitlab = "^3.15.0"