From b141050f001ee9e6b2cea1cc15ef433bbd0222d1 Mon Sep 17 00:00:00 2001
From: matt-codecov <137832199+matt-codecov@users.noreply.github.com>
Date: Mon, 15 Apr 2024 12:27:08 -0700
Subject: [PATCH] chore: use debian base images instead of alpine (#285)

* chore: use debian base images instead of alpine

* fix test_env makefile stuff

* fix mutation
---
 Makefile                       |  6 ++---
 docker/Dockerfile.requirements | 44 ++++++++++++++++++----------------
 worker.sh                      |  2 +-
 3 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/Makefile b/Makefile
index 4b25f51c4..fdc99d4e2 100644
--- a/Makefile
+++ b/Makefile
@@ -204,7 +204,7 @@ test_env.install_cli:
 	pip install --no-cache-dir codecov-cli==$(CODECOV_CLI_VERSION)
 
 test_env.container_prepare:
-	apk add -U curl git build-base jq
+	apt-get install -y git build-essential netcat-traditional
 	make test_env.install_cli
 	git config --global --add safe.directory /worker
 
@@ -252,7 +252,7 @@ test_env.run_mutation:
 	docker-compose exec worker make test_env.container_mutation
 
 test_env.container_mutation:
-	apk add git
+	apt-get install -y git
 	git diff origin/main ${full_sha} > data.patch
 	pip install mutmut[patch]
 	mutmut run --use-patch-file data.patch || true
@@ -264,4 +264,4 @@ test_env:
 	make test_env.prepare
 	make test_env.check_db
 	make test_env.run_unit
-	make test_env.run_integration
\ No newline at end of file
+	make test_env.run_integration
diff --git a/docker/Dockerfile.requirements b/docker/Dockerfile.requirements
index 9eec1c004..56d138e96 100644
--- a/docker/Dockerfile.requirements
+++ b/docker/Dockerfile.requirements
@@ -1,24 +1,26 @@
 # syntax=docker/dockerfile:1.4
-ARG PYTHON_IMAGE=python:3.10.13-alpine3.18
+ARG PYTHON_IMAGE=python:3.10.13-slim-bookworm
+
 # BUILD STAGE
 FROM $PYTHON_IMAGE as build
 
-RUN apk add --upgrade --no-cache apk-tools && \
-    apk add --update --no-cache \
-    git \
-    openssh \
-    postgresql-dev \
-    musl-dev \
-    libxslt-dev \
-    python3-dev \
+# Pinning a specific nightly version so that builds don't suddenly break if a
+# "this feature is now stabilized" warning is promoted to an error or something.
+# We would like to keep up with nightly if we can.
+ARG RUST_VERSION=nightly-2023-02-22
+ENV RUST_VERSION=${RUST_VERSION}
+
+RUN apt-get update
+RUN apt-get install -y \
+    build-essential \
     libffi-dev \
-    gcc \
-    libcurl \
-    build-base \
-    curl-dev \
-    rust \
-    cargo \
-    && pip install --upgrade pip
+    libpq-dev \
+    curl
+
+# Install Rust
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
+    | bash -s -- -y --default-toolchain $RUST_VERSION
+ENV PATH="/root/.cargo/bin:$PATH"
 
 COPY requirements.txt /
 WORKDIR /pip-packages/
@@ -27,16 +29,18 @@ ENV PYCURL_SSL_LIBRARY=openssl
 RUN pip wheel --no-cache-dir -r /requirements.txt
 RUN rm -rf /pip-packages/src
 
-
 # RUNTIME STAGE - Copy packages from build stage and install runtime dependencies
 FROM $PYTHON_IMAGE
 
-RUN apk add --upgrade --no-cache apk-tools busybox expat libretls postgresql-libs gcc libxslt-dev curl make
+RUN apt-get update
+RUN apt-get install -y \
+    libpq-dev \
+    make
 
 WORKDIR /pip-packages/
 COPY --from=build /pip-packages/ /pip-packages/
 
-
 RUN pip install --no-deps --no-index --find-links=/pip-packages/ /pip-packages/*
 
-RUN addgroup -S application && adduser -S codecov -G application
+RUN addgroup --system application \
+    && adduser --system codecov --ingroup application --home /home/codecov
diff --git a/worker.sh b/worker.sh
index 17d697bf4..049973068 100755
--- a/worker.sh
+++ b/worker.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 if [ -n "$PROMETHEUS_MULTIPROC_DIR" ]; then
     rm -r "$PROMETHEUS_MULTIPROC_DIR" 2> /dev/null