Use UBI9 base image for container build

This changes the container build to use UBI9 so that it is supportable
by a major user (Red Hat) with subscription enabled repositories. The
change requires using createrepo_c from PyPyi since the createrepo_c rpm
is not distributed as part of the UBI9 content set and it is desireable
to keep this image freely redistributable. Chaniging to UBI keeps
maintenance to a minimum (just one image flavor) but in the future
multiple images could be maintained if required.

Signed-off-by: Brian Cook <[email protected]>

Dockerfile

@@ -1,19 +1,19 @@
-FROM docker.io/library/rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 as rockylinux9
+FROM registry.access.redhat.com/ubi9/ubi@sha256:763f30167f92ec2af02bf7f09e75529de66e98f05373b88bef3c631cdcc39ad8 as ubi
 FROM docker.io/library/golang:1.20.0-bullseye as golang_120
 FROM docker.io/library/golang:1.21.0-bullseye as golang_121
 FROM docker.io/library/node:22.3.0-bullseye as node_223
 
 ########################
 # PREPARE OUR BASE IMAGE
 ########################
-FROM rockylinux9 as base
+FROM ubi as base
 RUN dnf -y install \
     --setopt install_weak_deps=0 \
     --nodocs \
-    createrepo_c \
     git-core \
     python3 \
-    && dnf clean all
+    subscription-manager && \   
+    dnf clean all
 
 ######################
 # BUILD/INSTALL CACHI2
@@ -52,6 +52,7 @@ COPY --from=builder /src/utils/merge_syft_sbom.py /usr/local/bin/merge_syft_sbom
 RUN ln -s /usr/local/lib/corepack/dist/corepack.js /usr/local/bin/corepack && \
     ln -s /usr/local/lib/corepack/dist/yarn.js /usr/local/bin/yarn && \
     ln -s /usr/local/go/go1.21/bin/go /usr/local/bin/go && \
+    ln -s /venv/bin/createrepo_c /usr/local/bin/createrepo_c && \
     ln -s /venv/bin/cachi2 /usr/local/bin/cachi2
 
 ENTRYPOINT ["/usr/local/bin/cachi2"]

cachi2/core/package_managers/yarn/resolver.py

@@ -285,6 +285,8 @@ def log_for_locator(msg: str, *args: Any, level: int = logging.DEBUG) -> None:
 
         locator = package.parsed_locator
         checksum = package.checksum
+        name = None
+        version = None
 
         if isinstance(locator, NpmLocator):
             # npm dependencies have reliable names and versions in yarn info output

pyproject.toml

@@ -37,6 +37,7 @@ dependencies = [
   "setuptools",
   "tomli",
   "typer",
+  "createrepo-c",
 ]
 [project.optional-dependencies]
 dev = [

requirements-extras.txt

@@ -361,6 +361,17 @@ coverage[toml]==7.5.4 \
     --hash=sha256:e564c2cf45d2f44a9da56f4e3a26b2236504a496eb4cb0ca7221cd4cc7a9aca9 \
     --hash=sha256:ed550e7442f278af76d9d65af48069f1fb84c9f745ae249c1a183c1e9d1b025c
     # via pytest-cov
+createrepo-c==1.1.3 \
+    --hash=sha256:1d32a56940bb0930bf97993254943e4ab777b6da10ac6b3b4fc36026d5da5997 \
+    --hash=sha256:3e8140219e5ad95adcc3171fec2d77d84252c91ca602b7f93252cde9fa82a724 \
+    --hash=sha256:44018f61e5cf92e21e7554f838c81ba19cb47b13e22a6ac2b3c7bdfece26ca60 \
+    --hash=sha256:656e8306a9a3e78feaf1d28875491ca2496a57b9463c3055083c80175731d940 \
+    --hash=sha256:75db8f6ca43fd48f8bd29d2d7d6bab5f6450bafd5c017410f31ca24ee19a0edb \
+    --hash=sha256:a3f7cc31bf6832a42242ad50009319a12b91948bde8c267a5798fb11f8d47ed6 \
+    --hash=sha256:be3b655cec6d5512a2352691ef0d632cdd355319c3e1048c4dc17510f599c8a5 \
+    --hash=sha256:cc1881c99aca5b72ff5462d9e484c75d417ba5f5a96563cb8a8ad752f6200451 \
+    --hash=sha256:d90edc78281e8fd11b7d8d9dbf0951154a02cba1b5be5eeb5dd7a6a4f1c77c1c
+    # via cachi2 (pyproject.toml)
 exceptiongroup==1.2.1 \
     --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
     --hash=sha256:a4785e48b045528f5bfe627b6ad554ff32def154f42372786903b7abcfe1aa16

requirements.txt

@@ -270,6 +270,17 @@ click==8.1.7 \
     --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
     --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
     # via typer
+createrepo-c==1.1.3 \
+    --hash=sha256:1d32a56940bb0930bf97993254943e4ab777b6da10ac6b3b4fc36026d5da5997 \
+    --hash=sha256:3e8140219e5ad95adcc3171fec2d77d84252c91ca602b7f93252cde9fa82a724 \
+    --hash=sha256:44018f61e5cf92e21e7554f838c81ba19cb47b13e22a6ac2b3c7bdfece26ca60 \
+    --hash=sha256:656e8306a9a3e78feaf1d28875491ca2496a57b9463c3055083c80175731d940 \
+    --hash=sha256:75db8f6ca43fd48f8bd29d2d7d6bab5f6450bafd5c017410f31ca24ee19a0edb \
+    --hash=sha256:a3f7cc31bf6832a42242ad50009319a12b91948bde8c267a5798fb11f8d47ed6 \
+    --hash=sha256:be3b655cec6d5512a2352691ef0d632cdd355319c3e1048c4dc17510f599c8a5 \
+    --hash=sha256:cc1881c99aca5b72ff5462d9e484c75d417ba5f5a96563cb8a8ad752f6200451 \
+    --hash=sha256:d90edc78281e8fd11b7d8d9dbf0951154a02cba1b5be5eeb5dd7a6a4f1c77c1c
+    # via cachi2 (pyproject.toml)
 frozenlist==1.4.1 \
     --hash=sha256:04ced3e6a46b4cfffe20f9ae482818e34eba9b5fb0ce4056e4cc9b6e212d09b7 \
     --hash=sha256:0633c8d5337cb5c77acbccc6357ac49a1770b8c487e5b3505c57b949b4b82e98 \

tests/unit/package_managers/conftest.py

@@ -1,5 +1,4 @@
 import copy
-import os
 import tempfile
 from pathlib import Path
 from typing import Any, Generator, Optional, Union
@@ -195,10 +194,10 @@ def fake_repo() -> Generator[tuple[Union[str, bytes], Union[str, bytes]], Any, N
         r = git.Repo.init(repo_dir)
         r.git.config("user.name", "tester")
         r.git.config("user.email", "tester@localhost")
-        open(os.path.join(repo_dir, "readme.rst"), "w").close()
+        Path(repo_dir, "readme.rst").touch()
         r.index.add(["readme.rst"])
         r.index.commit("first commit", skip_hooks=True)
-        open(os.path.join(repo_dir, "main.py"), "w").close()
+        Path(repo_dir, "main.py").touch()
         r.index.add(["main.py"])
         r.index.commit("add main source", skip_hooks=True)
         yield repo_dir, repo_dir.lstrip("/")

tests/unit/package_managers/test_gomod.py

@@ -6,7 +6,6 @@
 import textwrap
 from pathlib import Path
 from string import Template
-from textwrap import dedent
 from typing import Any, Iterator, Optional, Tuple, Union
 from unittest import mock
 
@@ -418,7 +417,7 @@ def test_resolve_gomod_no_deps(
 ) -> None:
     module_path = gomod_request.source_dir.join_within_root("path/to/module")
 
-    mock_pkg_deps_no_deps = dedent(
+    mock_pkg_deps_no_deps = textwrap.dedent(
         """
         {
             "ImportPath": "github.com/release-engineering/retrodep/v2",
@@ -528,7 +527,7 @@ def test_resolve_gomod_suspicious_symlinks(symlinked_file: str, gomod_request: R
         (None, set()),
         ("", set()),
         (
-            dedent(
+            textwrap.dedent(
                 """
                 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 
@@ -565,7 +564,7 @@ def test_parse_go_sum(
 
 
 def test_parse_broken_go_sum(rooted_tmp_path: RootedPath, caplog: pytest.LogCaptureFixture) -> None:
-    go_sum_content = dedent(
+    go_sum_content = textwrap.dedent(
         """\
         github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
         github.com/davecgh/go-spew v1.1.0/go.mod
@@ -626,7 +625,7 @@ def test_parse_local_modules(go: mock.Mock, version_resolver: mock.Mock) -> None
     (
         pytest.param(
             "/home/my-projects/simple-project",
-            dedent(
+            textwrap.dedent(
                 """
                 {
                     "Path": "github.com/my-org/simple-project",
@@ -651,7 +650,7 @@ def test_parse_local_modules(go: mock.Mock, version_resolver: mock.Mock) -> None
         ),
         pytest.param(
             "/home/my-projects/project-with-workspaces",
-            dedent(
+            textwrap.dedent(
                 """
                 {
                     "Path": "github.com/my-org/project-with-workspaces",