[build] pin setuptools to avoid installation failures

This PR applies the recommendation from the generated requirements file to use the `--allow-unsafe`: ``` ``` The PR also removes the pinned minor version of the base image. Closes #768
interuss · Sep 6, 2024 · fdb0744 · fdb0744
1 parent bd8d6e6
commit fdb0744
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -120,8 +120,13 @@ restart-all: stop-uss-mocks down-locally start-locally start-uss-mocks
 restart-uss-mocks: stop-uss-mocks start-uss-mocks
 
 # To be run locally whenever a direct dependency has been updated in requirements.in
+# --allow-unsafe allows us to pin setuptools
 .PHONY: update-pinned-dependencies
 update-pinned-dependencies:
-	./scripts/pip_tools/pip_compile.sh --generate-hashes --output-file=requirements.txt requirements.in
+	./scripts/pip_tools/pip_compile.sh \
+		--generate-hashes \
+		--allow-unsafe \
+		--output-file=requirements.txt \
+		requirements.in
 
 
diff --git a/monitoring/Dockerfile b/monitoring/Dockerfile
@@ -9,7 +9,7 @@
 #
 # This image is intended to be built from the repository root context/folder.
 
-FROM python:3.12.4-slim
+FROM python:3.12-slim
 # Not -alpine because: https://stackoverflow.com/a/58028091/651139
 
 # Install system tools

diff --git a/requirements.in b/requirements.in
@@ -43,6 +43,7 @@ pyyaml==6.0.1
 requests==2.31.0
 s2sphere==0.2.5
 scipy==1.13.0
+setuptools==72.1.0
 shapely==1.7.1
 structlog==21.5.0  # deployment_manager
 termcolor==1.1.0

diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
-#    pip-compile --generate-hashes --output-file=requirements.txt requirements.in
+#    pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt requirements.in
 #
 aiohttp==3.9.2 \
     --hash=sha256:00a9abcea793c81e7f8778ca195a1714a64f6d7436c4c0bb168ad2a212627000 \
@@ -1778,7 +1778,13 @@ zope-interface==6.3 \
     --hash=sha256:f95bebd0afe86b2adc074df29edb6848fc4d474ff24075e2c263d698774e108d
     # via gevent
 
-# WARNING: The following packages were not pinned, but pip requires them to be
-# pinned when the requirements file includes hashes and the requirement is not
-# satisfied by a package already installed. Consider using the --allow-unsafe flag.
-# setuptools
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==72.1.0 \
+    --hash=sha256:5a03e1860cf56bb6ef48ce186b0e557fdba433237481a9a625176c2831be15d1 \
+    --hash=sha256:8d243eff56d095e5817f796ede6ae32941278f542e0f941867cc05ae52b162ec
+    # via
+    #   -r requirements.in
+    #   gunicorn
+    #   kubernetes
+    #   zope-event
+    #   zope-interface