From a1b9e94eabcf5f430dfcb8a03b0d2d407369501f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 2 Feb 2024 05:10:50 -0500 Subject: [PATCH 01/25] Use the full identifier for source Docker images This helps ensure that when a Docker image is built the expacted source image is used regardless of what repository is configured as the default on the host system. It also makes our Dockerfiles more seamlessly convertible to using the GitHub Container Registry or any other Open Container Initiative (OCI) compatible registry. --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fc7b5c2..e4a610d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ ARG VERSION=unspecified -FROM python:3.12.0-alpine +# Official Docker images are in the form library/ while non-official +# images are in the form /. +FROM docker.io/library/python:3.12.0-alpine ARG VERSION From bac905d70cceb6ee76b1322c0394041246f9785e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 13 Feb 2024 05:05:50 -0500 Subject: [PATCH 02/25] Use a specific version of Alpine Linux Use the full tag that includes the Alpine Linux version to ensure the pulled image is always the same. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e4a610d..9c939b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG VERSION=unspecified # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.0-alpine +FROM docker.io/library/python:3.12.0-alpine3.18 ARG VERSION From 5088fdcfae1beac59875ac9ee504143a3b177eac Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:02:56 -0500 Subject: [PATCH 03/25] Install cisagov/skeleton-python-library directly Instead of downloading the source archive, extracting it, and then installing it with pip we instead just let pip directly install the package. --- Dockerfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9c939b7..7492a54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -79,12 +79,7 @@ WORKDIR ${CISA_HOME} # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN wget --output-document sourcecode.tgz \ - https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz \ - && tar --extract --gzip --file sourcecode.tgz --strip-components=1 \ - && pip3 install --no-cache-dir --requirement requirements.txt \ - && ln -snf /run/secrets/quote.txt src/example/data/secret.txt \ - && rm sourcecode.tgz +RUN pip3 install --no-cache-dir https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz ### # Prepare to run From 22aa084d4fb438dde49b07189f64ef9abfd588cb Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:05:26 -0500 Subject: [PATCH 04/25] Remove unused OS package dependencies Since we are now installing cisagov/skeleton-python-library directly with pip we no longer need these OS packages. --- Dockerfile | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7492a54..ce1aa88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,19 +45,6 @@ RUN apk --update --no-cache --quiet upgrade RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} -### -# Dependencies -# -# Note that we use apk --no-cache to avoid writing to a local cache. -# This results in a smaller final image, at the cost of slightly -# longer install times. -### -ENV DEPS \ - ca-certificates \ - openssl \ - py-pip -RUN apk --no-cache --quiet add ${DEPS} - ### # Make sure pip, setuptools, and wheel are the latest versions # From 66032eaac5fdd596af939a774f4751266f8602c2 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:11:44 -0500 Subject: [PATCH 05/25] Change the secret message being checks in tests Now that we are not overwriting the internal Python package file the text we look for must match what is output by default. The Docker Compose secret configuration is left in place to continue to serve as an example and to be leveraged for a future update to cisagov/skeleton-python-library that can provide similar functionality to what was removed in this project. --- tests/container_test.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/container_test.py b/tests/container_test.py index c2e1874..60402a4 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -11,9 +11,7 @@ ENV_VAR = "ECHO_MESSAGE" ENV_VAR_VAL = "Hello World from docker compose!" READY_MESSAGE = "This is a debug message" -SECRET_QUOTE = ( - "There are no secrets better kept than the secrets everybody guesses." # nosec -) +SECRET_QUOTE = "Three may keep a secret, if two of them are dead." # nosec RELEASE_TAG = os.getenv("RELEASE_TAG") VERSION_FILE = "src/version.txt" From 6b36d699dfcca0f5b75820f8f21d91c2a934a8ec Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 13:16:14 -0500 Subject: [PATCH 06/25] Remove package upgrading We should not blindly upgrade all pre-installed packages. This can create inconsistent build results due to changes in installed versions. --- Dockerfile | 9 --------- 1 file changed, 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index ce1aa88..296d03d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,15 +30,6 @@ ARG CISA_USER="cisa" ENV CISA_GROUP=${CISA_USER} ENV CISA_HOME="/home/${CISA_USER}" -### -# Upgrade the system -# -# Note that we use apk --no-cache to avoid writing to a local cache. -# This results in a smaller final image, at the cost of slightly -# longer install times. -### -RUN apk --update --no-cache --quiet upgrade - ### # Create unprivileged user ### From 45f104a687ecea398636d7b0e0aa025ea8cc689d Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 13:21:51 -0500 Subject: [PATCH 07/25] Pin Python packages directly installed Pin the versions of the pip, setuptools, and wheel packages that are installed. --- Dockerfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 296d03d..7ba2012 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,11 @@ ARG CISA_USER="cisa" ENV CISA_GROUP=${CISA_USER} ENV CISA_HOME="/home/${CISA_USER}" +# Versions of the Python packages installed directly +ENV PYTHON_PIP_VERSION=24.0 +ENV PYTHON_SETUPTOOLS_VERSION=69.1.0 +ENV PYTHON_WHEEL_VERSION=0.42.0 + ### # Create unprivileged user ### @@ -37,16 +42,16 @@ RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} ### -# Make sure pip, setuptools, and wheel are the latest versions +# Make sure the specified versions of pip, setuptools, and wheel are installed # # Note that we use pip3 --no-cache-dir to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### RUN pip3 install --no-cache-dir --upgrade \ - pip \ - setuptools \ - wheel + pip==${PYTHON_PIP_VERSION} \ + setuptools==${PYTHON_SETUPTOOLS_VERSION} \ + wheel==${PYTHON_WHEEL_VERSION} WORKDIR ${CISA_HOME} From 446c9b5a19118bddaf3bd3b0cfbd393c03f685c0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 23 Feb 2024 13:14:34 -0500 Subject: [PATCH 08/25] Move WORKDIR instruction We can move this instruction to the end of the Dockerfile now that we are no longer working with files in the Docker container when building. --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ba2012..ca97b41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,8 +53,6 @@ RUN pip3 install --no-cache-dir --upgrade \ setuptools==${PYTHON_SETUPTOOLS_VERSION} \ wheel==${PYTHON_WHEEL_VERSION} -WORKDIR ${CISA_HOME} - ### # Install Python dependencies # @@ -68,6 +66,7 @@ RUN pip3 install --no-cache-dir https://github.com/cisagov/skeleton-python-libra # Prepare to run ### ENV ECHO_MESSAGE="Hello World from Dockerfile" +WORKDIR ${CISA_HOME} USER ${CISA_USER}:${CISA_GROUP} EXPOSE 8080/TCP VOLUME ["/var/log"] From 8534e1d13b8aa685774bb230bab8215100c15b88 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:02:05 -0500 Subject: [PATCH 09/25] Prefer calling pip as a module Instead of relying on `pip3` being on the PATH we instead call the module through the Python executable. This ensures that the `pip` being used is in the same environment as the `python3` being used. --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca97b41..b07e712 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,11 +44,11 @@ RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ ### # Make sure the specified versions of pip, setuptools, and wheel are installed # -# Note that we use pip3 --no-cache-dir to avoid writing to a local +# Note that we use the --no-cache-dir flag to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN pip3 install --no-cache-dir --upgrade \ +RUN python3 -m pip install --no-cache-dir --upgrade \ pip==${PYTHON_PIP_VERSION} \ setuptools==${PYTHON_SETUPTOOLS_VERSION} \ wheel==${PYTHON_WHEEL_VERSION} @@ -56,11 +56,11 @@ RUN pip3 install --no-cache-dir --upgrade \ ### # Install Python dependencies # -# Note that we use pip3 --no-cache-dir to avoid writing to a local +# Note that we use the --no-cache-dir flag to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN pip3 install --no-cache-dir https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz +RUN python3 -m pip install --no-cache-dir https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz ### # Prepare to run From 81137261e4837030c96106ace042469d8651d689 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:13:30 -0500 Subject: [PATCH 10/25] Use a Python virtual environment in the Docker image Using a virtual environment is a Python best practice. We also consolidate all of the Python dependency installation steps into a single RUN instruction. This ensures that Python setup is cached in one layer and mirrors the logical organization of this being a single step. --- Dockerfile | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index b07e712..7416591 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,7 @@ ARG CISA_GID=${CISA_UID} ARG CISA_USER="cisa" ENV CISA_GROUP=${CISA_USER} ENV CISA_HOME="/home/${CISA_USER}" +ENV VIRTUAL_ENV="${CISA_HOME}/.venv" # Versions of the Python packages installed directly ENV PYTHON_PIP_VERSION=24.0 @@ -42,25 +43,32 @@ RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} ### -# Make sure the specified versions of pip, setuptools, and wheel are installed +# Set up a Python virtual environment (venv); install the specified versions of pip, +# setuptools, and wheel into it; and then install the Python dependencies for +# the application. # # Note that we use the --no-cache-dir flag to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN python3 -m pip install --no-cache-dir --upgrade \ - pip==${PYTHON_PIP_VERSION} \ - setuptools==${PYTHON_SETUPTOOLS_VERSION} \ - wheel==${PYTHON_WHEEL_VERSION} +RUN python3 -m venv ${VIRTUAL_ENV} \ + && ${VIRTUAL_ENV}/bin/python3 -m pip install --no-cache-dir --upgrade \ + pip==${PYTHON_PIP_VERSION} \ + setuptools==${PYTHON_SETUPTOOLS_VERSION} \ + wheel==${PYTHON_WHEEL_VERSION} \ + && ${VIRTUAL_ENV}/bin/python3 -m pip install --no-cache-dir --upgrade \ + https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz ### -# Install Python dependencies +# Sym-link the Python binary in the venv to the system-wide Python and add the venv to +# the PATH. # -# Note that we use the --no-cache-dir flag to avoid writing to a local -# cache. This results in a smaller final image, at the cost of -# slightly longer install times. +# Note that we sym-link the Python binary in the venv to the system-wide Python so that +# any calls to `python3` will use our virtual environment. We are using short flags +# because the ln binary in Alpine Linux does not support long flags. ### -RUN python3 -m pip install --no-cache-dir https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz +RUN ln -sf "$(command -v python3)" "${VIRTUAL_ENV}"/bin/python3 +ENV PATH="${VIRTUAL_ENV}/bin:$PATH" ### # Prepare to run From 77b5e3483d2063358c20fe5b04648a9c777a8bdd Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:16:54 -0500 Subject: [PATCH 11/25] Explain `ln` options being used Since we cannot use long options on Alpine Linux we should explain what the short options we are using do. I also changed the order of options so that they are in alphabetical order. Co-authored-by: Shane Frasier --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7416591..1aae8db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,9 +65,10 @@ RUN python3 -m venv ${VIRTUAL_ENV} \ # # Note that we sym-link the Python binary in the venv to the system-wide Python so that # any calls to `python3` will use our virtual environment. We are using short flags -# because the ln binary in Alpine Linux does not support long flags. +# because the ln binary in Alpine Linux does not support long flags. The -f instructs +# ln to remove the existing file and the -s instructs ln to create a symbolic link. ### -RUN ln -sf "$(command -v python3)" "${VIRTUAL_ENV}"/bin/python3 +RUN ln -fs "$(command -v python3)" "${VIRTUAL_ENV}"/bin/python3 ENV PATH="${VIRTUAL_ENV}/bin:$PATH" ### From 2266949b66586021667cce97278bf9cf647d9558 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 27 Feb 2024 18:12:50 -0500 Subject: [PATCH 12/25] Add a pipenv configuration This configuration includes a Pipfile configuration file and the generated Pipfile.lock file that pins to specific versions for the Python dependencies for this project. This will help us ensure repeatable builds. The pipenv package is added as a developmental requirement to support these files. --- requirements-dev.txt | 1 + src/Pipfile | 13 +++++++++++++ src/Pipfile.lock | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 src/Pipfile create mode 100644 src/Pipfile.lock diff --git a/requirements-dev.txt b/requirements-dev.txt index cb51627..bdc1615 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,3 +1,4 @@ --requirement requirements-test.txt ipython +pipenv semver diff --git a/src/Pipfile b/src/Pipfile new file mode 100644 index 0000000..56f2fc9 --- /dev/null +++ b/src/Pipfile @@ -0,0 +1,13 @@ +[[source]] +url = "https://pypi.org/simple" +verify_ssl = true +name = "pypi" + +# List any Python dependencies for the image here +[packages] +# This should match the version of the image +example = {file = "https://github.com/cisagov/skeleton-python-library/archive/v0.0.1.tar.gz"} + +# This version should match the version of Python in the image +[requires] +python_full_version = "3.12.0" diff --git a/src/Pipfile.lock b/src/Pipfile.lock new file mode 100644 index 0000000..d39d053 --- /dev/null +++ b/src/Pipfile.lock @@ -0,0 +1,38 @@ +{ + "_meta": { + "hash": { + "sha256": "654452851fea1eb2c8811649e5efe8873c8ff51f5c14dd27a4a8ebb5b15a27c4" + }, + "pipfile-spec": 6, + "requires": { + "python_full_version": "3.12.0" + }, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "docopt": { + "hashes": [ + "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491" + ], + "version": "==0.6.2" + }, + "example": { + "file": "https://github.com/cisagov/skeleton-python-library/archive/v0.0.1.tar.gz" + }, + "setuptools": { + "hashes": [ + "sha256:02fa291a0471b3a18b2b2481ed902af520c69e8ae0919c13da936542754b4c56", + "sha256:5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8" + ], + "markers": "python_version >= '3.8'", + "version": "==69.1.1" + } + }, + "develop": {} +} From d530d0762e521fe6987ad2981ea387f755f6ac83 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:01:45 -0500 Subject: [PATCH 13/25] Install Python dependencies using pipenv Now that we have a pipenv configuration we will use it to install the Python dependencies for the image. The `build` workflow is updated to no longer pass the VERSION build argument in line with this change. --- .github/workflows/build.yml | 4 ---- Dockerfile | 34 +++++++++++++++++++++++----------- README.md | 2 -- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d8ba132..3208947 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -306,8 +306,6 @@ jobs: id: docker_build uses: docker/build-push-action@v5 with: - build-args: | - VERSION=${{ needs.prepare.outputs.source_version }} cache-from: type=local,src=${{ env.BUILDX_CACHE_DIR }} cache-to: type=local,dest=${{ env.BUILDX_CACHE_DIR }} context: . @@ -459,8 +457,6 @@ jobs: id: docker_build uses: docker/build-push-action@v5 with: - build-args: | - VERSION=${{ needs.prepare.outputs.source_version }} cache-from: type=local,src=${{ env.BUILDX_CACHE_DIR }} cache-to: type=local,dest=${{ env.BUILDX_CACHE_DIR }} context: . diff --git a/Dockerfile b/Dockerfile index 1aae8db..c36ae46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,7 @@ -ARG VERSION=unspecified - # Official Docker images are in the form library/ while non-official # images are in the form /. FROM docker.io/library/python:3.12.0-alpine3.18 -ARG VERSION - ### # For a list of pre-defined annotation keys and value types see: # https://github.com/opencontainers/image-spec/blob/master/annotations.md @@ -33,6 +29,7 @@ ENV VIRTUAL_ENV="${CISA_HOME}/.venv" # Versions of the Python packages installed directly ENV PYTHON_PIP_VERSION=24.0 +ENV PYTHON_PIPENV_VERSION=2023.12.1 ENV PYTHON_SETUPTOOLS_VERSION=69.1.0 ENV PYTHON_WHEEL_VERSION=0.42.0 @@ -43,21 +40,36 @@ RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} ### -# Set up a Python virtual environment (venv); install the specified versions of pip, -# setuptools, and wheel into it; and then install the Python dependencies for -# the application. +# Install the specified version of pipenv; set up a Python virtual environment (venv); +# and install the specified versions of pip, setuptools, and wheel into the venv. # # Note that we use the --no-cache-dir flag to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN python3 -m venv ${VIRTUAL_ENV} \ +RUN python3 -m pip install --no-cache-dir --upgrade pipenv==${PYTHON_PIPENV_VERSION} \ + # Manueally create the virtual environment + && python3 -m venv ${VIRTUAL_ENV} \ + # Ensure the core Python packages are installed in the virtual environment && ${VIRTUAL_ENV}/bin/python3 -m pip install --no-cache-dir --upgrade \ pip==${PYTHON_PIP_VERSION} \ setuptools==${PYTHON_SETUPTOOLS_VERSION} \ - wheel==${PYTHON_WHEEL_VERSION} \ - && ${VIRTUAL_ENV}/bin/python3 -m pip install --no-cache-dir --upgrade \ - https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz + wheel==${PYTHON_WHEEL_VERSION} + +### +# Check the Pipfile configuration and then install the Python dependencies into +# the virtual environment. +# +# Note that pipenv will install into a virtual environment if the VIRTUAL_ENV +# environment variable is set. We are using short flags because the rm binary +# in Alpine Linux does not support long flags. The -f instructs rm to remove +# files without prompting. +### +WORKDIR /tmp +COPY src/Pipfile src/Pipfile.lock ./ +RUN pipenv check --verbose \ + && pipenv install --clear --deploy --extra-pip-args "--no-cache-dir" --verbose \ + && rm -f Pipfile* ### # Sym-link the Python binary in the venv to the system-wide Python and add the venv to diff --git a/README.md b/README.md index 57f8c30..8d926e4 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,6 @@ Build the image locally using this git repository as the [build context](https:/ ```console docker build \ - --build-arg VERSION=0.0.1 \ --tag cisagov/example:0.0.1 \ https://github.com/cisagov/example.git#develop ``` @@ -227,7 +226,6 @@ Docker: docker buildx build \ --file Dockerfile-x \ --platform linux/amd64 \ - --build-arg VERSION=0.0.1 \ --output type=docker \ --tag cisagov/example:0.0.1 . ``` From adfcfdb983af480356324d7cc4354f93cc4c9918 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:09:29 -0500 Subject: [PATCH 14/25] Use a multi-stage Docker build Switch to using a multi-stage build in the Dockerfile. This reduces image size since pipenv and its dependencices are not needed in the final image. It also ensures that the system Python environment is unmodified. --- Dockerfile | 71 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index c36ae46..ca0742e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,11 @@ # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.0-alpine3.18 +FROM docker.io/library/python:3.12.0-alpine3.18 as compile-stage ### -# For a list of pre-defined annotation keys and value types see: -# https://github.com/opencontainers/image-spec/blob/master/annotations.md -# -# Note: Additional labels are added by the build workflow. -### -# github@cisa.dhs.gov is a very generic email distribution, and it is -# unlikely that anyone on that distribution is familiar with the -# particulars of your repository. It is therefore *strongly* -# suggested that you use an email address here that is specific to the -# person or group that maintains this repository; for example: -# LABEL org.opencontainers.image.authors="vm-fusion-dev-group@trio.dhs.gov" -LABEL org.opencontainers.image.authors="github@cisa.dhs.gov" -LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency" - -### -# Unprivileged user setup variables +# Unprivileged user variables ### -ARG CISA_UID=421 -ARG CISA_GID=${CISA_UID} ARG CISA_USER="cisa" -ENV CISA_GROUP=${CISA_USER} ENV CISA_HOME="/home/${CISA_USER}" ENV VIRTUAL_ENV="${CISA_HOME}/.venv" @@ -33,12 +15,6 @@ ENV PYTHON_PIPENV_VERSION=2023.12.1 ENV PYTHON_SETUPTOOLS_VERSION=69.1.0 ENV PYTHON_WHEEL_VERSION=0.42.0 -### -# Create unprivileged user -### -RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ - && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} - ### # Install the specified version of pipenv; set up a Python virtual environment (venv); # and install the specified versions of pip, setuptools, and wheel into the venv. @@ -68,18 +44,53 @@ RUN python3 -m pip install --no-cache-dir --upgrade pipenv==${PYTHON_PIPENV_VERS WORKDIR /tmp COPY src/Pipfile src/Pipfile.lock ./ RUN pipenv check --verbose \ - && pipenv install --clear --deploy --extra-pip-args "--no-cache-dir" --verbose \ - && rm -f Pipfile* + && pipenv install --clear --deploy --extra-pip-args "--no-cache-dir" --verbose + +# Official Docker images are in the form library/ while non-official +# images are in the form /. +FROM docker.io/library/python:3.12.0-alpine3.18 as build-stage + +### +# For a list of pre-defined annotation keys and value types see: +# https://github.com/opencontainers/image-spec/blob/master/annotations.md +# +# Note: Additional labels are added by the build workflow. +### +# github@cisa.dhs.gov is a very generic email distribution, and it is +# unlikely that anyone on that distribution is familiar with the +# particulars of your repository. It is therefore *strongly* +# suggested that you use an email address here that is specific to the +# person or group that maintains this repository; for example: +# LABEL org.opencontainers.image.authors="vm-fusion-dev-group@trio.dhs.gov" +LABEL org.opencontainers.image.authors="github@cisa.dhs.gov" +LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency" + +### +# Unprivileged user setup variables +### +ARG CISA_UID=421 +ARG CISA_GID=${CISA_UID} +ARG CISA_USER="cisa" +ENV CISA_GROUP=${CISA_USER} +ENV CISA_HOME="/home/${CISA_USER}" +ENV VIRTUAL_ENV="${CISA_HOME}/.venv" + +### +# Create unprivileged user +### +RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ + && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} ### -# Sym-link the Python binary in the venv to the system-wide Python and add the venv to -# the PATH. +# Copy in the Python virtual environment created in compile-stage, Sym-link the +# Python binary in the venv to the system-wide Python and add the venv to the PATH. # # Note that we sym-link the Python binary in the venv to the system-wide Python so that # any calls to `python3` will use our virtual environment. We are using short flags # because the ln binary in Alpine Linux does not support long flags. The -f instructs # ln to remove the existing file and the -s instructs ln to create a symbolic link. ### +COPY --from=compile-stage --chown=${CISA_USER}:${CISA_GROUP} ${VIRTUAL_ENV} ${VIRTUAL_ENV} RUN ln -fs "$(command -v python3)" "${VIRTUAL_ENV}"/bin/python3 ENV PATH="${VIRTUAL_ENV}/bin:$PATH" From 8e03ad95147adeb44bd2773b146eb6f752f53b6c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:13:33 -0500 Subject: [PATCH 15/25] Install core Python packages into the system Python environment Install the core Python packages (pip, setuptools, and wheel) into the system Python environment before installing pipenv. This keeps things consistent with our usual approach to Python environments. --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca0742e..96a5126 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,14 +16,21 @@ ENV PYTHON_SETUPTOOLS_VERSION=69.1.0 ENV PYTHON_WHEEL_VERSION=0.42.0 ### -# Install the specified version of pipenv; set up a Python virtual environment (venv); -# and install the specified versions of pip, setuptools, and wheel into the venv. +# Install the specified versions of pip, setuptools, and wheel into the system +# Python environment; install the specified version of pipenv into the system Python +# environment; set up a Python virtual environment (venv); and install the specified +# versions of pip, setuptools, and wheel into the venv. # # Note that we use the --no-cache-dir flag to avoid writing to a local # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN python3 -m pip install --no-cache-dir --upgrade pipenv==${PYTHON_PIPENV_VERSION} \ +RUN python3 -m pip install --no-cache-dir --upgrade \ + pip==${PYTHON_PIP_VERSION} \ + setuptools==${PYTHON_SETUPTOOLS_VERSION} \ + wheel==${PYTHON_WHEEL_VERSION} \ + && python3 -m pip install --no-cache-dir --upgrade \ + pipenv==${PYTHON_PIPENV_VERSION} \ # Manueally create the virtual environment && python3 -m venv ${VIRTUAL_ENV} \ # Ensure the core Python packages are installed in the virtual environment From c45345f60d9f350e59000b2f0b57075803357d5c Mon Sep 17 00:00:00 2001 From: Nick <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 12:04:09 -0500 Subject: [PATCH 16/25] Fix outdated comment in the Dockerfile The comment references a command that is no longer being run. Co-authored-by: Shane Frasier --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96a5126..38cf0a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,9 +44,7 @@ RUN python3 -m pip install --no-cache-dir --upgrade \ # the virtual environment. # # Note that pipenv will install into a virtual environment if the VIRTUAL_ENV -# environment variable is set. We are using short flags because the rm binary -# in Alpine Linux does not support long flags. The -f instructs rm to remove -# files without prompting. +# environment variable is set. ### WORKDIR /tmp COPY src/Pipfile src/Pipfile.lock ./ From d42ae8f61b3d5cfe573ad339ce3ff3a495877c12 Mon Sep 17 00:00:00 2001 From: Nick <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 12:04:51 -0500 Subject: [PATCH 17/25] Fix typo in Dockerfile comment Co-authored-by: dav3r --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 38cf0a4..6a00b36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN python3 -m pip install --no-cache-dir --upgrade \ wheel==${PYTHON_WHEEL_VERSION} \ && python3 -m pip install --no-cache-dir --upgrade \ pipenv==${PYTHON_PIPENV_VERSION} \ - # Manueally create the virtual environment + # Manually create the virtual environment && python3 -m venv ${VIRTUAL_ENV} \ # Ensure the core Python packages are installed in the virtual environment && ${VIRTUAL_ENV}/bin/python3 -m pip install --no-cache-dir --upgrade \ From 2811690f58cd312a0c489e2e4218e607fb96acef Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 29 Feb 2024 13:17:59 -0500 Subject: [PATCH 18/25] Update image tag information in the README Change the tags used in the table to match the version of the project. Previously "1.2.3" was used as an example version but there is no reason not to use the real version of the image. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8d926e4..7ff4648 100644 --- a/README.md +++ b/README.md @@ -139,9 +139,9 @@ containerize. It is recommended that most users use a version tag (e.g. | Image:tag | Description | |-----------|-------------| -|`cisagov/example:1.2.3`| An exact release version. | -|`cisagov/example:1.2`| The most recent release matching the major and minor version numbers. | -|`cisagov/example:1`| The most recent release matching the major version number. | +|`cisagov/example:0.0.1`| An exact release version. | +|`cisagov/example:0.0`| The most recent release matching the major and minor version numbers. | +|`cisagov/example:0`| The most recent release matching the major version number. | |`cisagov/example:edge` | The most recent image built from a merge into the `develop` branch of this repository. | |`cisagov/example:nightly` | A nightly build of the `develop` branch of this repository. | |`cisagov/example:latest`| The most recent release image pushed to a container registry. Pulling an image using the `:latest` tag [should be avoided.](https://vsupalov.com/docker-latest-tag/) | From 5a601fe31e93158a24aaf84104223632113cc509 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:15:07 -0500 Subject: [PATCH 19/25] Add instructions for managing Python dependencies --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 7ff4648..a74bba4 100644 --- a/README.md +++ b/README.md @@ -130,6 +130,35 @@ environment variables. See the 1. Recreate and run the container by following the [previous instructions](#running-with-docker). +## Updating Python dependencies ## + +This image uses [Pipenv] to manage Python dependencies using a [Pipfile](https://github.com/pypa/pipfile). +Both updating dependencies and changing the [Pipenv] configuration in `src/Pipfile` +will result in a modified `src/Pipfile.lock` file that should be committed to the +repository. + +> [!WARNING] +> The `src/Pipfile.lock` as generated will fail `pre-commit` checks due to JSON formatting. + +### Updating dependencies ### + +If you want to update existing dependencies you would run the following command +in the `src/` subdirectory: + +```console +pipenv lock +``` + +### Modifying dependencies ### + +If you want to add or remove dependencies you would update the `src/Pipfile` file +and then update dependencies as you would above. + +> [!NOTE] +> You should only specify packages that are explicitly needed for your Docker +> configuration. Allow [Pipenv] to manage the dependencies of the specified +> packages. + ## Image tags ## The images of this container are tagged with [semantic @@ -254,3 +283,5 @@ dedication](https://creativecommons.org/publicdomain/zero/1.0/). All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest. + +[Pipenv]: https://pypi.org/project/pipenv/ From 0d7cc8fb294517fbc532ead8d7fcb450e44ccf77 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:20:07 -0500 Subject: [PATCH 20/25] Bump setuptools from 69.1.0 to 69.1.1 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6a00b36..4af43cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ ENV VIRTUAL_ENV="${CISA_HOME}/.venv" # Versions of the Python packages installed directly ENV PYTHON_PIP_VERSION=24.0 ENV PYTHON_PIPENV_VERSION=2023.12.1 -ENV PYTHON_SETUPTOOLS_VERSION=69.1.0 +ENV PYTHON_SETUPTOOLS_VERSION=69.1.1 ENV PYTHON_WHEEL_VERSION=0.42.0 ### From b28481f0f53f6eaf072c972869c9b215efec29fb Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:21:44 -0500 Subject: [PATCH 21/25] Bump Python from 3.12.0 to 3.12.2 --- Dockerfile | 4 ++-- src/Pipfile | 2 +- src/Pipfile.lock | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4af43cc..e78325e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.0-alpine3.18 as compile-stage +FROM docker.io/library/python:3.12.2-alpine3.18 as compile-stage ### # Unprivileged user variables @@ -53,7 +53,7 @@ RUN pipenv check --verbose \ # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.0-alpine3.18 as build-stage +FROM docker.io/library/python:3.12.2-alpine3.18 as build-stage ### # For a list of pre-defined annotation keys and value types see: diff --git a/src/Pipfile b/src/Pipfile index 56f2fc9..4df9a57 100644 --- a/src/Pipfile +++ b/src/Pipfile @@ -10,4 +10,4 @@ example = {file = "https://github.com/cisagov/skeleton-python-library/archive/v0 # This version should match the version of Python in the image [requires] -python_full_version = "3.12.0" +python_full_version = "3.12.2" diff --git a/src/Pipfile.lock b/src/Pipfile.lock index d39d053..95333e6 100644 --- a/src/Pipfile.lock +++ b/src/Pipfile.lock @@ -1,11 +1,11 @@ { "_meta": { "hash": { - "sha256": "654452851fea1eb2c8811649e5efe8873c8ff51f5c14dd27a4a8ebb5b15a27c4" + "sha256": "18956d92f029b8a57000e268dee96409725be2949018c193cedd3d1e9744d878" }, "pipfile-spec": 6, "requires": { - "python_full_version": "3.12.0" + "python_full_version": "3.12.2" }, "sources": [ { From fff262b7607fc13f0e82717ce571d4af8553807c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:22:25 -0500 Subject: [PATCH 22/25] Bump Alpine Linux from 3.18 to 3.19 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e78325e..836dbf7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.2-alpine3.18 as compile-stage +FROM docker.io/library/python:3.12.2-alpine3.19 as compile-stage ### # Unprivileged user variables @@ -53,7 +53,7 @@ RUN pipenv check --verbose \ # Official Docker images are in the form library/ while non-official # images are in the form /. -FROM docker.io/library/python:3.12.2-alpine3.18 as build-stage +FROM docker.io/library/python:3.12.2-alpine3.19 as build-stage ### # For a list of pre-defined annotation keys and value types see: From dd7d9823ee990d2fb5a8dcc5e46308d3544ed6bf Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:27:43 -0500 Subject: [PATCH 23/25] Bump cisagov/skeleton-python-library from 0.0.1 to 0.2.0 Update the Dockerfile and testing to accommodate changes in the new version. --- Dockerfile | 2 +- src/Pipfile | 2 +- src/Pipfile.lock | 19 +++++++++++++++++-- tests/container_test.py | 2 ++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 836dbf7..c40e756 100644 --- a/Dockerfile +++ b/Dockerfile @@ -108,4 +108,4 @@ USER ${CISA_USER}:${CISA_GROUP} EXPOSE 8080/TCP VOLUME ["/var/log"] ENTRYPOINT ["example"] -CMD ["--log-level", "DEBUG"] +CMD ["--log-level", "DEBUG", "8", "2"] diff --git a/src/Pipfile b/src/Pipfile index 4df9a57..6480562 100644 --- a/src/Pipfile +++ b/src/Pipfile @@ -6,7 +6,7 @@ name = "pypi" # List any Python dependencies for the image here [packages] # This should match the version of the image -example = {file = "https://github.com/cisagov/skeleton-python-library/archive/v0.0.1.tar.gz"} +example = {file = "https://github.com/cisagov/skeleton-python-library/archive/v0.2.0.tar.gz"} # This version should match the version of Python in the image [requires] diff --git a/src/Pipfile.lock b/src/Pipfile.lock index 95333e6..6afbec3 100644 --- a/src/Pipfile.lock +++ b/src/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "18956d92f029b8a57000e268dee96409725be2949018c193cedd3d1e9744d878" + "sha256": "ad65a437d348bca066601e0d05a14c0ee23e38b59d8d8e71558cb17c57259f6b" }, "pipfile-spec": 6, "requires": { @@ -16,6 +16,14 @@ ] }, "default": { + "contextlib2": { + "hashes": [ + "sha256:3fbdb64466afd23abaf6c977627b75b6139a5a3e8ce38405c5b413aed7a0471f", + "sha256:ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869" + ], + "markers": "python_version >= '3.6'", + "version": "==21.6.0" + }, "docopt": { "hashes": [ "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491" @@ -23,7 +31,14 @@ "version": "==0.6.2" }, "example": { - "file": "https://github.com/cisagov/skeleton-python-library/archive/v0.0.1.tar.gz" + "file": "https://github.com/cisagov/skeleton-python-library/archive/v0.2.0.tar.gz" + }, + "schema": { + "hashes": [ + "sha256:f06717112c61895cabc4707752b88716e8420a8819d71404501e114f91043197", + "sha256:f3ffdeeada09ec34bf40d7d79996d9f7175db93b7a5065de0faa7f41083c1e6c" + ], + "version": "==0.7.5" }, "setuptools": { "hashes": [ diff --git a/tests/container_test.py b/tests/container_test.py index 60402a4..be6171f 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -11,6 +11,7 @@ ENV_VAR = "ECHO_MESSAGE" ENV_VAR_VAL = "Hello World from docker compose!" READY_MESSAGE = "This is a debug message" +DIVISION_MESSAGE = "8 / 2 == 4.000000" SECRET_QUOTE = "Three may keep a secret, if two of them are dead." # nosec RELEASE_TAG = os.getenv("RELEASE_TAG") VERSION_FILE = "src/version.txt" @@ -53,6 +54,7 @@ def test_output(dockerc, main_container): # make sure container exited if running test isolated dockerc.wait(main_container.id) log_output = main_container.logs() + assert DIVISION_MESSAGE in log_output, "Division message not found in log output." assert SECRET_QUOTE in log_output, "Secret not found in log output." From e054517866bf437c3ad2867fbd83c0dea9c3bbd7 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 4 Mar 2024 16:23:04 -0500 Subject: [PATCH 24/25] Bump version from 0.0.1 to 0.2.0 --- README.md | 18 +++++++++--------- src/version.txt | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a74bba4..306552f 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ appropriate for Docker containers and the major languages that we use. To run the `cisagov/example` image via Docker: ```console -docker run cisagov/example:0.0.1 +docker run cisagov/example:0.2.0 ``` ### Running with Docker Compose ### @@ -37,7 +37,7 @@ docker run cisagov/example:0.0.1 services: example: - image: cisagov/example:0.0.1 + image: cisagov/example:0.2.0 volumes: - type: bind source: @@ -82,7 +82,7 @@ environment variables. See the services: example: - image: cisagov/example:0.0.1 + image: cisagov/example:0.2.0 volumes: - type: bind source: @@ -125,7 +125,7 @@ environment variables. See the 1. Pull the new image: ```console - docker pull cisagov/example:0.0.1 + docker pull cisagov/example:0.2.0 ``` 1. Recreate and run the container by following the [previous instructions](#running-with-docker). @@ -164,12 +164,12 @@ and then update dependencies as you would above. The images of this container are tagged with [semantic versions](https://semver.org) of the underlying example project that they containerize. It is recommended that most users use a version tag (e.g. -`:0.0.1`). +`:0.2.0`). | Image:tag | Description | |-----------|-------------| -|`cisagov/example:0.0.1`| An exact release version. | -|`cisagov/example:0.0`| The most recent release matching the major and minor version numbers. | +|`cisagov/example:0.2.0`| An exact release version. | +|`cisagov/example:0.2`| The most recent release matching the major and minor version numbers. | |`cisagov/example:0`| The most recent release matching the major version number. | |`cisagov/example:edge` | The most recent image built from a merge into the `develop` branch of this repository. | |`cisagov/example:nightly` | A nightly build of the `develop` branch of this repository. | @@ -225,7 +225,7 @@ Build the image locally using this git repository as the [build context](https:/ ```console docker build \ - --tag cisagov/example:0.0.1 \ + --tag cisagov/example:0.2.0 \ https://github.com/cisagov/example.git#develop ``` @@ -256,7 +256,7 @@ Docker: --file Dockerfile-x \ --platform linux/amd64 \ --output type=docker \ - --tag cisagov/example:0.0.1 . + --tag cisagov/example:0.2.0 . ``` ## New repositories from a skeleton ## diff --git a/src/version.txt b/src/version.txt index f102a9c..d3ec452 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.0.1" +__version__ = "0.2.0" From ae46c280e3af456b59c271c85c95719180cb6da2 Mon Sep 17 00:00:00 2001 From: Nick <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 Mar 2024 17:17:44 -0400 Subject: [PATCH 25/25] Correct usage of the term "symlink" Co-authored-by: dav3r --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c40e756..8dc0ad5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -87,10 +87,10 @@ RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} ### -# Copy in the Python virtual environment created in compile-stage, Sym-link the +# Copy in the Python virtual environment created in compile-stage, symlink the # Python binary in the venv to the system-wide Python and add the venv to the PATH. # -# Note that we sym-link the Python binary in the venv to the system-wide Python so that +# Note that we symlink the Python binary in the venv to the system-wide Python so that # any calls to `python3` will use our virtual environment. We are using short flags # because the ln binary in Alpine Linux does not support long flags. The -f instructs # ln to remove the existing file and the -s instructs ln to create a symbolic link.