Merge branch '31-create-and-release-a-new-base-image-based-on-py3-9-b…

…ookworm' into 'master'

Resolve "Create and release a new base image based on py3.9-bookworm"

Closes #31

See merge request divio/cloud/base-images!29

py3.9-slim-bookworm/CHANGELOG.rst

@@ -0,0 +1,7 @@
+Changelog
+=========
+
+1.0 (2023-10-12)
+----------------
+
+* Initial release of Python 3.9 / Debian Bookworm base image.

py3.9-slim-bookworm/Dockerfile

@@ -0,0 +1,151 @@
+# hadolint global ignore=DL3059
+FROM python:3.9.17-slim-bookworm AS build
+
+ARG TARGET=prod
+ARG TARGETARCH
+ARG TINI_VERSION=0.19.0
+ARG PIP_VERSION=23.1.2
+ARG PIPREQS_VERSION=0.11.0
+ARG START_VERSION=0.2
+
+ENV PYTHONUNBUFFERED=1 \
+    PATH=/root/.local/bin:$PATH \
+    PROCFILE_PATH=/app/Procfile \
+    LC_ALL=C.UTF-8
+
+RUN mkdir -p /usr/share/man/man1/ /usr/share/man/man7/
+
+RUN apt-get update && apt-get upgrade -y
+
+# Dependencies
+# hadolint ignore=DL3008
+RUN apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gettext \
+        libcairo2 \
+        libcap2-bin \
+        libffi8 \
+        libfreetype6 \
+        libjpeg62-turbo \
+        libopenjp2-7 \
+        libpcre3 \
+        libssl3 \
+        libtiff6 \
+        libxslt1.1 \
+        libyaml-0-2 \
+        mime-support \
+        postgresql-client-15 \
+        wget \
+        zlib1g
+
+# hadolint ignore=DL3008
+RUN if [ "$TARGET" = "dev" ] ; then apt-get install -y --no-install-recommends \
+        autoconf \
+        automake \
+        autotools-dev \
+        build-essential \
+        cmake \
+        gcc \
+        gfortran \
+        libatlas-base-dev \
+        libopenblas-dev \
+        libcairo2-dev \
+        libffi-dev \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        liblapack-dev \
+        liblcms2-dev \
+        libopenjp2-7-dev \
+        libpcre3-dev \
+        libpq-dev \
+        libssl-dev \
+        libtiff-dev \
+        libwebp-dev \
+        libxslt-dev \
+        libyaml-dev \
+        ninja-build \
+        pkg-config \
+        zlib1g-dev \
+    ; fi
+
+# Workaround for a bug in hub.docker.com
+RUN ln -s -f /bin/true /usr/bin/chfn
+
+# Install tini
+RUN if [ "$TARGETARCH" = "arm64" ] ; then \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-arm64 ; \
+    else \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini ; \
+    fi
+RUN chmod +x /tini
+
+# Python environment setup
+RUN pip install --no-cache-dir pip==${PIP_VERSION}
+RUN pip install --no-cache-dir pip-reqs==${PIPREQS_VERSION}
+RUN pip install --no-cache-dir start==${START_VERSION}
+
+# TODO: Avoid the need for pip-tools
+# hadolint ignore=DL3013
+RUN if [ "$TARGET" = "dev" ] ; then \
+        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel ; \
+    fi
+
+COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.py
+RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.pth
+
+# Cleanup
+RUN apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf \
+        /var/lib/apt/lists/* \
+        /tmp/* \
+        /root/.cache \
+        /var/cache/apt/archives/partial \
+        /var/log/apt/term.log \
+        /run/utmp \
+        /var/log/wtmp \
+        /var/log/btmp \
+        /var/log/lastlog
+
+# Application environment setup
+RUN mkdir -p /app /data
+
+# The group of the following files has to be changed to root for multistage
+# builds to work with userns remapping enabled. This is a bug in the Docker
+# legacy builder: https://github.com/moby/moby/issues/34645
+
+# Initially belonging to group staff
+RUN chgrp -R root /usr/local /var/local
+
+# Initially belonging to group shadow
+RUN chgrp root \
+    /etc/gshadow \
+    /etc/shadow \
+    /usr/bin/expiry \
+    /usr/bin/chage \
+    /sbin/unix_chkpwd
+
+# Initially belonging to group tty
+RUN chgrp root /usr/bin/wall
+
+# Initially belonging to group mail
+RUN chgrp root /var/mail
+
+
+FROM scratch
+COPY --from=build / /
+
+# Execution environment setup
+RUN useradd --create-home --user-group -u 1000 app
+ENV LC_ALL=C.UTF-8 \
+    NVM_DIR=/opt/nvm \
+    PATH=/root/.local/bin:$PATH \
+    PIP_REQUIRE_VIRTUALENV=false \
+    PROCFILE_PATH=/app/Procfile \
+    PYTHONUNBUFFERED=1 \
+    WHEELS_PLATFORM=bookworm-py39
+WORKDIR /app
+EXPOSE 80/tcp 443/tcp
+ENTRYPOINT ["/tini", "-g", "--"]
+CMD ["start", "web"]

py3.9-slim-bookworm/add_addons_dev_to_syspath.py

@@ -0,0 +1,16 @@
+# adds all directories in /app/addons-dev to sys.path
+import os
+import sys
+
+
+base_path = os.environ.get('ADDONS_DEV_PATH', '/app/addons-dev')
+
+
+if os.path.exists(base_path):
+    all_directories_in_base_path = next(os.walk(base_path))[1]
+    for pkg in sorted(all_directories_in_base_path, reverse=True):
+        # sorted in reverse so they end up in alphabetical order (insert(0)
+        # reverses the order)
+        pkg_dir = os.path.join(base_path, pkg)
+        if pkg_dir not in sys.path:
+            sys.path.insert(0, pkg_dir)