From bfd67ad6ca2af6923aac2329ea81fc97df28639d Mon Sep 17 00:00:00 2001
From: Florian Scherf <florian.scherf@divio.ch>
Date: Thu, 12 Oct 2023 14:22:31 +0200
Subject: [PATCH 1/3] add base image for py3.9.17 on debian bookworm

Signed-off-by: Florian Scherf <florian.scherf@divio.ch>
---
 py3.9-slim-bookworm/CHANGELOG.rst             |   7 +
 py3.9-slim-bookworm/Dockerfile                | 145 ++++++++++++++++++
 .../add_addons_dev_to_syspath.py              |  16 ++
 3 files changed, 168 insertions(+)
 create mode 100644 py3.9-slim-bookworm/CHANGELOG.rst
 create mode 100644 py3.9-slim-bookworm/Dockerfile
 create mode 100644 py3.9-slim-bookworm/add_addons_dev_to_syspath.py

diff --git a/py3.9-slim-bookworm/CHANGELOG.rst b/py3.9-slim-bookworm/CHANGELOG.rst
new file mode 100644
index 0000000..08c6dcc
--- /dev/null
+++ b/py3.9-slim-bookworm/CHANGELOG.rst
@@ -0,0 +1,7 @@
+Changelog
+=========
+
+1.0 (2023-10-12)
+----------------
+
+* Initial release of Python 3.9 / Debian Bookworm base image.
diff --git a/py3.9-slim-bookworm/Dockerfile b/py3.9-slim-bookworm/Dockerfile
new file mode 100644
index 0000000..b0da1af
--- /dev/null
+++ b/py3.9-slim-bookworm/Dockerfile
@@ -0,0 +1,145 @@
+# hadolint global ignore=DL3059
+FROM python:3.9.17-slim-bookworm AS build
+
+ARG TARGET=prod
+ARG TARGETARCH
+
+ENV PYTHONUNBUFFERED=1 \
+    PATH=/root/.local/bin:$PATH \
+    PROCFILE_PATH=/app/Procfile \
+    LC_ALL=C.UTF-8
+
+RUN mkdir -p /usr/share/man/man1/ /usr/share/man/man7/
+
+RUN apt-get update && apt-get upgrade -y
+
+# Dependencies
+# hadolint ignore=DL3008
+RUN apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gettext \
+        libcairo2 \
+        libcap2-bin \
+        libffi8 \
+        libfreetype6 \
+        libjpeg62-turbo \
+        libopenjp2-7 \
+        libpcre3 \
+        libssl3 \
+        libtiff6 \
+        libxslt1.1 \
+        libyaml-0-2 \
+        mime-support \
+        postgresql-client-15 \
+        wget \
+        zlib1g
+
+# hadolint ignore=DL3008
+RUN if [ "$TARGET" = "dev" ] ; then apt-get install -y --no-install-recommends \
+        autoconf \
+        automake \
+        autotools-dev \
+        build-essential \
+        cmake \
+        gcc \
+        gfortran \
+        libatlas-base-dev \
+        libopenblas-dev \
+        libcairo2-dev \
+        libffi-dev \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        liblapack-dev \
+        liblcms2-dev \
+        libopenjp2-7-dev \
+        libpcre3-dev \
+        libpq-dev \
+        libssl-dev \
+        libtiff-dev \
+        libwebp-dev \
+        libxslt-dev \
+        libyaml-dev \
+        ninja-build \
+        pkg-config \
+        zlib1g-dev \
+    ; fi
+
+# Workaround for a bug in hub.docker.com
+RUN ln -s -f /bin/true /usr/bin/chfn
+
+# Install tini
+RUN if [ "$TARGETARCH" = "arm64" ] ; then curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v0.18.0/tini-arm64 \
+    ; else curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v0.18.0/tini \
+    ; fi
+RUN chmod +x /tini
+
+# Python environment setup
+RUN pip install --no-cache-dir pip==23.1.2
+RUN pip install --no-cache-dir pip-reqs==0.11.0
+RUN pip install --no-cache-dir start==0.2
+
+# TODO: Avoid the need for pip-tools
+# hadolint ignore=DL3013
+RUN if [ "$TARGET" = "dev" ] ; then \
+        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel \
+   ; fi
+
+COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.py
+RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.pth
+
+# Cleanup
+RUN apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf \
+        /var/lib/apt/lists/* \
+        /tmp/* \
+        /root/.cache \
+        /var/cache/apt/archives/partial \
+        /var/log/apt/term.log \
+        /run/utmp \
+        /var/log/wtmp \
+        /var/log/btmp \
+        /var/log/lastlog
+
+# Application environment setup
+RUN mkdir -p /app /data
+
+# The group of the following files has to be changed to root for multistage
+# builds to work with userns remapping enabled. This is a bug in the Docker
+# legacy builder: https://github.com/moby/moby/issues/34645
+
+# Initially belonging to group staff
+RUN chgrp -R root /usr/local /var/local
+
+# Initially belonging to group shadow
+RUN chgrp root \
+    /etc/gshadow \
+    /etc/shadow \
+    /usr/bin/expiry \
+    /usr/bin/chage \
+    /sbin/unix_chkpwd
+
+# Initially belonging to group tty
+RUN chgrp root /usr/bin/wall
+
+# Initially belonging to group mail
+RUN chgrp root /var/mail
+
+
+FROM scratch
+COPY --from=build / /
+
+# Execution environment setup
+RUN useradd --create-home --user-group -u 1000 app
+ENV LC_ALL=C.UTF-8 \
+    NVM_DIR=/opt/nvm \
+    PATH=/root/.local/bin:$PATH \
+    PIP_REQUIRE_VIRTUALENV=false \
+    PROCFILE_PATH=/app/Procfile \
+    PYTHONUNBUFFERED=1 \
+    WHEELS_PLATFORM=buster-py39
+WORKDIR /app
+EXPOSE 80/tcp 443/tcp
+ENTRYPOINT ["/tini", "-g", "--"]
+CMD ["start", "web"]
diff --git a/py3.9-slim-bookworm/add_addons_dev_to_syspath.py b/py3.9-slim-bookworm/add_addons_dev_to_syspath.py
new file mode 100644
index 0000000..6cbe26f
--- /dev/null
+++ b/py3.9-slim-bookworm/add_addons_dev_to_syspath.py
@@ -0,0 +1,16 @@
+# adds all directories in /app/addons-dev to sys.path
+import os
+import sys
+
+
+base_path = os.environ.get('ADDONS_DEV_PATH', '/app/addons-dev')
+
+
+if os.path.exists(base_path):
+    all_directories_in_base_path = next(os.walk(base_path))[1]
+    for pkg in sorted(all_directories_in_base_path, reverse=True):
+        # sorted in reverse so they end up in alphabetical order (insert(0)
+        # reverses the order)
+        pkg_dir = os.path.join(base_path, pkg)
+        if pkg_dir not in sys.path:
+            sys.path.insert(0, pkg_dir)

From 74b60cc2833e60af19632fc483e970d4a1c7a095 Mon Sep 17 00:00:00 2001
From: Florian Scherf <florian.scherf@divio.ch>
Date: Thu, 12 Oct 2023 16:13:40 +0200
Subject: [PATCH 2/3] py3.9-slim-bookworm: docker: fix wheels platform

Signed-off-by: Florian Scherf <florian.scherf@divio.ch>
---
 py3.9-slim-bookworm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/py3.9-slim-bookworm/Dockerfile b/py3.9-slim-bookworm/Dockerfile
index b0da1af..d64b722 100644
--- a/py3.9-slim-bookworm/Dockerfile
+++ b/py3.9-slim-bookworm/Dockerfile
@@ -138,7 +138,7 @@ ENV LC_ALL=C.UTF-8 \
     PIP_REQUIRE_VIRTUALENV=false \
     PROCFILE_PATH=/app/Procfile \
     PYTHONUNBUFFERED=1 \
-    WHEELS_PLATFORM=buster-py39
+    WHEELS_PLATFORM=bookworm-py39
 WORKDIR /app
 EXPOSE 80/tcp 443/tcp
 ENTRYPOINT ["/tini", "-g", "--"]

From c5257e9e3b15239cc8c841e3750d63aa3df9f3e9 Mon Sep 17 00:00:00 2001
From: Jonathan Stoppani <jonathan@stoppani.name>
Date: Tue, 25 Jul 2023 21:38:34 +0200
Subject: [PATCH 3/3] py3.9-slim-bookworm: docker: incorporate the latest
 improvements from py3.11-slim-bookworm

This patch is a port of

    540a8f7e7625 ("Just some updates to trigger a new build")

Signed-off-by: Florian Scherf <florian.scherf@divio.ch>
---
 py3.9-slim-bookworm/Dockerfile | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/py3.9-slim-bookworm/Dockerfile b/py3.9-slim-bookworm/Dockerfile
index d64b722..3b9a42b 100644
--- a/py3.9-slim-bookworm/Dockerfile
+++ b/py3.9-slim-bookworm/Dockerfile
@@ -3,6 +3,10 @@ FROM python:3.9.17-slim-bookworm AS build
 
 ARG TARGET=prod
 ARG TARGETARCH
+ARG TINI_VERSION=0.19.0
+ARG PIP_VERSION=23.1.2
+ARG PIPREQS_VERSION=0.11.0
+ARG START_VERSION=0.2
 
 ENV PYTHONUNBUFFERED=1 \
     PATH=/root/.local/bin:$PATH \
@@ -69,21 +73,23 @@ RUN if [ "$TARGET" = "dev" ] ; then apt-get install -y --no-install-recommends \
 RUN ln -s -f /bin/true /usr/bin/chfn
 
 # Install tini
-RUN if [ "$TARGETARCH" = "arm64" ] ; then curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v0.18.0/tini-arm64 \
-    ; else curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v0.18.0/tini \
-    ; fi
+RUN if [ "$TARGETARCH" = "arm64" ] ; then \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-arm64 ; \
+    else \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini ; \
+    fi
 RUN chmod +x /tini
 
 # Python environment setup
-RUN pip install --no-cache-dir pip==23.1.2
-RUN pip install --no-cache-dir pip-reqs==0.11.0
-RUN pip install --no-cache-dir start==0.2
+RUN pip install --no-cache-dir pip==${PIP_VERSION}
+RUN pip install --no-cache-dir pip-reqs==${PIPREQS_VERSION}
+RUN pip install --no-cache-dir start==${START_VERSION}
 
 # TODO: Avoid the need for pip-tools
 # hadolint ignore=DL3013
 RUN if [ "$TARGET" = "dev" ] ; then \
-        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel \
-   ; fi
+        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel ; \
+    fi
 
 COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.py
 RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.9/site-packages/add_addons_dev_to_syspath.pth