From 8020900bfd4f395367000c9cea09da756c6b6c37 Mon Sep 17 00:00:00 2001
From: Jonathan Stoppani <jonathan@stoppani.name>
Date: Thu, 14 Dec 2023 12:33:15 +0100
Subject: [PATCH 1/2] Initial release of Python 3.12 / slim bookworm base image

---
 py3.12-slim-bookworm/CHANGELOG.rst            |   7 +
 py3.12-slim-bookworm/Dockerfile               | 151 ++++++++++++++++++
 .../add_addons_dev_to_syspath.py              |  16 ++
 3 files changed, 174 insertions(+)
 create mode 100644 py3.12-slim-bookworm/CHANGELOG.rst
 create mode 100644 py3.12-slim-bookworm/Dockerfile
 create mode 100644 py3.12-slim-bookworm/add_addons_dev_to_syspath.py

diff --git a/py3.12-slim-bookworm/CHANGELOG.rst b/py3.12-slim-bookworm/CHANGELOG.rst
new file mode 100644
index 0000000..8ad68d5
--- /dev/null
+++ b/py3.12-slim-bookworm/CHANGELOG.rst
@@ -0,0 +1,7 @@
+Changelog
+=========
+
+1.0 (2023-12-14)
+----------------
+
+* Initial release of Python 3.12 / Debian Bookworm base image.
diff --git a/py3.12-slim-bookworm/Dockerfile b/py3.12-slim-bookworm/Dockerfile
new file mode 100644
index 0000000..b992de2
--- /dev/null
+++ b/py3.12-slim-bookworm/Dockerfile
@@ -0,0 +1,151 @@
+# hadolint global ignore=DL3059
+FROM python:3.12.1-slim-bookworm AS build
+
+ARG TARGET=prod
+ARG TARGETARCH
+ARG TINI_VERSION=0.19.0
+ARG PIP_VERSION=23.3.1
+ARG PIPREQS_VERSION=0.12.0
+ARG START_VERSION=0.2
+
+ENV PYTHONUNBUFFERED=1 \
+    PATH=/root/.local/bin:$PATH \
+    PROCFILE_PATH=/app/Procfile \
+    LC_ALL=C.UTF-8
+
+RUN mkdir -p /usr/share/man/man1/ /usr/share/man/man7/
+
+RUN apt-get update && apt-get upgrade -y
+
+# Dependencies
+# hadolint ignore=DL3008
+RUN apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gettext \
+        libcairo2 \
+        libcap2-bin \
+        libffi8 \
+        libfreetype6 \
+        libjpeg62-turbo \
+        libopenjp2-7 \
+        libpcre3 \
+        libssl3 \
+        libtiff6 \
+        libxslt1.1 \
+        libyaml-0-2 \
+        mime-support \
+        postgresql-client-15 \
+        wget \
+        zlib1g
+
+# hadolint ignore=DL3008
+RUN if [ "$TARGET" = "dev" ] ; then apt-get install -y --no-install-recommends \
+        autoconf \
+        automake \
+        autotools-dev \
+        build-essential \
+        cmake \
+        gcc \
+        gfortran \
+        libatlas-base-dev \
+        libopenblas-dev \
+        libcairo2-dev \
+        libffi-dev \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        liblapack-dev \
+        liblcms2-dev \
+        libopenjp2-7-dev \
+        libpcre3-dev \
+        libpq-dev \
+        libssl-dev \
+        libtiff-dev \
+        libwebp-dev \
+        libxslt-dev \
+        libyaml-dev \
+        ninja-build \
+        pkg-config \
+        zlib1g-dev \
+    ; fi
+
+# Workaround for a bug in hub.docker.com
+RUN ln -s -f /bin/true /usr/bin/chfn
+
+# Install tini
+RUN if [ "$TARGETARCH" = "arm64" ] ; then \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-arm64 ; \
+    else \
+        curl -L --show-error --retry 5 -o /tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini ; \
+    fi
+RUN chmod +x /tini
+
+# Python environment setup
+RUN pip install --no-cache-dir pip==${PIP_VERSION}
+RUN pip install --no-cache-dir pip-reqs==${PIPREQS_VERSION}
+RUN pip install --no-cache-dir start==${START_VERSION}
+
+# TODO: Avoid the need for pip-tools
+# hadolint ignore=DL3013
+RUN if [ "$TARGET" = "dev" ] ; then \
+        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel ; \
+    fi
+
+COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.py
+RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.pth
+
+# Cleanup
+RUN apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf \
+        /var/lib/apt/lists/* \
+        /tmp/* \
+        /root/.cache \
+        /var/cache/apt/archives/partial \
+        /var/log/apt/term.log \
+        /run/utmp \
+        /var/log/wtmp \
+        /var/log/btmp \
+        /var/log/lastlog
+
+# Application environment setup
+RUN mkdir -p /app /data
+
+# The group of the following files has to be changed to root for multistage
+# builds to work with userns remapping enabled. This is a bug in the Docker
+# legacy builder: https://github.com/moby/moby/issues/34645
+
+# Initially belonging to group staff
+RUN chgrp -R root /usr/local /var/local
+
+# Initially belonging to group shadow
+RUN chgrp root \
+    /etc/gshadow \
+    /etc/shadow \
+    /usr/bin/expiry \
+    /usr/bin/chage \
+    /sbin/unix_chkpwd
+
+# Initially belonging to group tty
+RUN chgrp root /usr/bin/wall
+
+# Initially belonging to group mail
+RUN chgrp root /var/mail
+
+
+FROM scratch
+COPY --from=build / /
+
+# Execution environment setup
+RUN useradd --create-home --user-group -u 1000 app
+ENV LC_ALL=C.UTF-8 \
+    NVM_DIR=/opt/nvm \
+    PATH=/root/.local/bin:$PATH \
+    PIP_REQUIRE_VIRTUALENV=false \
+    PROCFILE_PATH=/app/Procfile \
+    PYTHONUNBUFFERED=1 \
+    WHEELS_PLATFORM=bookworm-py312
+WORKDIR /app
+EXPOSE 80/tcp 443/tcp
+ENTRYPOINT ["/tini", "-g", "--"]
+CMD ["start", "web"]
diff --git a/py3.12-slim-bookworm/add_addons_dev_to_syspath.py b/py3.12-slim-bookworm/add_addons_dev_to_syspath.py
new file mode 100644
index 0000000..6cbe26f
--- /dev/null
+++ b/py3.12-slim-bookworm/add_addons_dev_to_syspath.py
@@ -0,0 +1,16 @@
+# adds all directories in /app/addons-dev to sys.path
+import os
+import sys
+
+
+base_path = os.environ.get('ADDONS_DEV_PATH', '/app/addons-dev')
+
+
+if os.path.exists(base_path):
+    all_directories_in_base_path = next(os.walk(base_path))[1]
+    for pkg in sorted(all_directories_in_base_path, reverse=True):
+        # sorted in reverse so they end up in alphabetical order (insert(0)
+        # reverses the order)
+        pkg_dir = os.path.join(base_path, pkg)
+        if pkg_dir not in sys.path:
+            sys.path.insert(0, pkg_dir)

From 475166cd6e748e6e8c5d8cfb53c0ad9786a2d67e Mon Sep 17 00:00:00 2001
From: Jonathan Stoppani <jonathan@stoppani.name>
Date: Thu, 14 Dec 2023 14:32:39 +0100
Subject: [PATCH 2/2] Initial release of Python 3.12 / alpine 3.19 base image

---
 py3.12-alpine3.19/CHANGELOG.rst               |   8 ++
 py3.12-alpine3.19/Dockerfile                  | 119 ++++++++++++++++++
 .../add_addons_dev_to_syspath.py              |  17 +++
 3 files changed, 144 insertions(+)
 create mode 100644 py3.12-alpine3.19/CHANGELOG.rst
 create mode 100644 py3.12-alpine3.19/Dockerfile
 create mode 100644 py3.12-alpine3.19/add_addons_dev_to_syspath.py

diff --git a/py3.12-alpine3.19/CHANGELOG.rst b/py3.12-alpine3.19/CHANGELOG.rst
new file mode 100644
index 0000000..641a891
--- /dev/null
+++ b/py3.12-alpine3.19/CHANGELOG.rst
@@ -0,0 +1,8 @@
+Changelog
+=========
+
+
+1.0 (2023-12-14)
+----------------
+
+* Initial release of Python 3.12 / Alpine 3.19 base image.
diff --git a/py3.12-alpine3.19/Dockerfile b/py3.12-alpine3.19/Dockerfile
new file mode 100644
index 0000000..dae7498
--- /dev/null
+++ b/py3.12-alpine3.19/Dockerfile
@@ -0,0 +1,119 @@
+# hadolint global ignore=DL3059
+FROM python:3.12.1-alpine3.19 AS build
+
+ARG TARGET=prod
+ARG TARGETARCH
+ARG PIP_VERSION=23.3.1
+ARG PIPREQS_VERSION=0.12.0
+ARG START_VERSION=0.2
+
+ENV PATH=/root/.local/bin:$PATH
+
+RUN apk update && apk upgrade
+
+# Dependencies
+# hadolint ignore=DL3018
+RUN apk add --no-cache \
+        curl \
+        freetype \
+        gdal \
+        gettext \
+        jpeg \
+        lcms2 \
+        libffi \
+        openssl \
+        libwebp \
+        libxml2 \
+        libxslt \
+        mailcap \
+        openblas \
+        openjpeg \
+        pcre \
+        postgresql-client \
+        postgresql-libs \
+        proj \
+        tiff \
+        tini \
+        yaml
+
+# hadolint ignore=DL3018
+RUN if [ "$TARGET" = "dev" ] ; then apk add --no-cache \
+        autoconf \
+        automake \
+        blas-dev \
+        cairo-dev \
+        cargo \
+        cmake \
+        freetype-dev \
+        g++ \
+        gcc \
+        gdal-dev \
+        gfortran \
+        ghostscript-dev \
+        imagemagick-dev \
+        jpeg-dev \
+        lapack-dev \
+        lcms2-dev \
+        libffi-dev \
+        openssl-dev \
+        libwebp-dev \
+        libxml2-dev \
+        libxslt-dev \
+        linux-headers \
+        make \
+        musl-dev \
+        openblas-dev \
+        openjpeg-dev \
+        pcre-dev \
+        pkgconf \
+        postgresql-dev \
+        proj-dev \
+        readline-dev \
+        tiff-dev \
+        yaml-dev \
+        zlib-dev \
+    ; fi
+
+# Python environment setup
+# Note: pip 23.2.1 breaks pip-reqs
+RUN pip install --no-cache-dir pip==${PIP_VERSION}
+RUN pip install --no-cache-dir pip-reqs==${PIPREQS_VERSION}
+RUN pip install --no-cache-dir start==${START_VERSION}
+
+# TODO: Avoid the need for pip-tools
+# hadolint ignore=DL3013
+RUN if [ "$TARGET" = "dev" ] ; then \
+        pip install --no-cache-dir pip-tools flit flit-core setuptools-scm poetry auditwheel \
+   ; fi
+
+COPY add_addons_dev_to_syspath.py /usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.py
+RUN echo 'import add_addons_dev_to_syspath' >/usr/local/lib/python3.12/site-packages/add_addons_dev_to_syspath.pth
+
+# Cleanup
+RUN rm -rf /root/.cache
+
+# Application environment setup
+RUN mkdir -p /app
+
+# The group of the following files has to be changed to root for multistage
+# builds to work with userns remapping enabled. This is a bug in the Docker
+# legacy builder: https://github.com/moby/moby/issues/34645
+
+# Initially belonging to group shadow
+RUN chgrp root \
+    /etc/shadow \
+    /etc/shadow-
+
+
+FROM scratch
+COPY --from=build / /
+
+# Execution environment setup
+RUN addgroup -S app && adduser -D -G app -u 1000 app
+ENV WHEELS_PLATFORM=alpine319-py312 \
+    PROCFILE_PATH=/app/Procfile \
+    PATH=/root/.local/bin:$PATH
+WORKDIR /app
+EXPOSE 80/tcp 443/tcp
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["start", "web"]
diff --git a/py3.12-alpine3.19/add_addons_dev_to_syspath.py b/py3.12-alpine3.19/add_addons_dev_to_syspath.py
new file mode 100644
index 0000000..c780d76
--- /dev/null
+++ b/py3.12-alpine3.19/add_addons_dev_to_syspath.py
@@ -0,0 +1,17 @@
+"""
+Adds all directories in /app/addons-dev to sys.path.
+"""
+import os
+import sys
+
+
+base_path = os.environ.get('ADDONS_DEV_PATH', '/app/addons-dev')
+
+if os.path.exists(base_path):
+    all_directories_in_base_path = next(os.walk(base_path))[1]
+    for pkg in sorted(all_directories_in_base_path, reverse=True):
+        # sorted in reverse so they end up in alphabetical order
+        # (insert(0) reverses the order)
+        pkg_dir = os.path.join(base_path, pkg)
+        if pkg_dir not in sys.path:
+            sys.path.insert(0, pkg_dir)