update python in docker files

[sbryngelson]

User description

PR Type

Enhancement

---

Description

• Upgrade Python from default version to Python 3.11

• Add deadsnakes PPA for Python 3.11 availability

• Replace python3-pip with python3.11-distutils package

• Configure python3 symlink to point to Python 3.11

---

Diagram Walkthrough

flowchart LR
  A["Add deadsnakes PPA"] --> B["Install Python 3.11"]
  B --> C["Update python3 symlink"]
  C --> D["Python 3.11 ready"]

Loading

File Walkthrough

Relevant files

Configuration changes

Dockerfile Upgrade Dockerfile to use Python 3.11                                        .github/Dockerfile Added deadsnakes PPA repository setup with required dependencies Replaced default python3 with explicit python3.11 installation Replaced python3-pip with python3.11-distutils package Added update-alternatives command to set python3 symlink to python3.11 Applied changes to both GPU and non-GPU build paths +8/-4

---

Note

Moves Docker build to Python 3.11, configuring python3 alternative and adding deadsnakes PPA and required packages.

• Docker (.github/Dockerfile):
  • Add deadsnakes PPA and install software-properties-common, ca-certificates, gnupg.
  • Replace python3 packages with python3.11 equivalents (python3.11, python3.11-venv, python3.11-distutils).
  • Set python3 alternative to /usr/bin/python3.11.
  • Retain MPI/FFTW dependencies; apply changes in both CPU and GPU paths.

^{Written by Cursor Bugbot for commit d9ea3c0. Configure here.}

---

CodeAnt-AI Description

Use Python 3.11 as the default runtime in Docker images

What Changed

• Docker build now installs Python 3.11 (including venv and distutils) instead of the distribution python3 package
• Adds the deadsnakes PPA so Python 3.11 is available during image build
• Ensures /usr/bin/python3 points to Python 3.11 in both GPU and non-GPU images
• Removes the previous python3-pip package and provides python3.11-distutils for building/installing packages

Impact

✅ Runs user code with Python 3.11 inside official Docker images
✅ Can create Python 3.11 virtual environments during image build
✅ Consistent python3 runtime across GPU and CPU container builds

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

Summary by CodeRabbit

• Chores
  • Updated build environment to utilize Python 3.11 instead of Python 3
  • Added necessary build prerequisites and updated related package dependencies
  • Configured Python 3.11 as the default Python version in the build pipeline

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Possible Issue The change removes python3-pip and replaces it with python3.11-distutils. distutils does not provide pip, so any downstream steps or tooling that expect pip (or python -m pip) may fail at build/runtime. Consider explicitly installing python3.11-pip (or python3-pip) or ensuring the image is never expected to install Python packages. python3.11 python3.11-venv python3.11-distutils \ openmpi-bin libopenmpi-dev libfftw3-dev \ mpich libmpich-dev; \ else \ apt-get install -y \ build-essential git make cmake bc \ python3.11 python3.11-venv python3.11-distutils \ libfftw3-dev \ Duplication The package lists for GPU and non-GPU branches duplicate the Python 3.11 packages and most build dependencies. This increases maintenance overhead and risk of drift between the branches; consider installing the shared packages once, then conditionally adding only the GPU/non-GPU-specific ones. if [ "$TARGET" != "gpu" ]; then \ apt-get install -y \ build-essential git make cmake gcc g++ gfortran bc \ python3.11 python3.11-venv python3.11-distutils \ openmpi-bin libopenmpi-dev libfftw3-dev \ mpich libmpich-dev; \ else \ apt-get install -y \ build-essential git make cmake bc \ python3.11 python3.11-venv python3.11-distutils \ libfftw3-dev \ openmpi-bin libopenmpi-dev; \ fi && \ Reliability Adding the deadsnakes PPA inside the image can reduce build reproducibility and occasionally break due to key/repo availability changes. It’s worth validating the base image/OS version compatibility, and considering pinning or documenting the expected Ubuntu release (since deadsnakes support varies by release). apt-get install -y software-properties-common ca-certificates gnupg && \ add-apt-repository ppa:deadsnakes/ppa && \ apt-get update -y && \ if [ "$TARGET" != "gpu" ]; then \

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The Dockerfile was updated to use Python 3.11 instead of the default Python 3. This involved adding the deadsnakes PPA, installing prerequisites, updating package references to python3.11 variants across both GPU and non-GPU build targets, and setting python3 to point to Python 3.11 via update-alternatives.

Changes

Cohort / File(s)	Summary
Python 3.11 upgrade \\.github/Dockerfile	Added deadsnakes PPA, prerequisites (software-properties-common, ca-certificates, gnupg), and updated all python3/python3-venv references to python3.11 variants in both GPU and non-GPU build stages; added update-alternatives to set python3 to Python 3.11

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

• Single configuration file with straightforward, repetitive package version updates
• Changes follow a consistent pattern across GPU and non-GPU targets
• No complex logic or control flow modifications to validate

Poem

🐰 A hop, skip, and version bump—
Python 3.11 at last we've got!
With deadsnakes PPA and a faithful path,
Our Docker builds now feature Python's newer craft. 🐍

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'update python in docker files' is concise and accurately summarizes the main change of upgrading Python in the Dockerfile.
Description check	✅ Passed	The description is comprehensive with clear sections covering the change overview, type (enhancement), detailed description, visual walkthrough, and file-level details, though some optional template sections like testing and checklist items are not addressed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Suggestion: Remove the deadsnakes PPA and software-properties-common after use to reduce the final image size and potential security vulnerabilities. [general, importance: 6]

Suggested change

	RUN apt-get update -y && \
	apt-get install -y software-properties-common ca-certificates gnupg && \
	add-apt-repository ppa:deadsnakes/ppa && \
	apt-get update -y && \
	if [ "$TARGET" != "gpu" ]; then \
	apt-get install -y \
	build-essential git make cmake gcc g++ gfortran bc\
	python3 python3-venv python3-pip \
	build-essential git make cmake gcc g++ gfortran bc \
	python3.11 python3.11-venv python3.11-distutils \
	openmpi-bin libopenmpi-dev libfftw3-dev \
	mpich libmpich-dev; \
	else \
	apt-get install -y \
	build-essential git make cmake bc\
	python3 python3-venv python3-pip \
	build-essential git make cmake bc \
	python3.11 python3.11-venv python3.11-distutils \
	libfftw3-dev \
	openmpi-bin libopenmpi-dev; \
	fi && \
	update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 2 && \
	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
	RUN apt-get update -y && \
	apt-get install -y software-properties-common ca-certificates gnupg && \
	add-apt-repository ppa:deadsnakes/ppa && \
	apt-get update -y && \
	if [ "$TARGET" != "gpu" ]; then \
	apt-get install -y \
	build-essential git make cmake gcc g++ gfortran bc \
	python3.11 python3.11-venv python3.11-distutils \
	openmpi-bin libopenmpi-dev libfftw3-dev \
	mpich libmpich-dev; \
	else \
	apt-get install -y \
	build-essential git make cmake bc \
	python3.11 python3.11-venv python3.11-distutils \
	libfftw3-dev \
	openmpi-bin libopenmpi-dev; \
	fi && \
	update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 2 && \
	add-apt-repository --remove ppa:deadsnakes/ppa && \
	apt-get purge -y --auto-remove software-properties-common && \
	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

[qodo-code-review]

Suggestion: Add the -y flag to the add-apt-repository command to prevent it from blocking during non-interactive builds. [possible issue, importance: 7]

Suggested change

	add-apt-repository ppa:deadsnakes/ppa && \
	add-apt-repository -y ppa:deadsnakes/ppa && \

[qodo-code-review]

✅ Suggestion: Add the python3.11-pip package to the apt-get install command to ensure pip is available for Python 3.11. [general, importance: 9]

Suggested change

	python3.11 python3.11-venv python3.11-distutils \
	python3.11 python3.11-venv python3.11-distutils python3.11-pip \

[cubic-dev-ai]

No issues found across 1 file

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Missing pip / tooling The change removes python3-pip and only installs python3.11-distutils and python3.11-venv. Those do not provide a system pip for Python 3.11. Any build or scripts expecting pip or python3 -m pip may break. The PR should ensure pip is installed for Python 3.11 or explicitly document how pip will be installed later. Third-party PPA compatibility The Dockerfile unconditionally adds the deadsnakes PPA. This will fail or be inappropriate if the base image is not an Ubuntu-based image (Debian, alpine, etc.). The PR does not guard or detect the base image before calling add-apt-repository, which may cause builds to fail on non-Ubuntu base images. update-alternatives behaviour The update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 2 may not set python3 as the default if another alternative has higher priority already. For reproducible builds you should either set the alternative explicitly or choose priority/management strategy so the expected python3 points to python3.11.

[Copilot]

Pull request overview

This PR updates the Python version in the Docker build configuration from the system default Python 3 to Python 3.11. The change aligns with MFC's minimum Python version requirement of 3.11 specified in toolchain/bootstrap/python.sh.

Key Changes

• Adds the deadsnakes PPA repository to access Python 3.11 packages on Ubuntu
• Replaces generic python3 packages with version-specific python3.11 packages
• Configures Python 3.11 as the default python3 binary using update-alternatives

[Copilot]

The package python3.11-distutils does not exist in the deadsnakes PPA. The distutils module was deprecated in Python 3.10 and removed in Python 3.12. For Python 3.11, you should either:

1. Add python3-pip back to install pip directly, or
2. Remove this package and rely on ensurepip (already available in Python 3.11's standard library)

Since the bootstrap script at toolchain/bootstrap/python.sh already handles pip installation via ensurepip when pip is not available, the recommended approach is to remove python3.11-distutils and add python3-pip for explicit pip installation, or simply rely on the bootstrap script's ensurepip fallback.

[Copilot]

The priority value in update-alternatives is set to 2, which is unusually low. Standard practice is to use higher priority values (e.g., 100 or higher) to ensure the intended version takes precedence. While this may work in a container environment where only Python 3.11 is installed, consider using a more conventional priority value like 100 to follow best practices and avoid potential conflicts.

Suggested change

	update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 2 && \
	update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 100 && \

[Copilot]

This Dockerfile adds the third-party ppa:deadsnakes/ppa repository and installs packages from it during the build, creating a supply chain risk: if that PPA or its signing key is compromised, attackers could ship malicious Python binaries that run with root privileges in CI and access build secrets or modify artifacts. Prefer using only official distro/python images or vendor repositories, or at minimum pin packages to trusted sources and specific versions with integrity verification to limit this attack surface.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

.github/Dockerfile (3)

11-14: Multiple best practices and risk concerns already flagged.

Previous reviewers have identified several issues in this section:

• Missing -y flag on add-apt-repository (line 13) can cause interactive prompts during build
• Missing DEBIAN_FRONTEND=noninteractive and --no-install-recommends flags increase image size
• Supply chain risk from third-party deadsnakes PPA
• PPA not removed after installation

Please address the existing review comments on these lines.

---

23-24: Same pip verification applies here.

The GPU target uses the same python3-pip approach. See the verification comment on lines 17-18 regarding potential compatibility with Python 3.11.

---

28-28: Low priority value already flagged.

A previous reviewer noted that the priority value of 2 is unconventionally low and recommended using 100 or higher to follow best practices.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 46ffb97 and 951d670.

📒 Files selected for processing (1)

• .github/Dockerfile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build & Publish

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cd .github && cat -n Dockerfile | head -40

Repository: MFlowCode/MFC

Length of output: 1503

---

Replace python3-pip with python3.11-full to ensure pip compatibility with Python 3.11.

The generic python3-pip package is built for the base image's default Python version (3.10 on Ubuntu 22.04), not for Python 3.11. Using it as the default Python after update-alternatives can cause compatibility issues. Instead, use python3.11-full which includes the pip package manager for Python 3.11, or run python3.11 -m ensurepip after installation. This ensures pip is properly configured for the version being set as default.

🤖 Prompt for AI Agents

.github/Dockerfile lines 17-18: replace the apt package `python3-pip` with
`python3.11-full` (or alternatively install pip for 3.11 via `python3.11 -m
ensurepip`) because `python3-pip` targets the distro default Python (3.10) and
can cause pip/version mismatches after switching to Python 3.11; update the
package list to include `python3.11-full` so pip is installed and configured for
Python 3.11, or install/ensure pip for 3.11 immediately after installing Python
3.11.