Remove apt-get dist-upgrade and upgrade to Python 3.12 to fix QEMU arm64 segfault

[devin-ai-integration]

Summary

Fixes the QEMU arm64 segfault that blocks the multi-platform Docker build for v0.23.0.

Root cause: The apt-get dist-upgrade -y step upgrades libc6 from 2.31-13+deb11u4 → 2.31-13+deb11u13 inside QEMU user-mode emulation. This replaces the shared libraries QEMU is linked against mid-process, causing a segfault when libc-bin's post-install script runs ldconfig. This started failing between March 12–19 when Debian published the new libc6 security update to Bullseye repos. (failed job)

Changes:

1. Remove apt-get dist-upgrade -y — unnecessary in Docker builds and the direct cause of the QEMU crash. The needed packages (python3-dev, libsasl2-dev) are installed by apt-get install regardless.
2. Upgrade base image from python:3.10.7 to python:3.12 — the Oct 2022 image was the reason dist-upgrade pulled such a large delta. A current base image eliminates the package drift problem entirely.
3. Rename python-dev → python3-dev — the Python 2 development package doesn't exist in Debian Bookworm (which python:3.12 is based on).

Docker image builds successfully on amd64 locally in ~23s.

Review & Testing Checklist for Human

• Verify Elementary works on Python 3.12 — this is the highest-risk change. Check that edr commands, dbt integration, and key dependencies (e.g. Jinja2, agate, networkx) all work correctly on 3.12. CI passing is necessary but may not cover all runtime paths.
• Trigger the multi-platform Docker build — the QEMU arm64 fix can only be verified by running the actual --platform linux/amd64,linux/arm64 build in CI. Re-create the v0.23.0 tag after merging and confirm the release workflow succeeds.
• Consider pinning python:3.12.x — the current python:3.12 tag is a rolling tag. If reproducible builds matter, consider pinning to a specific patch version (e.g. python:3.12.11). This is the same tradeoff as with the uv pin.

Notes

• The python:3.12 base uses Debian Bookworm (released June 2023), so the package gap vs. current repos is much smaller than the old Bullseye image — reducing future risk of similar QEMU issues even if dist-upgrade were re-added.
• This is a follow-up to Fix Docker build: switch to uv and tighten dbt adapter lower bounds to >=1.8 #2157 which switched to uv and tightened adapter version bounds. Both PRs need to be included in the re-tagged v0.23.0.

Link to Devin session: https://app.devin.ai/sessions/a67f519882744e45b279502a0fe54bde
Requested by: @haritamar

Summary by CodeRabbit

• Chores
  • Upgraded Python runtime from 3.10.7 to 3.12 for improved performance and enhanced security
  • Optimized Docker build process by streamlining package installation workflow
  • Updated development environment dependencies

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 @devin-ai-integration[bot]
Thank you for raising your pull request.
Please make sure to add tests and document all user-facing changes.
You can do this by editing the docs files in this pull request.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The Dockerfile's base image is upgraded from Python 3.10.7 to Python 3.12. The apt-get dist-upgrade step was removed from the package installation chain, and the development dependency was updated from python-dev to python3-dev.

Changes

Cohort / File(s)	Summary
Docker Configuration Dockerfile	Base image upgraded to Python 3.12; apt-get dist-upgrade step removed; python-dev dependency changed to python3-dev.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A hop and a skip, we've climbed up so high,
From Python three-ten to three-twelve, oh my!
With python3-dev now in our sight,
And dist-upgrade gone, we're lean and light!
The rabbits rejoice—this upgrade's just right! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the two main changes: removing apt-get dist-upgrade and upgrading to Python 3.12, and clearly connects them to the stated objective of fixing a QEMU arm64 segfault.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch devin/1773937874-remove-dist-upgrade

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}