From bc574177e7b44260e6f457d56c307379d2e3c9c5 Mon Sep 17 00:00:00 2001
From: Eran Cohen <eranco@redhat.com>
Date: Tue, 22 Jul 2025 14:02:59 +0300
Subject: [PATCH] Feat: Update base image to fix Konflux RPM signature scan
 This commit update the Containerfile, switching the base image to the
 ubi9/python-312-minimal image. This eliminates manual Python installations,
 resulting in a cleaner and more efficient build. This change resolves issues
 with the Konflux RPM signature scan by mitigating the risk of unverified
 artifact injection.

Signed-off-by: Eran Cohen <eranco@redhat.com>
---
 Containerfile | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/Containerfile b/Containerfile
index 9bbf7d9e..5e404bb2 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,12 +1,8 @@
 # vim: set filetype=dockerfile
-FROM registry.access.redhat.com/ubi9/ubi-minimal AS builder
+FROM registry.access.redhat.com/ubi9/python-312-minimal AS builder
 
 ARG APP_ROOT=/app-root
 
-# Install Python
-RUN microdnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs \
-    python3.12 python3.12-devel python3.12-pip
-
 # UV_PYTHON_DOWNLOADS=0 : Disable Python interpreter downloads and use the system interpreter.
 ENV UV_COMPILE_BYTECODE=0 \
     UV_LINK_MODE=copy \
@@ -26,9 +22,8 @@ RUN uv sync --locked --no-install-project --no-dev
 
 
 # Final image without uv package manager
-FROM registry.access.redhat.com/ubi9/ubi-minimal
+FROM registry.access.redhat.com/ubi9/python-312-minimal
 ARG APP_ROOT=/app-root
-RUN microdnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs python3.12 python3.12-pip
 WORKDIR /app-root
 
 # PYTHONDONTWRITEBYTECODE 1 : disable the generation of .pyc