From 3ef0ed975356854fee0cc28c80549e388b63d31a Mon Sep 17 00:00:00 2001 From: Martin Zibricky Date: Thu, 12 Jun 2025 13:37:44 +0200 Subject: [PATCH 1/3] LCORE-168: Add Containerfile for image building --- Containerfile | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Containerfile diff --git a/Containerfile b/Containerfile new file mode 100644 index 00000000..4fa5ed78 --- /dev/null +++ b/Containerfile @@ -0,0 +1,41 @@ +# vim: set filetype=dockerfile +FROM registry.access.redhat.com/ubi9/ubi-minimal + +ARG APP_ROOT=/app-root + +RUN microdnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs \ + python3.11 python3.11-devel python3.11-pip + +# PYTHONDONTWRITEBYTECODE 1 : disable the generation of .pyc +# PYTHONUNBUFFERED 1 : force the stdout and stderr streams to be unbuffered +# PYTHONCOERCECLOCALE 0, PYTHONUTF8 1 : skip legacy locales and use UTF-8 mode +ENV PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + PYTHONCOERCECLOCALE=0 \ + PYTHONUTF8=1 \ + PYTHONIOENCODING=UTF-8 \ + LANG=en_US.UTF-8 \ + PIP_NO_CACHE_DIR=off + +WORKDIR /app-root + +# Add explicit files and directories +# (avoid accidental inclusion of local directories or env files or credentials) +COPY pyproject.toml LICENSE README.md ./ + +COPY src ./src + +RUN pip3.11 install --no-cache-dir . + +# this directory is checked by ecosystem-cert-preflight-checks task in Konflux +COPY LICENSE /licenses/ + +# Run the application +EXPOSE 8080 +CMD ["python3.11", "src/lightspeed_stack.py"] + +LABEL vendor="Red Hat, Inc." + + +# no-root user is checked in Konflux +USER 1001 From 0d5e37237e9392ef17151abd08b8b9cf7c05c3e3 Mon Sep 17 00:00:00 2001 From: Martin Zibricky Date: Thu, 12 Jun 2025 14:17:08 +0200 Subject: [PATCH 2/3] LCORE-168: Add GH actions workflow for building img --- .github/workflows/build.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..15ea2aa0 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,22 @@ +name: Build image + +on: + - push + - pull_request + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read + steps: + - uses: actions/checkout@v4 + - name: Install podman + run: | + sudo apt-get update + sudo apt-get -y install podman + - name: Verify podman + run: podman --version + - name: Build image + run: podman build -t lightspeed-stack:latest . \ No newline at end of file From ecc348eb8fd5474d8558c3f548bf5b7fae1645cb Mon Sep 17 00:00:00 2001 From: Martin Zibricky Date: Thu, 12 Jun 2025 14:26:59 +0200 Subject: [PATCH 3/3] LCORE-168: Fix workflow build.yaml - new line --- .github/workflows/build.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 15ea2aa0..10030c86 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,4 +19,5 @@ jobs: - name: Verify podman run: podman --version - name: Build image - run: podman build -t lightspeed-stack:latest . \ No newline at end of file + run: podman build -t lightspeed-stack:latest . +