diff --git a/images/ansible-operator/README.md b/images/ansible-operator/README.md new file mode 100644 index 0000000..3882848 --- /dev/null +++ b/images/ansible-operator/README.md @@ -0,0 +1,8 @@ +We build the base image using the Dockerfile, which validates the python requirements scaffolding that it copies from this directory. + +To update the requirements (`Pipfile` and `Pipfile.lock`) build and execute the image generated by `pipfile.Dockerfile` like so: + +1. docker build -f ./pipfile.Dockerfile -t pipfile-generator . +2. docker run --rm -it -v .:/tmp/pip-airlock:Z pipfile-generator +3. Commit the newly-generated `Pipfile.lock` file (NB: this directory is in root .gitignore file, so you must `git add -f`) + diff --git a/images/ansible-operator/pipfile.Dockerfile b/images/ansible-operator/pipfile.Dockerfile new file mode 100644 index 0000000..64b8de0 --- /dev/null +++ b/images/ansible-operator/pipfile.Dockerfile @@ -0,0 +1,32 @@ +FROM registry.access.redhat.com/ubi8/ubi:8.9-1107 AS basebuilder + +# Install Rust so that we can ensure backwards compatibility with installing/building the cryptography wheel across all platforms +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y +ENV PATH="/root/.cargo/bin:${PATH}" +RUN rustc --version + +# Copy python dependencies (including ansible) to be installed using Pipenv +COPY ./Pipfile ./ +# Instruct pip(env) not to keep a cache of installed packages, +# to install into the global site-packages and +# to clear the pipenv cache as well +ENV PIP_NO_CACHE_DIR=1 \ + PIPENV_SYSTEM=1 \ + PIPENV_CLEAR=1 +# Ensure fresh metadata rather than cached metadata, install system and pip python deps, +# and remove those not needed at runtime. +RUN set -e && yum clean all && rm -rf /var/cache/yum/* \ + && yum update -y \ + && yum install -y libffi-devel openssl-devel python39-devel gcc python39-pip python39-setuptools \ + && pip3 install --upgrade pip~=23.3.2 \ + && pip3 install pipenv==2023.11.15 \ + && pipenv lock \ + && pipenv check \ + && yum remove -y gcc libffi-devel openssl-devel python39-devel \ + && yum clean all \ + && rm -rf /var/cache/yum + +VOLUME /tmp/pip-airlock +ENTRYPOINT ["cp", "./Pipfile.lock", "/tmp/pip-airlock/"] +# to pull the generated lockfile, run this like +# docker run --rm -it -v .:/tmp/pip-airlock:Z