Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update image dependencies #146

Merged
merged 5 commits into from
Oct 8, 2024
Merged

Update image dependencies #146

merged 5 commits into from
Oct 8, 2024

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This pull request updates the dependencies for this image including:

  • Migrate from Alpine Linux 3.18 to 3.20
  • Migrate from Python 3.11.6 to 3.12.3
  • Update all Python packages installed directly in the Dockerfile
  • Update all Python packages installed with pipenv

💭 Motivation and context

Keeping dependencies up-to-date is important for project health.

🧪 Testing

Automated tests mostly pass. The final image build fails because the image build exceeds the GitHub Actions runner timeout of six hours. The two most problematic platforms (linux/ppc64le and linux/s390x) will be dropped in another pull request and the build is able to complete successfully as seen in this workflow run.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj mcdonnnj added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Aug 28, 2024
@mcdonnnj mcdonnnj self-assigned this Aug 28, 2024
@mcdonnnj mcdonnnj requested review from dav3r and jsf9k as code owners August 28, 2024 16:22
dav3r
dav3r approved these changes Aug 28, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

jsf9k
jsf9k reviewed Aug 28, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have one question.

src/Pipfile Outdated Show resolved Hide resolved
@mcdonnnj mcdonnnj requested a review from a team August 28, 2024 21:53
This was referenced Aug 29, 2024
Merged
Merged
@mcdonnnj
Bump alpine from 3.18 to 3.20
444a0cf 
This includes updating all of the system packages installed to the
versions available for Alpine Linux 3.20.
@mcdonnnj
Bump python from 3.11.6-alpine3.18 to 3.12.7-alpine3.20
124abd4 
This updates the `build-stage` to match the versions of Python and
Alpine Linux used in the `compile-stage`. This also includes updating
the versions of all system packages installed.
@mcdonnnj
Update the versions of Python packages installed
9285145 
Bump the Python packages installed in the `compile-stage` as follows:
- pip from 23.1.2 to 24.2
- pipenv from 2023.10.20 to 2024.1.0
- setuptools from 67.7.2 to 75.1.0
- wheel from 0.40.0 to 0.44.0
@mcdonnnj
Update Python virtual environment dependencies
bc01675 
Update the version of Python declared in the Pipfile and update the
dependencies installed in the Python virtual environment by running
`pipenv lock` in the `src/` directory.
@mcdonnnj
Use the --break-system-packages when installing pipenv
6abaa88 
Alpine Linux 3.20 configures Python 3 as externally managed, so we need
to pass this flag to `pip` to install a Python package directly. Since we
are using this to build a Python virtual environment in the
`compile-stage` that is moved to the `build-stage` for use in the final
image this should pose no issues.
@mcdonnnj mcdonnnj force-pushed the maintenance/update_dependencies branch from 36a533c to 6abaa88 Compare October 7, 2024 20:48
jsf9k
jsf9k approved these changes Oct 8, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the PR description, shouldn't it say "Migrate from Python 3.11.6 to 3.12.7"?

@mcdonnnj mcdonnnj merged commit 0f7f558 into develop Oct 8, 2024
16 of 17 checks passed
@mcdonnnj mcdonnnj deleted the maintenance/update_dependencies branch October 8, 2024 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

Assignees

@mcdonnnj mcdonnnj

Labels
dependencies Pull requests that update a dependency file docker Pull requests that update Docker code improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mcdonnnj @jsf9k @dav3r @dv4harr10