Add python slim images

boxcutter · Nov 19, 2023 · 0e25224 · 0e25224
1 parent 07902a3
commit 0e25224
Show file tree

Hide file tree

Showing 16 changed files with 833 additions and 86 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,6 +38,11 @@ jobs:
             aws-cli: 'aws-cli/**'
             fpm: 'fpm/**'
             meshcmd: 'meshcmd/**'
+            python/3.8/slim-jammy: 'python/3.8/slim-jammy/**'
+            python/3.9/slim-jammy: 'python/3.9/slim-jammy/**'
+            python/3.10/slim-jammy: 'python/3.10/slim-jammy/**'
+            python/3.11/slim-jammy: 'python/3.11/slim-jammy/**'
+            python/3.12/slim-jammy: 'python/3.12/slim-jammy/**'
             
   # Job to build and test each of the modified images
   build:
@@ -102,6 +107,17 @@ jobs:
         run: |
           echo "image_description=$(docker buildx bake --print 2>/dev/null | jq -r '.target.default.labels."org.opencontainers.image.description"')" >> $GITHUB_ENV
 
+      - name: Get the image readme filepath
+        if: github.event_name != 'pull_request'
+        id: image_readme_filepath
+        run: |
+          readme_filepath=$(docker buildx bake --print 2>/dev/null | jq -r '.target.default.labels["dev.polymathrobotics.image.readme-filepath"]')
+          if [[ -n "$readme_filepath" ]]; then
+            echo "image_readme_filepath=$readme_filepath" >> $GITHUB_ENV
+          else
+            echo "image_readme_filepath=${{ matrix.image }}/README.md" >> $GITHUB_ENV
+          fi
+
       - name: Update Docker Hub Description
         if: github.event_name != 'pull_request'
         uses: peter-evans/dockerhub-description@v3
@@ -110,5 +126,5 @@ jobs:
           password: ${{ secrets.CONTAINER_DESCRIPTION_PASSWORD }}
           repository: boxcutter/${{ env.image_name }}
           short-description: ${{ env.image_description }}
-          readme-filepath: ${{ matrix.image }}/README.md
+          readme-filepath: ${{ env.image_readme_filepath }}
 
diff --git a/python/3.10/jammy/.dockerignore b/python/3.10/jammy/.dockerignore
diff --git a/python/3.10/jammy/Polly.toml b/python/3.10/jammy/Polly.toml
diff --git a/python/3.10/jammy/Containerfile → python/3.10/slim-jammy/Containerfile b/python/3.10/jammy/Containerfile → python/3.10/slim-jammy/Containerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 ARG CONTAINER_REGISTRY=docker.io
-FROM $CONTAINER_REGISTRY/ubuntu:jammy-20230624
+FROM $CONTAINER_REGISTRY/ubuntu:jammy-20231004
 
 # ensure local python is preferred over distribution python
 ENV PATH /usr/local/bin:$PATH
@@ -12,43 +12,50 @@ ENV LANG C.UTF-8
 # runtime dependencies
 RUN set -eux; \
 	apt-get update; \
-	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+	apt-get install -y --no-install-recommends \
 		ca-certificates \
+		netbase \
+		tzdata \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D
+ENV PYTHON_VERSION 3.10.13
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		dpkg-dev \
+		gcc \
+		gnupg \
+		libbluetooth-dev \
 		libbz2-dev \
 		libc6-dev \
+		libdb-dev \
+		libexpat1-dev \
 		libffi-dev \
 		libgdbm-dev \
+		liblzma-dev \
 		libncursesw5-dev \
 		libreadline-dev \
 		libsqlite3-dev \
 		libssl-dev \
+		make \
 		tk-dev \
+		uuid-dev \
+		wget \
+		xz-utils \
 		zlib1g-dev \
-	    libbluetooth-dev \
-        build-essential \
-        dpkg-dev \
-        gnupg \
-        libgdbm-compat-dev \
-        liblzma-dev \
-        uuid-dev \
-        wget \
-        xz-utils \
 	; \
-	rm -rf /var/lib/apt/lists/*
-
-ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D
-ENV PYTHON_VERSION 3.10.12
-
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-# hadolint ignore=DL3003,SC2015
-RUN set -eux; \
 	\
-	wget --progress=dot:giga -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \
-	wget --progress=dot:giga -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \
+	wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \
+	wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \
 	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
 	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \
 	gpg --batch --verify python.tar.xz.asc python.tar.xz; \
-	command -v gpgconf > /dev/null && gpgconf --kill all || :; \
+	gpgconf --kill all; \
 	rm -rf "$GNUPGHOME" python.tar.xz.asc; \
 	mkdir -p /usr/src/python; \
 	tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \
@@ -69,6 +76,7 @@ RUN set -eux; \
 	nproc="$(nproc)"; \
 	EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \
 	LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \
+	LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \
 	make -j "$nproc" \
 		"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" \
 		"LDFLAGS=${LDFLAGS:-}" \
@@ -83,13 +91,7 @@ RUN set -eux; \
 		"PROFILE_TASK=${PROFILE_TASK:-}" \
 		python \
 	; \
-	make install; \	
-	\
-# enable GDB to load debugging data: https://github.com/docker-library/python/pull/701
-	bin="$(readlink -ve /usr/local/bin/python3)"; \
-	dir="$(dirname "$bin")"; \
-	mkdir -p "/usr/share/gdb/auto-load/$dir"; \
-	cp -vL Tools/gdb/libpython.py "/usr/share/gdb/auto-load/$bin-gdb.py"; \
+	make install; \
 	\
 	cd /; \
 	rm -rf /usr/src/python; \
@@ -103,6 +105,19 @@ RUN set -eux; \
 	\
 	ldconfig; \
 	\
+	apt-mark auto '.*' > /dev/null; \
+	apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
+		| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
 	python3 --version
 
 # make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends)
@@ -119,14 +134,23 @@ ENV PYTHON_PIP_VERSION 23.0.1
 # https://github.com/docker-library/python/issues/365
 ENV PYTHON_SETUPTOOLS_VERSION 65.5.1
 # https://github.com/pypa/get-pip
-ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/9af82b715db434abb94a0a6f3569f43e72157346/public/get-pip.py
-ENV PYTHON_GET_PIP_SHA256 45a2bb8bf2bb5eff16fdd00faef6f29731831c7c59bd9fc2bf1f3bed511ff1fe
+ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/4cfa4081d27285bda1220a62a5ebf5b4bd749cdb/public/get-pip.py
+ENV PYTHON_GET_PIP_SHA256 9cc01665956d22b3bf057ae8287b035827bfd895da235bcea200ab3b811790b6
 
 RUN set -eux; \
 	\
-	wget --progress=dot:giga -O get-pip.py "$PYTHON_GET_PIP_URL"; \
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends wget; \
+	\
+	wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \
 	echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \
 	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
 	export PYTHONDONTWRITEBYTECODE=1; \
 	\
 	python get-pip.py \
@@ -140,4 +164,4 @@ RUN set -eux; \
 	\
 	pip --version
 
-CMD ["python3"]
+CMD ["python3"]
diff --git a/python/3.10/slim-jammy/docker-bake.hcl b/python/3.10/slim-jammy/docker-bake.hcl
@@ -0,0 +1,40 @@
+variable "IMAGE_NAME" {
+  default = "python"
+}
+
+variable "VERSION" {
+  default = "3.10.13"
+}
+
+variable "CONTAINER_REGISTRY" {
+  default = "docker.io/boxcutter"
+}
+
+variable "LOCAL_PLATFORM" {
+  default="${BAKE_LOCAL_PLATFORM}" == "darwin/arm64/v8" ? "linux/arm64/v8" : "${BAKE_LOCAL_PLATFORM}"
+}
+
+target "_common" {
+  dockerfile = "Containerfile"
+  tags = [
+    "${CONTAINER_REGISTRY}/${IMAGE_NAME}:${VERSION}-slim-jammy",
+    "${CONTAINER_REGISTRY}/${IMAGE_NAME}:3.8-slim-jammy",
+  ]
+  labels = {
+    "org.opencontainers.image.source" = "https://github.com/polymathrobotics/oci"
+    "org.opencontainers.image.licenses" = "Apache-2.0"
+    "org.opencontainers.image.description" = "Python is an interpreted, interactive, object-oriented, open-source programming language."
+    "org.opencontainers.image.title" = "${IMAGE_NAME}"
+    "dev.polymathrobotics.image.readme-filepath" = "python/README.md"
+  }
+}
+
+target "local" {
+  inherits = ["_common"]
+  platforms = ["${LOCAL_PLATFORM}"]
+}
+
+target "default" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/arm64/v8"]
+} 
diff --git a/python/3.11/jammy/.dockerignore b/python/3.11/jammy/.dockerignore
diff --git a/python/3.11/jammy/Polly.toml b/python/3.11/jammy/Polly.toml