From d88506fdc1667db29a7b6e972e5a63bad211736c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Thu, 14 Aug 2025 10:36:34 +0200 Subject: [PATCH 1/2] Containerfile: use ubi-minimal Use `ubi9/ubi-minimal` to be closed to the downstream set-up. --- wisdom-service.Containerfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/wisdom-service.Containerfile b/wisdom-service.Containerfile index 88cd80c44..6f5355503 100644 --- a/wisdom-service.Containerfile +++ b/wisdom-service.Containerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/ubi:latest AS production +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS production ARG IMAGE_TAGS=image-tags-not-defined ARG GIT_COMMIT=git-commit-not-defined @@ -14,8 +14,8 @@ ENV BUILD_PATH=/var/www/wisdom/public/static/console ENV UWSGI_PROCESSES=10 # Install dependencies -RUN dnf module enable nodejs:18 nginx:1.22 -y && \ - dnf install -y \ +RUN microdnf module enable nodejs:22 nginx:1.22 -y && \ + microdnf install --setopt=install_weak_deps=0 --nodocs -y \ git \ python3.11-devel \ gcc \ @@ -45,7 +45,7 @@ ENV PATH="/var/www/venv/bin:${PATH}" # Address GHSA-79v4-65xg-pq4g and the fact jwcrypto prevent us from pulling cryptography 44.0.1 # Please remove once jwcrypto and cryptography can be both upgraded -RUN dnf install -y openssl-devel +RUN microdnf install --setopt=install_weak_deps=0 --nodocs -y openssl-devel RUN /var/www/venv/bin/python3.11 -m pip --no-cache-dir install --no-binary=all cryptography==43.0.1 RUN /var/www/venv/bin/python3.11 -m pip --no-cache-dir install -r/var/www/ansible-ai-connect-service/requirements.txt @@ -124,10 +124,10 @@ CMD /usr/bin/launch-wisdom.sh FROM production AS devel USER 0 -RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ - dnf install -y inotify-tools && \ - dnf remove -y epel-release && \ - dnf clean all +RUN microdnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ + microdnf install -y inotify-tools && \ + microdnf remove -y epel-release && \ + microdnf clean all COPY tools/scripts/auto-reload.sh /usr/bin/auto-reload.sh RUN mkdir /etc/supervisor/supervisord.d/ COPY tools/configs/supervisord.d/auto-reload.conf /etc/supervisor/supervisord.d/auto-reload.conf From c0a9dfb4d87d7e27b62660cc5b14379de13db935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Thu, 14 Aug 2025 10:36:34 +0200 Subject: [PATCH 2/2] Containerfile: use ubi-minimal Use `ubi9/ubi-minimal` to be closed to the downstream set-up. --- wisdom-service.Containerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wisdom-service.Containerfile b/wisdom-service.Containerfile index 6f5355503..e07188908 100644 --- a/wisdom-service.Containerfile +++ b/wisdom-service.Containerfile @@ -124,7 +124,9 @@ CMD /usr/bin/launch-wisdom.sh FROM production AS devel USER 0 -RUN microdnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ +RUN curl -o epel.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ + rpm -i epel.rpm && \ + rm epel.rpm && \ microdnf install -y inotify-tools && \ microdnf remove -y epel-release && \ microdnf clean all