Update Dockerfiles and dependencies

Author: Cito

.devcontainer/Dockerfile

@@ -1,7 +1,10 @@
-FROM mcr.microsoft.com/devcontainers/python:2.0.2-3.13-trixie
+FROM mcr.microsoft.com/devcontainers/python:3.0.5-3.13-trixie
 
 ENV PYTHONUNBUFFERED=1
 
+# Update and upgrade system packages for latest security fixes
+RUN apt-get update && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Update args in docker-compose.yaml to set the UID/GID of the "vscode" user.
 ARG USER_UID=1000
 ARG USER_GID=$USER_UID

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
 
-minimum_pre_commit_version: 4.3.0
+minimum_pre_commit_version: 4.5.1
 
 repos:
   - repo: local
@@ -19,7 +19,7 @@ repos:
         args: [--check]
         pass_filenames: false
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -45,13 +45,13 @@ repos:
       - id: no-commit-to-branch
         args: [--branch, dev, --branch, int, --branch, main]
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.1
+    rev: v0.14.14
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]
       - id: ruff-format
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.18.2
+    rev: v1.19.1
     hooks:
       - id: mypy
         args: [--no-warn-unused-ignores]

.pyproject_generation/pyproject_custom.toml

@@ -4,10 +4,10 @@ name = "my_microservice"
 version = "0.1.0"
 description = "My-Microservice - a short description"
 dependencies = [
-    "typer >= 0.19.1",
-    "ghga-service-commons[api] >= 5.0",
-    "ghga-event-schemas >= 10.0",
-    "hexkit[akafka,s3,mongodb] >= 7.0",
+    "typer >= 0.21.1",
+    "ghga-service-commons[api] >= 6.1",
+    "ghga-event-schemas ~= 11.1",
+    "hexkit[akafka,s3,mongodb] >= 7.3",
 ]
 
 [project.urls]

.pyproject_generation/pyproject_template.toml

@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools>=80.9"]
+requires = ["setuptools>=80.10"]
 build-backend = "setuptools.build_meta"
 
 [project]
@@ -101,7 +101,7 @@ check_untyped_defs = true
 no_site_packages = false
 
 [tool.pytest.ini_options]
-minversion = "8.4"
+minversion = "9.0"
 asyncio_mode = "strict"
 asyncio_default_fixture_loop_scope = "function"
 

Dockerfile

@@ -26,22 +26,24 @@ RUN python -m build
 
 # DEP-BUILDER: a container to (build and) install dependencies
 FROM base AS dep-builder
-RUN apk update
-RUN apk add build-base gcc g++ libffi-dev zlib-dev
-RUN apk upgrade --available
+RUN apk update && \
+    apk add build-base gcc g++ libffi-dev zlib-dev && \
+    apk upgrade --available
 WORKDIR /service
 COPY --from=builder /service/lock/requirements.txt /service
-RUN pip install --no-deps -r requirements.txt
+RUN pip install --no-cache-dir --no-deps -r requirements.txt
 
 # RUNNER: a container to run the service
 FROM base AS runner
+# create new user first
+RUN adduser -D appuser
 WORKDIR /service
 RUN rm -rf /usr/local/lib/python3.13
 COPY --from=dep-builder /usr/local/lib/python3.13 /usr/local/lib/python3.13
 COPY --from=builder /service/dist/ /service
-RUN pip install --no-deps *.whl
-RUN rm *.whl
-RUN adduser -D appuser
+RUN pip install --no-cache-dir --no-deps *.whl && \
+    rm *.whl
+# switch to non-root user
 WORKDIR /home/appuser
 USER appuser
 ENV PYTHONUNBUFFERED=1

Dockerfile.debian

@@ -16,8 +16,7 @@
 ## creating building container
 FROM python:3.13-slim-trixie AS builder
 # update and install dependencies
-RUN apt update
-RUN apt upgrade -y
+RUN apt-get update && apt-get upgrade -y
 RUN pip install build
 # copy code
 COPY . /service
@@ -28,18 +27,21 @@ RUN python -m build
 # creating running container
 FROM python:3.13-slim-trixie
 # update and install dependencies
-RUN apt update
-RUN apt upgrade -y
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+# create new user first
+RUN useradd --create-home appuser
 # copy and install requirements and wheel
 WORKDIR /service
 COPY --from=builder /service/lock/requirements.txt /service
-RUN pip install --no-deps -r requirements.txt
-RUN rm requirements.txt
+RUN pip install --no-cache-dir --no-deps -r requirements.txt && \
+    rm requirements.txt
 COPY --from=builder /service/dist/ /service
-RUN pip install --no-deps *.whl
-RUN rm *.whl
-# create new user and execute as that user
-RUN useradd --create-home appuser
+RUN pip install --no-cache-dir --no-deps *.whl && \
+    rm *.whl
+# switch to non-root user
 WORKDIR /home/appuser
 USER appuser
 # set environment

lock/requirements-dev-template.in

@@ -1,33 +1,31 @@
 # common requirements for development and testing of services
 
-pytest>=8.4
-pytest-asyncio>=1.2.0
+pytest>=9.0
+pytest-asyncio>=1.3
 pytest-cov>=7
 snakeviz>=2.2
-logot>=1.5.1
+logot>=1.5
 
-pre-commit>=4.3
+pre-commit>=4.5
 
-mypy>=1.18.2
-mypy-extensions>=1.1
+mypy>=1.19
 
-ruff>=0.13.1
+ruff>=0.14.14
 
 click>=8.3
-typer>=0.19.1
+typer>=0.21.1
 
 httpx>=0.28.1
-pytest-httpx>=0.35
+pytest-httpx>=0.36
 
-urllib3>=2.5
+urllib3>=2.6.3
 requests>=2.32.5
 
 casefy>=1.1
 jsonschema2md>=1.7
-setuptools>=80.9
+setuptools>=80.10
 
 # required since switch to pyproject.toml and pip-tools
-tomli>=2.2.1
 tomli_w>=1.2
 
-uv>=0.8.19
+uv>=0.9.28

lock/requirements-dev.in

@@ -4,4 +4,4 @@
 -r requirements-dev-template.in
 
 # additional requirements can be listed here
-testcontainers[kafka,mongo]>=4.13
+testcontainers[kafka,mongo]>=4.14