From a2d10cac594ae4b3bee22dc5949d8db3390579a5 Mon Sep 17 00:00:00 2001 From: Barry Chen Date: Wed, 7 Jan 2026 16:53:04 -0600 Subject: [PATCH] chore: build image for postgres python utils --- .github/workflows/mozcloud-publish.yaml | 25 +++++++++++++++++++++++ tools/postgres/Dockerfile | 27 +++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 tools/postgres/Dockerfile diff --git a/.github/workflows/mozcloud-publish.yaml b/.github/workflows/mozcloud-publish.yaml index 37e751b69b..159615c289 100644 --- a/.github/workflows/mozcloud-publish.yaml +++ b/.github/workflows/mozcloud-publish.yaml @@ -89,3 +89,28 @@ jobs: dockerfile_path: tools/spanner/Dockerfile image_build_context: tools/spanner should_tag_ghcr: true + + build-and-push-syncstorage-rs-postgres-python-utils: + if: > + github.event_name == 'workflow_dispatch' || + ( + github.event_name == 'push' && + startsWith(github.ref, 'refs/tags/') + ) || + ( + github.event_name == 'pull_request' && + contains(github.event.pull_request.labels.*.name, 'preview') && + github.event.pull_request.head.repo.full_name == github.repository + ) + permissions: + contents: read + id-token: write + packages: write + uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@1b87069d293273436a84dff04954a8950d3ff9ca # v6.1.0 + with: + image_name: syncstorage-rs-postgres-python-utils + gar_name: sync-prod + project_id: moz-fx-sync-prod + dockerfile_path: tools/postgres/Dockerfile + image_build_context: tools/postgres + should_tag_ghcr: true diff --git a/tools/postgres/Dockerfile b/tools/postgres/Dockerfile new file mode 100644 index 0000000000..ece7d19c4c --- /dev/null +++ b/tools/postgres/Dockerfile @@ -0,0 +1,27 @@ +FROM python:3.13-bookworm + +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 \ + PIP_NO_CACHE_DIR=off \ + PIP_DISABLE_PIP_VERSION_CHECK=on \ + PIP_DEFAULT_TIMEOUT=100 \ + POETRY_VERSION=2.1.3 \ + POETRY_NO_INTERACTION=1 \ + POETRY_VIRTUALENVS_CREATE=false \ + POETRY_CACHE_DIR='/var/cache/pypoetry' \ + POETRY_HOME='/usr/local' + +RUN curl -sSL https://install.python-poetry.org | python3 - + +WORKDIR /app/ + +COPY purge_ttl.py poetry.lock pyproject.toml /app/ +RUN python3 --version + +RUN poetry config virtualenvs.create false && \ + poetry install --without dev --no-interaction --no-ansi + +USER nobody + +ENTRYPOINT ["/usr/local/bin/python"] +CMD ["/app/purge_ttl.py"]