Finished moving pip venvs into cross-compiled layer

Author: waterfoul

.automation/build.py

@@ -515,35 +515,53 @@ def build_dockerfile(
     replace_in_file(dockerfile, "#PIP__START", "#PIP__END", pip_install_command)
     # Python packages in venv
     if len(pipvenv_packages.items()) > 0:
-        pipenv_install_command = (
+        pipenv_download_command = (
             "RUN PYTHONDONTWRITEBYTECODE=1 pip3 install"
-            " --no-cache-dir --upgrade pip virtualenv \\\n"
+            " --no-cache-dir --upgrade pip crossenv \\\n"
+        )
+        pipenv_install_command = (
+            "RUN echo \\\n"
         )
-        env_path_command = 'ENV PATH="${PATH}"'
+        pipenv_path_command = 'ENV PATH="${PATH}"'
         for pip_linter, pip_linter_packages in pipvenv_packages.items():
+            pipenv_download_command += (
+                f'    && mkdir -p "/download/{pip_linter}" '
+                + f'&& pip download -d "/download/{pip_linter}" '
+                + (" ".join(pip_linter_packages))
+                + " \\\n"
+            )
             pipenv_install_command += (
                 f'    && mkdir -p "/venvs/{pip_linter}" '
                 + f'&& cd "/venvs/{pip_linter}" '
-                + "&& virtualenv . "
+                + "&& python3 -m crossenv /usr/local/bin/target-python3 . "
                 + "&& source bin/activate "
-                + "&& PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir "
+                + f"&& PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/{pip_linter} --no-cache-dir "
                 + (" ".join(pip_linter_packages))
                 + " "
                 + "&& deactivate "
                 + "&& cd ./../.. \\\n"
             )
-            env_path_command += f":/venvs/{pip_linter}/bin"
+            pipenv_path_command += f":/venvs/{pip_linter}/bin"
         pipenv_install_command = pipenv_install_command[:-2]  # remove last \
+        pipenv_download_command = pipenv_download_command[:-2]  # remove last \
         pipenv_install_command += (
             ' \\\n    && find . | grep -E "(/__pycache__$|\\.pyc$|\\.pyo$)" | xargs rm -rf '
             + "&& rm -rf /root/.cache\n"
-            + env_path_command
         )
+        pipenv_download_command += "\n"
     else:
         pipenv_install_command = ""
+        pipenv_download_command = ""
+        pipenv_path_command = ""
     replace_in_file(
         dockerfile, "#PIPVENV__START", "#PIPVENV__END", pipenv_install_command
     )
+    replace_in_file(
+        dockerfile, "#PIPVENV_DOWNLOAD__START", "#PIPVENV_DOWNLOAD__END", pipenv_download_command
+    )
+    replace_in_file(
+        dockerfile, "#PIPVENV_PATH__START", "#PIPVENV_PATH__END", pipenv_path_command
+    )
 
     # Ruby gem packages
     gem_install_command = ""

Dockerfile

@@ -43,12 +43,12 @@ RUN rustup-init -y --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-u
 
 RUN --mount=type=cache,id=cargo-${TARGETARCH},sharing=locked,target=/cargo/.cargo/registry/,uid=63425 \
      . /cargo/.cargo/env \
- && cargo install sarif-fmt shellcheck-sarif --root /tmp --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-unknown-linux-musl" || echo "aarch64-unknown-linux-musl") 
+ && cargo install shellcheck-sarif sarif-fmt --root /tmp --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-unknown-linux-musl" || echo "aarch64-unknown-linux-musl") 
 
 FROM scratch AS cargo
 COPY --link --from=cargo-build /tmp/bin/* /bin/
-RUN ["/bin/sarif-fmt", "--help"]
 RUN ["/bin/shellcheck-sarif", "--help"]
+RUN ["/bin/sarif-fmt", "--help"]
 
 #FROM__END
 
@@ -69,6 +69,41 @@ COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/
 COPY --link --from=cargo /bin/* /usr/bin/
 #COPY__END
 
+FROM --platform=$TARGETPLATFORM python:3.11.2-alpine3.17 AS target-python-arm64
+RUN mkdir /export-libs && cp /lib/ld-musl-aarch64.so.1 /export-libs
+FROM --platform=$TARGETPLATFORM python:3.11.2-alpine3.17 AS target-python-amd64
+RUN mkdir /export-libs && cp /lib/ld-musl-x86_64.so.1 /export-libs
+FROM target-python-${TARGETARCH} AS target-python
+FROM --platform=$BUILDPLATFORM python:3.11.2-alpine3.17 AS python-venv
+
+
+#############################################################################################
+## @generated by .automation/build.py using descriptor files, please do not update manually ##
+#############################################################################################
+
+RUN apk add --update --no-cache gcc musl-dev libffi-dev rust cargo cmake make g++ openssl-dev
+
+#PIPVENV_DOWNLOAD__START
+RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip crossenv \
+    && mkdir -p "/download/yamllint" && pip download -d "/download/yamllint" yamllint 
+
+#PIPVENV_DOWNLOAD__END
+
+RUN mkdir /venvs
+
+COPY --link --from=target-python /usr/local/bin/python3 /usr/local/bin/target-python3
+#COPY --link --from=target-python /export-libs/* /lib
+
+#############################################################################################
+## @generated by .automation/build.py using descriptor files, please do not update manually ##
+#############################################################################################
+
+#PIPVENV__START
+RUN echo \
+    && mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/yamllint --no-cache-dir yamllint && deactivate && cd ./../..  \
+    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache
+
+#PIPVENV__END
 
 ##################
 # Get base image #
@@ -142,19 +177,18 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \
     # Ignore npm package issues
     yarn config set ignore-engines true || true
 
+COPY --link --from=python-venv /venv /venv
+
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
 
 #PIP__END
 
-#PIPVENV__START
-RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \
-    && mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir yamllint && deactivate && cd ./../..  \
-    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache
+#PIPVENV_PATH__START
 ENV PATH="${PATH}":/venvs/yamllint/bin
-#PIPVENV__END
+#PIPVENV_PATH__END
 
 ############################
 # Install NPM dependencies #

flavors/ci_light/Dockerfile

@@ -62,12 +62,12 @@ RUN rustup-init -y --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-u
 
 RUN --mount=type=cache,id=cargo-${TARGETARCH},sharing=locked,target=/cargo/.cargo/registry/,uid=63425 \
      . /cargo/.cargo/env \
- && cargo install sarif-fmt shellcheck-sarif --root /tmp --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-unknown-linux-musl" || echo "aarch64-unknown-linux-musl") 
+ && cargo install shellcheck-sarif sarif-fmt --root /tmp --target $([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64-unknown-linux-musl" || echo "aarch64-unknown-linux-musl") 
 
 FROM scratch AS cargo
 COPY --link --from=cargo-build /tmp/bin/* /bin/
-RUN ["/bin/sarif-fmt", "--help"]
 RUN ["/bin/shellcheck-sarif", "--help"]
+RUN ["/bin/sarif-fmt", "--help"]
 
 #FROM__END
 
@@ -102,6 +102,75 @@ COPY --from=kics /app/bin/assets /opt/kics/assets/
 COPY --link --from=cargo /bin/* /usr/bin/
 #COPY__END
 
+FROM --platform=$TARGETPLATFORM python:3.11.2-alpine3.17 AS target-python-arm64
+RUN mkdir /export-libs && cp /lib/ld-musl-aarch64.so.1 /export-libs
+FROM --platform=$TARGETPLATFORM python:3.11.2-alpine3.17 AS target-python-amd64
+RUN mkdir /export-libs && cp /lib/ld-musl-x86_64.so.1 /export-libs
+FROM target-python-${TARGETARCH} AS target-python
+FROM --platform=$BUILDPLATFORM python:3.11.2-alpine3.17 AS python-venv
+
+
+#############################################################################################
+## @generated by .automation/build.py using descriptor files, please do not update manually ##
+#############################################################################################
+
+RUN apk add --update --no-cache gcc musl-dev libffi-dev rust cargo cmake make g++ openssl-dev
+
+#PIPVENV_DOWNLOAD__START
+RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip crossenv \
+    && mkdir -p "/download/ansible-lint" && pip download -d "/download/ansible-lint" ansible-lint \
+    && mkdir -p "/download/cpplint" && pip download -d "/download/cpplint" cpplint \
+    && mkdir -p "/download/cfn-lint" && pip download -d "/download/cfn-lint" cfn-lint \
+    && mkdir -p "/download/djlint" && pip download -d "/download/djlint" djlint \
+    && mkdir -p "/download/pylint" && pip download -d "/download/pylint" pylint typing-extensions \
+    && mkdir -p "/download/black" && pip download -d "/download/black" black \
+    && mkdir -p "/download/flake8" && pip download -d "/download/flake8" flake8 \
+    && mkdir -p "/download/isort" && pip download -d "/download/isort" isort black \
+    && mkdir -p "/download/mypy" && pip download -d "/download/mypy" mypy \
+    && mkdir -p "/download/pyright" && pip download -d "/download/pyright" pyright \
+    && mkdir -p "/download/checkov" && pip download -d "/download/checkov" packaging checkov \
+    && mkdir -p "/download/semgrep" && pip download -d "/download/semgrep" semgrep \
+    && mkdir -p "/download/rst-lint" && pip download -d "/download/rst-lint" restructuredtext_lint \
+    && mkdir -p "/download/rstcheck" && pip download -d "/download/rstcheck" rstcheck \
+    && mkdir -p "/download/rstfmt" && pip download -d "/download/rstfmt" rstfmt \
+    && mkdir -p "/download/proselint" && pip download -d "/download/proselint" proselint \
+    && mkdir -p "/download/sqlfluff" && pip download -d "/download/sqlfluff" sqlfluff \
+    && mkdir -p "/download/yamllint" && pip download -d "/download/yamllint" yamllint 
+
+#PIPVENV_DOWNLOAD__END
+
+RUN mkdir /venvs
+
+COPY --link --from=target-python /usr/local/bin/python3 /usr/local/bin/target-python3
+#COPY --link --from=target-python /export-libs/* /lib
+
+#############################################################################################
+## @generated by .automation/build.py using descriptor files, please do not update manually ##
+#############################################################################################
+
+#PIPVENV__START
+RUN echo \
+    && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/ansible-lint --no-cache-dir ansible-lint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/cpplint" && cd "/venvs/cpplint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/cpplint --no-cache-dir cpplint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/cfn-lint --no-cache-dir cfn-lint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/djlint" && cd "/venvs/djlint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/djlint --no-cache-dir djlint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/pylint" && cd "/venvs/pylint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/pylint --no-cache-dir pylint typing-extensions && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/black" && cd "/venvs/black" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/black --no-cache-dir black && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/flake8" && cd "/venvs/flake8" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/flake8 --no-cache-dir flake8 && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/isort" && cd "/venvs/isort" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/isort --no-cache-dir isort black && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/mypy" && cd "/venvs/mypy" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/mypy --no-cache-dir mypy && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/pyright" && cd "/venvs/pyright" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/pyright --no-cache-dir pyright && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/checkov --no-cache-dir packaging checkov && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/semgrep" && cd "/venvs/semgrep" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/semgrep --no-cache-dir semgrep && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/rst-lint" && cd "/venvs/rst-lint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/rst-lint --no-cache-dir restructuredtext_lint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/rstcheck" && cd "/venvs/rstcheck" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/rstcheck --no-cache-dir rstcheck && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/rstfmt" && cd "/venvs/rstfmt" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/rstfmt --no-cache-dir rstfmt && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/proselint" && cd "/venvs/proselint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/proselint --no-cache-dir proselint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/sqlfluff" && cd "/venvs/sqlfluff" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/sqlfluff --no-cache-dir sqlfluff && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && python3 -m crossenv /usr/local/bin/target-python3 . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --find-links /download/yamllint --no-cache-dir yamllint && deactivate && cd ./../..  \
+    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache
+
+#PIPVENV__END
 
 ##################
 # Get base image #
@@ -193,36 +262,18 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \
     # Ignore npm package issues
     yarn config set ignore-engines true || true
 
+COPY --link --from=python-venv /venv /venv
+
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
 
 #PIP__END
 
-#PIPVENV__START
-RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \
-    && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/cpplint" && cd "/venvs/cpplint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cpplint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cfn-lint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/djlint" && cd "/venvs/djlint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir djlint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/pylint" && cd "/venvs/pylint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pylint typing-extensions && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/black" && cd "/venvs/black" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir black && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/flake8" && cd "/venvs/flake8" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir flake8 && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/isort" && cd "/venvs/isort" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir isort black && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/mypy" && cd "/venvs/mypy" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir mypy && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/pyright" && cd "/venvs/pyright" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pyright && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir packaging checkov && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/semgrep" && cd "/venvs/semgrep" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir semgrep && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/rst-lint" && cd "/venvs/rst-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir restructuredtext_lint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/rstcheck" && cd "/venvs/rstcheck" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir rstcheck && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/rstfmt" && cd "/venvs/rstfmt" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir rstfmt && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/proselint" && cd "/venvs/proselint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir proselint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/sqlfluff" && cd "/venvs/sqlfluff" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir sqlfluff && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir yamllint && deactivate && cd ./../..  \
-    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache
+#PIPVENV_PATH__START
 ENV PATH="${PATH}":/venvs/ansible-lint/bin:/venvs/cpplint/bin:/venvs/cfn-lint/bin:/venvs/djlint/bin:/venvs/pylint/bin:/venvs/black/bin:/venvs/flake8/bin:/venvs/isort/bin:/venvs/mypy/bin:/venvs/pyright/bin:/venvs/checkov/bin:/venvs/semgrep/bin:/venvs/rst-lint/bin:/venvs/rstcheck/bin:/venvs/rstfmt/bin:/venvs/proselint/bin:/venvs/sqlfluff/bin:/venvs/yamllint/bin
-#PIPVENV__END
+#PIPVENV_PATH__END
 
 ############################
 # Install NPM dependencies #