General update to trixie with python 3.13 (WIP)

.github/workflows/barbican-exporter-build.yaml

@@ -7,6 +7,9 @@ on:
       - main
   pull_request:
 
+env:
+  REGISTRY: ghcr.io
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
@@ -37,7 +40,9 @@ jobs:
           type=ref,event=branch
           type=ref,event=pr
           type=sha
-
+    - name: Set registry URL
+      run: |
+        echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
     - name: Build and push Docker image
       uses: docker/build-push-action@v4
       with:
@@ -46,4 +51,6 @@ jobs:
         push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
-        build-args: EXPORTER_PORT=9100  # Default, overridden by env in deployment
+        build-args: |
+          GHCR_URL=${{ env.GHCR_URL }}
+          EXPORTER_PORT=9100

.github/workflows/container-build-alert-proxy.yaml

@@ -49,6 +49,9 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
       - name: Dynamically set MY_DATE environment variable
         run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV
+      - name: Set registry URL
+        run: |
+          echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -63,6 +66,8 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.33.1  # using latest trivy scanner
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -118,3 +123,4 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}

.github/workflows/container-build-apache.yaml

@@ -35,25 +35,32 @@ env:
   #                  workaround until there's a better way to handle this.
   mod_wsgi: >
     ["5.0.2"]
+  venv_tag: >
+    ['3.13-trixie-latest','3.12-bookworm-latest']
+
 jobs:
   init:
     runs-on: ubuntu-latest
     outputs:
       apache-mod-wsgi-version: ${{ steps.generate-matrix.outputs.mod_wsgi }}
+      venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }}
     steps:
       - name: generate-matrix
         id: generate-matrix
         run: |
           if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then
             mod_wsgi="$(echo '${{ github.event.inputs.apache-mod-wsgi-version }}' | jq -R '[select(length>0)]' | jq -c '.')"
+            venv_tag="['3.13-trixie-latest']"
           fi
           echo "mod_wsgi=${mod_wsgi:-${{ env.mod_wsgi }}}" >> $GITHUB_OUTPUT
+          echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT
   build-and-push-image:
     needs:
       - init
     strategy:
       matrix:
         apache-mod-wsgi-version: ${{ fromJSON(needs.init.outputs.apache-mod-wsgi-version) }}
+        venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -81,6 +88,9 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Set registry URL
+        run: |
+          echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -96,6 +106,9 @@ jobs:
           build-args: |
             MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }}
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}
+            VENV_TAG=${{ matrix.venv-tag }}
+            PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.33.1  # using latest trivy scanner
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -146,9 +159,14 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.apache-mod-wsgi-version }}-${{ matrix.venv-tag }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.apache-mod-wsgi-version }}-${{ matrix.venv-tag }}-${{ env.MY_DATE }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.venv-tag }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.venv-tag }}-${{ env.MY_DATE }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }}
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}
+            VENV_TAG=${{ matrix.venv-tag }}
+            PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }}

.github/workflows/container-build-barbican.yaml

@@ -1,5 +1,5 @@
 ---
-name: Create and publish a barbican image
+name: Create and publish a Barbican image
 
 permissions:
   actions: read
@@ -42,26 +42,39 @@ env:
   #                   workaround until there's a better way to handle this.
   openstack_constraints: >
     ["unmaintained/2024.1", "stable/2025.1"]
-
+  venv_tag: >
+    ['3.13-trixie-latest','3.12-bookworm-latest']
 jobs:
   init:
     runs-on: ubuntu-latest
     outputs:
       openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }}
+      venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }}
     steps:
       - name: generate-matrix
         id: generate-matrix
         run: |
           if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then
             openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')"
+            venv_tag="['3.13-trixie-latest']"
+            if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then
+              venv_tag="['3.12-bookworm-latest']"
+            fi
           fi
           echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT
+          echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT
   build-and-push-image:
     needs:
       - init
     strategy:
       matrix:
-        openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}}
+        openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }}
+        venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }}
+        exclude:
+          - openstack-constraints: unmaintained/2024.1
+            venv-tag: 3.13-trixie-latest
+          - openstack-constraints: stable/2025.1
+            venv-tag: 3.12-bookworm-latest
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -89,6 +102,9 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Set registry URL
+        run: |
+          echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -105,6 +121,9 @@ jobs:
             OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}
             OS_CONSTRAINTS=${{ matrix.openstack-constraints }}
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}
+            VENV_TAG=${{ matrix.venv-tag }}
+            PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.33.1  # using latest trivy scanner
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -162,3 +181,6 @@ jobs:
             OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}
             OS_CONSTRAINTS=${{ matrix.openstack-constraints }}
             CACHEBUST=${{ github.sha }}
+            GHCR_URL=${{ env.GHCR_URL }}
+            VENV_TAG=${{ matrix.venv-tag }}
+            PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }}