🚚(docker) use static path for certifi ca certificate

The certifi ca certificate is now stored under a static path
(/cert/cacert.pem) to avoid issues when python is upgraded and the path
to the certificate changes.

Author: comexos

Dockerfile

@@ -94,6 +94,14 @@ RUN chmod g=u /etc/passwd
 # Copy installed python dependencies
 COPY --from=back-builder /install /usr/local
 
+# Link certifi certificate from a static path /cert/cacert.pem to avoid issues
+# when python is upgraded and the path to the certificate changes.
+# The space between print and the ( is intended otherwise the git lint is failing
+RUN mkdir /cert && \
+    path=`python -c 'import certifi;print (certifi.where())'` && \
+    mv $path /cert/ && \
+    ln -s /cert/cacert.pem $path
+
 # Copy impress application (see .dockerignore)
 COPY ./src/backend /app/
 

docs/examples/helm/impress.values.yaml

@@ -82,7 +82,7 @@ backend:
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false
   extraVolumeMounts:
     - name: certs
-      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
+      mountPath: /cert/cacert.pem
       subPath: cacert.pem
 
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false

src/helm/env.d/dev/values.impress.yaml.gotmpl

@@ -114,7 +114,7 @@ backend:
   # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
   extraVolumeMounts:
     - name: certs
-      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
+      mountPath: /cert/cacert.pem
       subPath: cacert.pem
 
   # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false