Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use Python 3.10 on Ubuntu noble in Docker (#2073) #2074

Conversation

holtgrewe
Copy link
Collaborator

@holtgrewe holtgrewe commented Nov 1, 2024

Summary by CodeRabbit

  • New Features

    • Updated Python environment to version 3.10.15 for improved compatibility.
    • Enhanced dependency management process for better installation efficiency.
  • Bug Fixes

    • Adjusted package version for altamisa to ensure stability.
  • Documentation

    • Improved comments in the Pipfile for clarity on package requirements.
  • Chores

    • Optimized Dockerfile to streamline Python installation and dependency management.

@holtgrewe holtgrewe linked an issue Nov 1, 2024 that may be closed by this pull request
Copy link
Contributor

coderabbitai bot commented Nov 1, 2024

Walkthrough

The changes include updates to the Python version in the CI workflow, specifically from 3.10.13 to 3.10.15, and adjustments to dependency installation commands in the .github/workflows/main.yml, Pipfile, and utils/docker/Dockerfile. The Pipfile reflects a version change for the altamisa package and a specification of the Python version. The Dockerfile now includes the installation of Python 3.10 via pyenv, ensuring that the correct version is used for dependencies. Overall, these updates refine the dependency management and environment setup.

Changes

File Path Change Summary
.github/workflows/main.yml Updated Python version from 3.10.13 to 3.10.15. Modified dependency installation commands in Python-Test and Python-Lint jobs.
backend/Pipfile Changed altamisa package version from ~=0.3.0 to ~=0.2.5. Updated python_version from "3" to "3.10".
utils/docker/Dockerfile Added pyenv installation for Python 3.10.15 and updated dependency installation to use pyenv shims. Retained cleanup commands.

Possibly related PRs

🐇 In the garden where bunnies play,
Python's version has found its way.
With pipenv now refined and neat,
Dependencies dance to a new beat.
Docker's image, light and bright,
Hops along, a joyful sight! 🌼


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

github-actions bot commented Nov 1, 2024

deps-report 🔍

Commit scanned: 1716a21
ℹ️ Python version 3.10 is used by your project but the latest version is 3.13.

Vulnerable dependencies

4 dependencies have vulnerabilities 😱
Dependency Advisory Versions impacted
djangorestframework (transitive) Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.
<3.15.2
jinja2 (transitive) In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. >=0
setuptools (transitive) Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. <70.0.0
sqlalchemy Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. sqlalchemy/sqlalchemy#8563 <2.0.0b1

Outdated dependencies

63 outdated dependencies found (including 21 outdated major versions)😢
Dependency Installed version Latest version
alabaster (transitive) 0.7.16 1.0.0
argon2-cffi (transitive) 21.3.0 23.1.0
async-timeout (transitive) 4.0.3 5.0.0
billiard (transitive) 3.6.4.0 4.2.1
crispy-bootstrap4 (transitive) 2022.1 2024.10
django 3.2.25 5.1.2
django-model-utils (transitive) 4.3.1 5.0.0
django-rest-knox (transitive) 4.2.0 5.0.2
django-sodar-core 0.13.4 1.0.2
et-xmlfile (dev,transitive) 1.1.0 2.0.0
markupsafe (transitive) 2.1.5 3.0.2
mistune (transitive) 2.0.5 3.0.2
packaging (transitive) 23.2 24.1
pillow (transitive) 10.4.0 11.0.0
protobuf 3.20.3 5.28.3
setuptools (transitive) 67.6.1 75.3.0
sphinx (transitive) 6.2.1 8.1.3
sphinx-rtd-theme (transitive) 1.2.2 3.0.1
sqlalchemy 1.4.54 2.0.36
unidecode (transitive) 0.4.21 1.3.8
xmlschema (transitive) 2.5.1 3.4.3
Dependency Installed version Latest version
altamisa 0.2.9 0.3.0
botocore (transitive) 1.35.36 1.35.53
celery (transitive) 5.2.7 5.4.0
charset-normalizer (transitive) 3.3.2 3.4.0
coverage (dev,transitive) 7.6.1 7.6.4
cryptography (transitive) 43.0.1 43.0.3
django-autocomplete-light (transitive) 3.9.4 3.11.0
django-crispy-forms (transitive) 2.0 2.3
django-db-file-storage (transitive) 0.5.5 0.5.6.1
django-debug-toolbar 4.3.0 4.4.6
django-environ (transitive) 0.10.0 0.11.2
django-iconify (transitive) 0.1.1 0.4
django-plugins-bihealth 0.4.0 0.5.2
django-postgres-copy 2.3.7 2.7.6
djangorestframework (transitive) 3.14.0 3.15.2
docutils (transitive) 0.18.1 0.21.2
drf-keyed-list-bihealth 0.1.1 0.2.1
drf-spectacular-sidecar (transitive) 2024.7.1 2024.11.1
drf-writable-nested 0.7.0 0.7.1
elementpath (transitive) 4.5.0 4.6.0
faker 30.6.0 30.8.2
frozenlist (transitive) 1.4.1 1.5.0
ipython (dev,transitive) 8.28.0 8.29.0
markdown (transitive) 3.4.1 3.7
mypy-protobuf (dev) 3.3.0 3.6.0
prettytable 3.11.0 3.12.0
psycopg2 (transitive) 2.9.9 2.9.10
psycopg2-binary (transitive) 2.9.9 2.9.10
pydantic-core (transitive) 2.23.4 2.25.1
redis 5.1.1 5.2.0
requests-http-signature 0.2.0 0.7.1
rpds-py (transitive) 0.20.0 0.20.1
rules (transitive) 3.3 3.5
selenium (dev) 4.25.0 4.26.1
tqdm 4.66.5 4.66.6
trio (dev,transitive) 0.26.2 0.27.0
types-protobuf (dev) 5.28.0.20240924 5.28.3.20241030
types-psycopg2 (dev,transitive) 2.9.21.20240819 2.9.21.20241019
versioneer (transitive) 0.28 0.29
werkzeug (dev) 3.0.6 3.1.0
wheel (transitive) 0.40.0 0.44.0
yarl (transitive) 1.15.5 1.17.1

Logs

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6ab216a and 1716a21.

⛔ Files ignored due to path filters (1)
  • backend/Pipfile.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • .github/workflows/main.yml (3 hunks)
  • backend/Pipfile (2 hunks)
  • utils/docker/Dockerfile (2 hunks)
🧰 Additional context used
📓 Learnings (1)
backend/Pipfile (1)
Learnt from: tedil
PR: varfish-org/varfish-server#2065
File: backend/Pipfile:8-8
Timestamp: 2024-10-28T12:59:54.398Z
Learning: When updating Python version support to a broader range (e.g., changing `python_version = "3.10"` to `python_version = "3"` in `backend/Pipfile`), the `altamisa` package should be upgraded to `~=0.3.0` to maintain compatibility.
🔇 Additional comments (4)
backend/Pipfile (1)

112-112: Verify package compatibility with Python 3.10.

The Python version requirement has been made more restrictive (from "3" to "3.10"). While this aligns with the PR objective to use Python 3.10, we should verify that all dependencies support this specific version.

✅ Verification successful

Let me generate another script to get more detailed information about package compatibility.

This script will show us the specific Python version requirements for each package, which will help us verify compatibility with Python 3.10.


Let me try one more approach to verify package compatibility.

This script will query PyPI's JSON API directly to get Python version requirements for critical packages. This should give us more reliable information about version compatibility.


Python 3.10 compatibility verified for all critical dependencies

Based on the PyPI metadata, all critical packages support Python 3.10:

  • Django (>=3.10)
  • DjangoRestFramework (>=3.8)
  • Pandas (>=3.9)
  • NumPy (>=3.10)
  • SQLAlchemy (>=3.7)
  • Pydantic (>=3.8)
  • Protobuf (>=3.8)

The version requirements show that these packages are compatible with Python 3.10, as they all specify minimum Python versions that are lower than or equal to 3.10.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if any packages have known compatibility issues with Python 3.10

# Extract package names and versions
echo "Checking package compatibility..."
cat backend/Pipfile | awk -F'=' '/^[a-zA-Z]/ && !/^\[/ {gsub(/[" =~*]/,"",$1); if($1!="") print $1}' | while read pkg; do
  # Use pip to check package metadata for Python version support
  pip index versions "$pkg" 2>/dev/null | head -n 1
done

Length of output: 5559


Script:

#!/bin/bash
# Get package versions and their Python version requirements
echo "Checking package metadata..."
cat backend/Pipfile | grep -v '^\[' | grep '=' | sed 's/[" =~*]//g' | while read -r line; do
  pkg=$(echo "$line" | cut -d'=' -f1)
  if [ ! -z "$pkg" ]; then
    echo "=== $pkg ==="
    pip show "$pkg" 2>/dev/null | grep -E "Requires-Python|Version"
  fi
done

Length of output: 21799


Script:

#!/bin/bash
# Check PyPI API for package metadata
echo "Checking critical packages for Python 3.10 compatibility..."

# List of critical packages to check
PACKAGES=(
    "django"
    "djangorestframework"
    "pandas"
    "numpy"
    "sqlalchemy"
    "pydantic"
    "protobuf"
)

for pkg in "${PACKAGES[@]}"; do
    echo "=== $pkg ==="
    curl -s "https://pypi.org/pypi/$pkg/json" | jq -r '.info.requires_python' 2>/dev/null
done

Length of output: 1329

.github/workflows/main.yml (3)

174-174: LGTM: Python version consistent with test job.

The Python version (3.10.15) in the lint job matches the test job, maintaining consistency.


131-131: Verify impact of removing ldap-packages category.

The removal of ldap-packages from the pipenv install command might affect LDAP authentication functionality.

#!/bin/bash
# Description: Check LDAP package dependencies and usage
# Expected: LDAP functionality should either be removed or handled differently

# Search for LDAP-related imports and usage
echo "Searching for LDAP dependencies..."
rg -g '!.git' -i 'ldap'

# Check Pipfile for LDAP-related packages
echo "Checking Pipfile for LDAP packages..."
fd -g 'Pipfile*' --exec cat {}

122-122: Verify Python version consistency across all environments.

The Python version update to 3.10.15 aligns with the PR objective. However, we should ensure this version is consistent with the Docker configuration.

✅ Verification successful

Python version 3.10.15 is correctly configured across environments

The Python version 3.10.15 specified in the GitHub Actions workflow matches the version installed in the Dockerfile through pyenv. The Dockerfile shows explicit installation and configuration of Python 3.10.15 using pyenv:

RUN pyenv install 3.10.15 && \
    pyenv global 3.10.15 && \
    pyenv local 3.10.15
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Python version consistency across configuration files
# Expected: Python 3.10.15 in Dockerfile and other relevant files

# Search for Python version specifications
echo "Searching for Python version specifications..."
rg -g '!.git' '3\.10\.\d+'

# Search for pyenv configurations
echo "Searching for pyenv configurations..."
rg -g '!.git' 'pyenv.*3\.10'

Length of output: 312294


Script:

#!/bin/bash
# Search for Python version specifications in Dockerfile and other configuration files
echo "Searching for Python version specifications..."
rg -g '!.git' -g '!Pipfile.lock' '(python|PYTHON).*3\.10\.\d+'

# Search for Python version in Docker-related files specifically
echo "Searching in Docker-related files..."
fd -g 'Dockerfile*' -x cat {}

Length of output: 9166

@@ -5,11 +5,11 @@ name = "pypi"

[packages]
aldjemy = "~=2.2"
altamisa = "~=0.3.0"
altamisa = "~=0.2.5"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Revert altamisa version downgrade.

Based on previous learnings, downgrading altamisa from ~=0.3.0 to ~=0.2.5 could introduce compatibility issues. The package should be at version ~=0.3.0 to maintain compatibility with Python 3.x.

Apply this diff to fix the version:

-altamisa = "~=0.2.5"
+altamisa = "~=0.3.0"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
altamisa = "~=0.2.5"
altamisa = "~=0.3.0"

- name: Install pip and Pipenv
run: pip install pip pipenv
run: pip install -U pip pipenv
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider caching pip packages to improve CI performance.

While updating pip is good practice, consider using GitHub Actions cache for pip and pipenv dependencies to speed up CI runs.

       - name: Install pip and Pipenv
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
         run: pip install -U pip pipenv
         working-directory: backend
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
run: pip install -U pip pipenv
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/Pipfile.lock') }}
restore-keys: |
${{ runner.os }}-pip-
run: pip install -U pip pipenv
working-directory: backend

Comment on lines +132 to 135
--python=/opt/pyenv/shims/python \
--categories=packages,prod-packages,ldap-packages \
--deploy
# Override installed Celery version (necessary until sodar-core v1)
RUN pipenv run pip install -U celery==5.3.5

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove unnecessary --python option from pipenv install command

Since the base image now uses Python 3.10 by default, specifying the --python parameter is unnecessary. You can simplify the pipenv install command by removing the --python option.

Apply this diff:

 RUN PIPENV_VENV_IN_PROJECT=1 pipenv install \
-        --python=/opt/pyenv/shims/python \
         --categories=packages,prod-packages,ldap-packages \
         --deploy
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
--python=/opt/pyenv/shims/python \
--categories=packages,prod-packages,ldap-packages \
--deploy
# Override installed Celery version (necessary until sodar-core v1)
RUN pipenv run pip install -U celery==5.3.5
--categories=packages,prod-packages,ldap-packages \
--deploy

Comment on lines +72 to +104
# Install Python 3.10 using pyenv
RUN apt-get install -y \
git \
wget \
build-essential \
libbz2-dev \
libffi-dev \
libgdbm-dev \
liblzma-dev \
libncurses5-dev \
libncurses-dev \
libnss3-dev \
libreadline-dev \
libsqlite3-dev \
libssl-dev \
pkg-config \
tk-dev \
zlib1g-dev
RUN mkdir -p /opt && \
git clone https://github.com/yyuu/pyenv.git /opt/pyenv
ENV PYENV_ROOT /opt/pyenv
ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH
RUN pyenv install 3.10.15 && \
pyenv global 3.10.15 && \
pyenv local 3.10.15 && \
pyenv rehash && \
set -x && \
which python && \
which pip && \
python --version && \
pip --version && \
pip install -U pipenv --break-system-packages
# Some cleanup
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Simplify Python installation by using the official Python 3.10 base image

Installing Python 3.10 using pyenv adds complexity and increases the image size. Consider using the official python:3.10-slim base image, which already includes Python 3.10. This will simplify the Dockerfile and reduce build time.

Apply this diff to simplify the Dockerfile:

-FROM ubuntu:noble AS python-base
-
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONFAULTHANDLER 1
-
-ENV DEBIAN_FRONTEND noninteractive
-ENV CUSTOM_STATIC_DIR /usr/src/app/local-static
-
-ENV SERVE_FRONTEND 1
-
-WORKDIR /usr/src/app
-
-# Install Python 3.10 using pyenv
-RUN apt-get install -y \
-        git \
-        wget \
-        build-essential \
-        libbz2-dev \
-        libffi-dev \
-        libgdbm-dev \
-        liblzma-dev \
-        libncurses5-dev \
-        libncurses-dev \
-        libnss3-dev \
-        libreadline-dev \
-        libsqlite3-dev \
-        libssl-dev \
-        pkg-config \
-        tk-dev \
-        zlib1g-dev
-RUN mkdir -p /opt && \
-    git clone https://github.com/yyuu/pyenv.git /opt/pyenv
-ENV PYENV_ROOT /opt/pyenv
-ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH
-RUN pyenv install 3.10.15 && \
-    pyenv global 3.10.15 && \
-    pyenv local 3.10.15 && \
-    pyenv rehash && \
-    set -x && \
-    which python && \
-    which pip && \
-    python --version && \
-    pip --version && \
-    pip install -U pipenv --break-system-packages
-# Some cleanup
-RUN apt-get clean autoclean && \
-    apt-get autoremove --yes && \
-    rm -rf /var/lib/{apt,dpkg,cache,log}/
-
+FROM python:3.10-slim AS python-base
+
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.source https://github.com/varfish-org/varfish-server
+
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONFAULTHANDLER 1
+ENV DEBIAN_FRONTEND noninteractive
+ENV CUSTOM_STATIC_DIR /usr/src/app/local-static
+ENV SERVE_FRONTEND 1
+
+WORKDIR /usr/src/app
+
+RUN pip install -U pipenv

Committable suggestion skipped: line range outside the PR's diff.

@holtgrewe holtgrewe merged commit 0b8ee87 into main Nov 1, 2024
17 checks passed
@holtgrewe holtgrewe deleted the 2073-docker-builds-have-a-problem-with-ubuntu-noble-and-python-312 branch November 1, 2024 13:20
Copy link

codecov bot commented Nov 1, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (main@6ab216a). Learn more about missing BASE report.
Report is 1 commits behind head on main.

Additional details and impacted files
@@          Coverage Diff           @@
##             main   #2074   +/-   ##
======================================
  Coverage        ?     91%           
======================================
  Files           ?     678           
  Lines           ?   38532           
  Branches        ?       0           
======================================
  Hits            ?   35135           
  Misses          ?    3397           
  Partials        ?       0           

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Docker builds have a problem with ubuntu noble and Python 3.12
1 participant