datahub/docker/snippets/ubuntu_python_base


FROM ubuntu:24.04 AS python-base

# INLINE-BEGIN @/docker/snippets/ubuntu_mirror_setup
# TODO: This may not work on Ubuntu 24.04 due to the new deb822 package format.
ARG UBUNTU_REPO_URL=http://ports.ubuntu.com/ubuntu-ports
RUN if [ "${UBUNTU_REPO_URL}" != "http://ports.ubuntu.com/ubuntu-ports" ] ; then sed -i "s#http.*://ports.ubuntu.com/ubuntu-ports#${UBUNTU_REPO_URL}#g" /etc/apt/sources.list ; fi
# INLINE-END

ENV HOME=/home/datahub
RUN existing_group=$(getent group 1000 | cut -d: -f1) && \
    if [ -n "$existing_group" ] && [ "$existing_group" != "datahub" ]; then \
        echo "Renaming existing group $existing_group to datahub"; \
        groupmod -n datahub "$existing_group"; \
    elif [ -z "$existing_group" ]; then \
        echo "Creating new group datahub with GID 1000"; \
        addgroup --gid 1000 datahub; \
    fi && \
    existing_user=$(id -nu 1000 2>/dev/null || echo "") && \
    if [ -n "$existing_user" ] && [ "$existing_user" != "datahub" ]; then \
        echo "Renaming existing user $existing_user to datahub"; \
        usermod -l datahub -d $HOME "$existing_user"; \
        usermod -g datahub datahub; \
    elif [ -z "$existing_user" ]; then \
        echo "Creating new user datahub with UID 1000"; \
        adduser --disabled-password --uid 1000 --gid 1000 --home $HOME datahub; \
    fi && \
    # Create and set proper permissions for datahub directories
    mkdir -p $HOME && \
    chown -R datahub:datahub $HOME && \
    chmod g-s $HOME

# Setup the PPA for alternative Python versions.
# TODO: Eventually we should switch to using uv's support for python-build-standalone.
RUN apt-get update && apt-get install -y \
    software-properties-common \
    lsb-release \
    gnupg \
    ca-certificates \
    && add-apt-repository --no-update ppa:deadsnakes/ppa \
    && rm -rf /var/lib/apt/lists/*

ARG PYTHON_VERSION
RUN test -n "${PYTHON_VERSION}"  # PYTHON_VERSION must be set

RUN apt-get update && apt-get install -y \
    python${PYTHON_VERSION} \
    python${PYTHON_VERSION}-venv \
    python${PYTHON_VERSION}-dev \
    python${PYTHON_VERSION}-distutils \
    python-is-python3 \
    git \
    wget \
    curl \
    zip \
    unzip \
    nano \
    && rm -rf /var/lib/apt/lists/*

# Set the default python version.
RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 \
    && update-alternatives --install /usr/bin/python python /usr/bin/python3 1

COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/

ARG PIP_MIRROR_URL=https://pypi.python.org/simple
RUN if [ "${PIP_MIRROR_URL}" != "https://pypi.python.org/simple" ] ; then uvx --no-cache pip config set global.index-url ${PIP_MIRROR_URL} ; fi
ENV UV_INDEX_URL=${PIP_MIRROR_URL}

USER datahub
WORKDIR $HOME
RUN uv venv --python "$PYTHON_VERSION"
ENV VIRTUAL_ENV=$HOME/.venv
ENV PATH="${VIRTUAL_ENV}/bin:$PATH"

# We always want to use the system CA bundle.
# Requests comes with it's own CA bundle, which we need to override.
ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
# uv uses a different mechanism. See https://github.com/astral-sh/uv/issues/1474.
ENV SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00
fix: more Python dockerfile refactoring (#13180) 2025-04-11 14:57:49 -07:00			`FROM ubuntu:24.04 AS python-base`

			`# INLINE-BEGIN @/docker/snippets/ubuntu_mirror_setup`
			`# TODO: This may not work on Ubuntu 24.04 due to the new deb822 package format.`
			`ARG UBUNTU_REPO_URL=http://ports.ubuntu.com/ubuntu-ports`
			`RUN if [ "${UBUNTU_REPO_URL}" != "http://ports.ubuntu.com/ubuntu-ports" ] ; then sed -i "s#http.*://ports.ubuntu.com/ubuntu-ports#${UBUNTU_REPO_URL}#g" /etc/apt/sources.list ; fi`
			`# INLINE-END`

feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00			`ENV HOME=/home/datahub`
			`RUN existing_group=$(getent group 1000 \| cut -d: -f1) && \`
			`if [ -n "$existing_group" ] && [ "$existing_group" != "datahub" ]; then \`
			`echo "Renaming existing group $existing_group to datahub"; \`
			`groupmod -n datahub "$existing_group"; \`
			`elif [ -z "$existing_group" ]; then \`
			`echo "Creating new group datahub with GID 1000"; \`
			`addgroup --gid 1000 datahub; \`
			`fi && \`
			`existing_user=$(id -nu 1000 2>/dev/null \|\| echo "") && \`
			`if [ -n "$existing_user" ] && [ "$existing_user" != "datahub" ]; then \`
			`echo "Renaming existing user $existing_user to datahub"; \`
			`usermod -l datahub -d $HOME "$existing_user"; \`
			`usermod -g datahub datahub; \`
			`elif [ -z "$existing_user" ]; then \`
			`echo "Creating new user datahub with UID 1000"; \`
			`adduser --disabled-password --uid 1000 --gid 1000 --home $HOME datahub; \`
			`fi && \`
			`# Create and set proper permissions for datahub directories`
			`mkdir -p $HOME && \`
fix(): Fixes multiple minor security vulnerabilities (#13222) bug(snappy): Make sure right snappy version is installed fix(docker): update Dockerize to version v0.9.3 fix(gms): fixes dgraph4j netty deps fix(docker): remove SGID on /home/datahub and /home/datahub-integration fix(datahub-actions): bump setuptools and wheel version fix(docker): update c-ares version fix(docker): datahub-actions addendum 2025-04-21 16:39:26 -05:00			`chown -R datahub:datahub $HOME && \`
			`chmod g-s $HOME`
feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00
			`# Setup the PPA for alternative Python versions.`
			`# TODO: Eventually we should switch to using uv's support for python-build-standalone.`
			`RUN apt-get update && apt-get install -y \`
			`software-properties-common \`
			`lsb-release \`
			`gnupg \`
			`ca-certificates \`
			`&& add-apt-repository --no-update ppa:deadsnakes/ppa \`
			`&& rm -rf /var/lib/apt/lists/*`

fix: more Python dockerfile refactoring (#13180) 2025-04-11 14:57:49 -07:00			`ARG PYTHON_VERSION`
			`RUN test -n "${PYTHON_VERSION}" # PYTHON_VERSION must be set`

feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00			`RUN apt-get update && apt-get install -y \`
			`python${PYTHON_VERSION} \`
			`python${PYTHON_VERSION}-venv \`
			`python${PYTHON_VERSION}-dev \`
			`python${PYTHON_VERSION}-distutils \`
			`python-is-python3 \`
			`git \`
			`wget \`
			`curl \`
			`zip \`
			`unzip \`
fix: more Python dockerfile refactoring (#13180) 2025-04-11 14:57:49 -07:00			`nano \`
			`&& rm -rf /var/lib/apt/lists/*`
feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00
			`# Set the default python version.`
			`RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 \`
			`&& update-alternatives --install /usr/bin/python python /usr/bin/python3 1`

			`COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/`

			`ARG PIP_MIRROR_URL=https://pypi.python.org/simple`
			`RUN if [ "${PIP_MIRROR_URL}" != "https://pypi.python.org/simple" ] ; then uvx --no-cache pip config set global.index-url ${PIP_MIRROR_URL} ; fi`
			`ENV UV_INDEX_URL=${PIP_MIRROR_URL}`

			`USER datahub`
			`WORKDIR $HOME`
			`RUN uv venv --python "$PYTHON_VERSION"`
			`ENV VIRTUAL_ENV=$HOME/.venv`
			`ENV PATH="${VIRTUAL_ENV}/bin:$PATH"`
fix(ci): enforce docker snippet validation in CI (#13163) 2025-04-09 22:49:59 -07:00
			`# We always want to use the system CA bundle.`
			`# Requests comes with it's own CA bundle, which we need to override.`
feat: start removing ingestion-base image (#13146) 2025-04-09 11:53:34 -07:00			`ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt`
fix(ci): enforce docker snippet validation in CI (#13163) 2025-04-09 22:49:59 -07:00			`# uv uses a different mechanism. See https://github.com/astral-sh/uv/issues/1474.`
			`ENV SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"`