From c2245862e7b1224ca40bfa0d218829f003939d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gil=20Assun=C3=A7=C3=A3o?= Date: Thu, 28 May 2026 10:04:15 +0100 Subject: [PATCH] feat(docker): upgrade dependencies and add tools * Add `bc` to bash Dockerfile for calculations. * Include `yq` for YAML/JSON/XML/TOML processing in bash Dockerfile. * Remove unnecessary scientific libraries from C/C++ Dockerfile. * Resolve DHI gcc-14-base conflict in Fortran Dockerfile using equivs. * Update PHP Dockerfile to use DHI debian-base and install necessary build dependencies. * Install R packages as pre-compiled binaries from Posit Package Manager in R Dockerfile. * Upgrade Node.js dependencies in requirements file. * Update Go version in runner Dockerfile and go.mod. * Upgrade Python dependencies in pyproject.toml and uv.lock. --- docker/bash.Dockerfile | 4 + docker/c-cpp.Dockerfile | 6 +- docker/fortran.Dockerfile | 25 ++-- docker/php.Dockerfile | 241 ++++++++++++++------------------- docker/r.Dockerfile | 79 +++++------ docker/requirements/nodejs.txt | 1 - docker/runner/Dockerfile | 2 +- docker/runner/go.mod | 2 +- pyproject.toml | 4 +- scripts/build-images.sh | 2 + uv.lock | 71 +++------- 11 files changed, 181 insertions(+), 256 deletions(-) diff --git a/docker/bash.Dockerfile b/docker/bash.Dockerfile index ed94c88..e05582d 100644 --- a/docker/bash.Dockerfile +++ b/docker/bash.Dockerfile @@ -97,6 +97,7 @@ RUN apt-get update && \ gawk \ findutils \ jq \ + bc \ ca-certificates \ # --- python (interpreter; lib stack installed via pip below) --- # No apt python3-numpy/pandas/etc. — they pull liblapack3 + @@ -180,6 +181,9 @@ RUN python3 -m pip install --break-system-packages --no-cache-dir \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* +# yq — YAML/JSON/XML/TOML processor (static Go binary, no system deps) +ADD --chmod=755 https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_linux_amd64 /usr/local/bin/yq + WORKDIR /mnt/data USER 65532 diff --git a/docker/c-cpp.Dockerfile b/docker/c-cpp.Dockerfile index 766d02f..09b282e 100644 --- a/docker/c-cpp.Dockerfile +++ b/docker/c-cpp.Dockerfile @@ -20,17 +20,13 @@ LABEL org.opencontainers.image.title="KubeCodeRun C/C++ Environment" \ # Enable pipefail for safer pipe operations SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install compilers, development tools and scientific libraries +# Install compilers, development tools and libraries RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ gcc \ g++ \ make \ cmake \ - # Math and science libraries - libgsl-dev \ - libblas-dev \ - liblapack-dev \ # File handling libraries libzip-dev \ zlib1g-dev \ diff --git a/docker/fortran.Dockerfile b/docker/fortran.Dockerfile index 1d63801..5a2bfd7 100644 --- a/docker/fortran.Dockerfile +++ b/docker/fortran.Dockerfile @@ -1,6 +1,10 @@ # syntax=docker/dockerfile:1 # Fortran execution environment with Docker Hardened Images. -# Uses -dev variant because compilers and dev libraries must be available at runtime. +# +# DHI ships gcc-14-base=14.2.0-19dhi0 which conflicts with stock Debian's +# gfortran → libgfortran5 → gcc-14-base (= 14.2.0-19) dependency chain. +# Solution: use equivs to create a dummy package satisfying the version +# constraint, then install gfortran-12 normally via apt. ARG RUNNER_IMAGE=ghcr.io/aron-muon/kubecoderun-runner:latest FROM ${RUNNER_IMAGE} AS runner @@ -20,17 +24,22 @@ LABEL org.opencontainers.image.title="KubeCodeRun Fortran Environment" \ # Enable pipefail for safer pipe operations SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install Fortran compiler and scientific libraries +# Install gfortran-12 via equivs dummy package to resolve DHI gcc-14-base conflict RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends equivs && \ + printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: gcc-14-base-dummy\nVersion: 14.2.0-19\nProvides: gcc-14-base (= 14.2.0-19)\nDescription: Satisfies gcc-14-base version constraint on DHI\n' > /tmp/gcc-14-base-dummy && \ + cd /tmp && equivs-build gcc-14-base-dummy && \ + dpkg -i gcc-14-base-dummy_14.2.0-19_all.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - gfortran \ + gfortran-12 \ cmake \ make \ - libblas-dev \ - liblapack-dev \ - libnetcdf-dev \ - libhdf5-dev \ - && rm -rf /var/lib/apt/lists/* + && apt-get purge -y equivs && \ + apt-get autoremove -y && \ + rm -rf /var/lib/apt/lists/* /tmp/*.deb /tmp/gcc-14-base-dummy + +# Create symlink so 'gfortran' command works +RUN mkdir -p /usr/local/bin && ln -sf /usr/bin/gfortran-12 /usr/local/bin/gfortran RUN mkdir -p /mnt/data && chown 65532:65532 /mnt/data diff --git a/docker/php.Dockerfile b/docker/php.Dockerfile index 2614e03..5e8fb21 100644 --- a/docker/php.Dockerfile +++ b/docker/php.Dockerfile @@ -1,96 +1,105 @@ # syntax=docker/dockerfile:1 # PHP execution environment with Docker Hardened Images. - -# PHP version configuration - single source of truth -# These must be declared before any FROM to be available in all stages. -ARG PHP_VERSION=8.5.6 -ARG PHP_MAJOR=8.5 -ARG DEBIAN_VERSION=debian13 +# Strategy: Copy PHP from DHI PHP image into DHI debian-base where equivs +# works correctly for installing dev dependencies needed to compile extensions. ARG RUNNER_IMAGE=ghcr.io/aron-muon/kubecoderun-runner:latest FROM ${RUNNER_IMAGE} AS runner -ARG BUILD_DATE -ARG VERSION -ARG VCS_REF +# Source for PHP binaries +FROM dhi.io/php:8.5.6-debian13-dev AS php-source ################################ -# Builder stage - install Composer and packages +# Main image based on debian-base (equivs works here for gcc-14-base conflict) ################################ -FROM dhi.io/php:${PHP_VERSION}-${DEBIAN_VERSION}-dev AS builder +FROM dhi.io/debian-base:trixie-debian13-dev + +ARG BUILD_DATE +ARG VERSION +ARG VCS_REF -# Re-declare ARGs needed in this stage -ARG PHP_VERSION -ARG PHP_MAJOR +LABEL org.opencontainers.image.title="KubeCodeRun PHP Environment" \ + org.opencontainers.image.description="Secure execution environment for PHP code" \ + org.opencontainers.image.version="${VERSION}" \ + org.opencontainers.image.created="${BUILD_DATE}" \ + org.opencontainers.image.revision="${VCS_REF}" -# Enable pipefail for safer pipe operations SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# PHP paths in DHI image -# DHI installs PHP at /opt/php-, we create /opt/php symlink for version-agnostic paths -ENV PHP_VERSIONED_HOME=/opt/php-${PHP_MAJOR} -ENV PHP_HOME=/opt/php -ENV PHP_BIN=${PHP_VERSIONED_HOME}/bin/php -ENV PHP_CONFIG=${PHP_VERSIONED_HOME}/bin/php-config -ENV PHP_IZE=${PHP_VERSIONED_HOME}/bin/phpize -ENV PECL=${PHP_VERSIONED_HOME}/bin/pecl -ENV PHP_INI_DIR=${PHP_VERSIONED_HOME}/etc/conf.d - -# Install build dependencies for PHP extensions and Composer packages +# Copy PHP installation from DHI PHP image +COPY --from=php-source /opt/php-8.5 /opt/php-8.5 +# Copy shared libraries PHP depends on (avoids chasing individual packages) +COPY --from=php-source /usr/lib/x86_64-linux-gnu/libargon2.so* /usr/lib/x86_64-linux-gnu/ +COPY --from=php-source /usr/lib/x86_64-linux-gnu/libsodium.so* /usr/lib/x86_64-linux-gnu/ +COPY --from=php-source /usr/lib/x86_64-linux-gnu/libicu*.so* /usr/lib/x86_64-linux-gnu/ +COPY --from=php-source /usr/lib/x86_64-linux-gnu/libonig.so* /usr/lib/x86_64-linux-gnu/ + +# Put PHP in PATH for build steps +ENV PATH="/opt/php-8.5/bin:${PATH}" + +# Install build deps for PHP extensions (GD, zip) + runtime deps + Composer prereqs +# DHI ships gcc-14-base=14.2.0-19dhi0; equivs dummy satisfies stock deps needing =14.2.0-19 RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends equivs && \ + printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: gcc-14-base-dummy\nVersion: 14.2.0-19\nProvides: gcc-14-base (= 14.2.0-19)\nDescription: Satisfies gcc-14-base version constraint on DHI\n' > /tmp/gcc-14-base-dummy && \ + cd /tmp && equivs-build gcc-14-base-dummy && \ + dpkg -i gcc-14-base-dummy_14.2.0-19_all.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - # Build tools - gcc \ - g++ \ + # Build deps for extensions make \ + gcc \ autoconf \ pkg-config \ - # GD dependencies libpng-dev \ libjpeg-dev \ - libfreetype6-dev \ - # Zip dependencies + libfreetype-dev \ libzip-dev \ + libonig-dev \ libpcre2-dev \ - # Other tools + # Runtime deps for PHP binary (apt provides transitive deps for curl/ssl/xml/etc) + libcurl4t64 \ + libssl3t64 \ + libxml2 \ + libsqlite3-0 \ + libreadline8t64 \ + libgmp10 \ + libzip5 \ + libonig5 \ + # Composer prereqs unzip \ - wget \ + curl \ ca-certificates \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Install extensions: -# - zip via PECL -# - gd from PHP source (bundled extension, must compile) -# Use php-config --extension-dir to dynamically get the correct path -RUN set -eux; \ - # Update PECL channel - $PECL channel-update pecl.php.net; \ - # Install zip via PECL - $PECL install zip; \ - # Download PHP source for GD (bundled extension) - wget -q "https://www.php.net/distributions/php-${PHP_VERSION}.tar.xz" -O /tmp/php.tar.xz; \ - cd /tmp && tar -xf php.tar.xz; \ - # Build GD extension - cd /tmp/php-${PHP_VERSION}/ext/gd; \ - $PHP_IZE; \ - ./configure --with-php-config=$PHP_CONFIG --with-freetype --with-jpeg; \ - make -j"$(nproc)"; \ - make install; \ - # Clean up source - rm -rf /tmp/php*; \ - # Create extension configuration dynamically - EXT_DIR=$($PHP_CONFIG --extension-dir); \ - mkdir -p $PHP_INI_DIR; \ - echo "extension_dir=${EXT_DIR}" > $PHP_INI_DIR/extensions.ini; \ - echo "extension=zip.so" >> $PHP_INI_DIR/extensions.ini; \ - echo "extension=gd.so" >> $PHP_INI_DIR/extensions.ini; \ - # Create version-agnostic symlink: /opt/php -> /opt/php- - ln -sf $PHP_VERSIONED_HOME /opt/php + && rm -rf /var/lib/apt/lists/* /tmp/*.deb /tmp/gcc-14-base-dummy + +# Compile GD extension with JPEG/PNG/Freetype support +RUN ldconfig && \ + which php && php -v && \ + cd /tmp && \ + php_src_version=$(php -r 'echo PHP_VERSION;') && \ + PHP_INI_DIR=$(php --ini | grep "Scan for additional" | sed 's/.*: //' | tr -d ' "') && \ + mkdir -p "${PHP_INI_DIR}" && \ + curl -sSL "https://github.com/php/php-src/archive/refs/tags/php-${php_src_version}.tar.gz" | tar xz && \ + cd "php-src-php-${php_src_version}/ext/gd" && \ + phpize && \ + ./configure --with-jpeg --with-png --with-freetype && \ + make -j"$(nproc)" && make install && \ + echo "extension=gd.so" > "${PHP_INI_DIR}/20-gd.ini" && \ + cd /tmp && rm -rf php-src-* + +# Compile zip extension +RUN cd /tmp && \ + php_src_version=$(php -r 'echo PHP_VERSION;') && \ + PHP_INI_DIR=$(php --ini | grep "Scan for additional" | sed 's/.*: //' | tr -d ' "') && \ + mkdir -p "${PHP_INI_DIR}" && \ + curl -sSL "https://github.com/php/php-src/archive/refs/tags/php-${php_src_version}.tar.gz" | tar xz && \ + cd "php-src-php-${php_src_version}/ext/zip" && \ + phpize && \ + ./configure && \ + make -j"$(nproc)" && make install && \ + echo "extension=zip.so" > "${PHP_INI_DIR}/20-zip.ini" && \ + cd /tmp && rm -rf php-src-* # Install Composer with signature verification -# Create /usr/local/bin since DHI images don't have it RUN mkdir -p /usr/local/bin && \ EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" && \ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \ @@ -103,17 +112,11 @@ RUN mkdir -p /usr/local/bin && \ php composer-setup.php --install-dir=/usr/local/bin --filename=composer && \ rm composer-setup.php -# Create composer directory structure +# Create composer directory and install packages RUN mkdir -p /opt/composer/global - -# Set composer home and PHP_INI_SCAN_DIR for extension loading ENV COMPOSER_HOME=/opt/composer/global -ENV PHP_INI_SCAN_DIR=${PHP_INI_DIR} - -# Verify extensions are loaded -RUN php -m | grep -E "^(gd|zip)$" -# Pre-install PHP packages globally with cache mount +# Pre-install PHP packages globally RUN --mount=type=cache,target=/opt/composer/global/cache \ composer global require \ league/csv \ @@ -128,81 +131,41 @@ RUN --mount=type=cache,target=/opt/composer/global/cache \ symfony/console \ --optimize-autoloader && \ # Auto-include Composer autoloader so packages work without manual require - echo "auto_prepend_file=/opt/composer/global/vendor/autoload.php" >> $PHP_INI_DIR/autoload.ini - -################################ -# Runtime dependencies stage - install runtime libraries -################################ -ARG PHP_VERSION -ARG DEBIAN_VERSION -FROM dhi.io/php:${PHP_VERSION}-${DEBIAN_VERSION}-dev AS runtime-deps - -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# Install ONLY runtime dependencies (no -dev packages) -# Create both arch lib dirs to ensure COPY works on either architecture -RUN mkdir -p /usr/lib/x86_64-linux-gnu /usr/lib/aarch64-linux-gnu && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - # Runtime libraries for gd extension - libpng16-16t64 \ - libjpeg62-turbo \ - libfreetype6 \ - # Runtime library for zip extension - libzip5 \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir -p /mnt/data && chmod 777 /mnt/data && touch /mnt/data/.keep - -################################ -# Final stage - minimal runtime image -################################ -ARG PHP_VERSION -ARG PHP_MAJOR -ARG DEBIAN_VERSION -FROM dhi.io/php:${PHP_VERSION}-${DEBIAN_VERSION} AS final - -# Re-declare ARGs needed in this stage (PHP_MAJOR used in COPY commands) -ARG PHP_MAJOR -ARG BUILD_DATE -ARG VERSION -ARG VCS_REF - -LABEL org.opencontainers.image.title="KubeCodeRun PHP Environment" \ - org.opencontainers.image.description="Secure execution environment for PHP code" \ - org.opencontainers.image.version="${VERSION}" \ - org.opencontainers.image.created="${BUILD_DATE}" \ - org.opencontainers.image.revision="${VCS_REF}" + PHP_INI_DIR=$(php --ini | grep "Scan for additional" | sed 's/.*: //' | tr -d ' "') && \ + mkdir -p "${PHP_INI_DIR}" && \ + echo "auto_prepend_file=/opt/composer/global/vendor/autoload.php" > "${PHP_INI_DIR}/99-autoload.ini" -# Copy runtime libraries from runtime-deps stage -COPY --from=runtime-deps /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu -COPY --from=runtime-deps /usr/lib/aarch64-linux-gnu /usr/lib/aarch64-linux-gnu - -# Copy PHP installation from builder -# /opt/php is a symlink to the versioned dir, provides version-agnostic paths -COPY --from=builder /opt/php-${PHP_MAJOR}/lib/php/extensions/ /opt/php-${PHP_MAJOR}/lib/php/extensions/ -COPY --from=builder /opt/php-${PHP_MAJOR}/etc/conf.d/ /opt/php-${PHP_MAJOR}/etc/conf.d/ -COPY --from=builder /opt/php /opt/php - -# Copy pre-installed composer packages with correct ownership -COPY --from=builder --chown=65532:65532 /opt/composer/global /opt/composer/global - -# Copy /usr/bin/env for ENTRYPOINT -COPY --from=runtime-deps /usr/bin/env /usr/bin/ +# Clean up build deps to reduce image size +RUN apt-get purge -y \ + make \ + gcc \ + autoconf \ + pkg-config \ + equivs \ + libpng-dev \ + libjpeg-dev \ + libfreetype-dev \ + libzip-dev \ + libonig-dev \ + libpcre2-dev \ + && apt-get autoremove -y && \ + rm -rf /var/lib/apt/lists/* /etc/apt/preferences.d/no-stock-gcc && \ + ldconfig # Copy runner binary for code execution COPY --from=runner /runner /usr/local/bin/runner +RUN mkdir -p /mnt/data && chown 65532:65532 /mnt/data + WORKDIR /mnt/data +USER 65532 + # Sanitized environment via env -i -# Use /opt/php symlink for version-agnostic paths ENTRYPOINT ["/usr/bin/env", "-i", \ - "PATH=/opt/composer/global/vendor/bin:/opt/php/bin:/usr/bin:/bin", \ + "PATH=/opt/composer/global/vendor/bin:/opt/php-8.5/bin:/usr/local/bin:/usr/bin:/bin", \ "HOME=/tmp", \ "TMPDIR=/tmp", \ "COMPOSER_HOME=/opt/composer/global", \ - "PHP_INI_SCAN_DIR=/opt/php/etc/conf.d", \ "LANGUAGE=php"] CMD ["/usr/local/bin/runner"] diff --git a/docker/r.Dockerfile b/docker/r.Dockerfile index c8f85ee..c8b5841 100644 --- a/docker/r.Dockerfile +++ b/docker/r.Dockerfile @@ -1,49 +1,19 @@ # syntax=docker/dockerfile:1 # R execution environment with Docker Hardened Images. -# Uses debian-base since there is no DHI R image. +# +# DHI ships gcc-14-base=14.2.0-19dhi0 which conflicts with stock Debian's +# r-base-core → libopenblas → libgfortran5 → gcc-14-base (= 14.2.0-19). +# Solution: equivs dummy for gcc-14-base, install only r-base-core (NOT +# r-base or r-base-dev which pull gfortran-14 → gcc-14 and gir1.2-glib-2.0 +# → libglib2.0-0t64, both of which conflict with DHI packages). +# +# R packages are installed as pre-compiled binaries from Posit Package +# Manager (PPM), eliminating the need for r-base-dev/compilation headers. ARG RUNNER_IMAGE=ghcr.io/aron-muon/kubecoderun-runner:latest FROM ${RUNNER_IMAGE} AS runner -ARG BUILD_DATE -ARG VERSION -ARG VCS_REF - -################################ -# Builder stage - install R and compile packages -################################ -FROM dhi.io/debian-base:trixie-debian13-dev AS builder - -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# Install R and build dependencies for R packages -# init-system-helpers required FIRST to fix x11-common postinst failures -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - init-system-helpers \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - r-base \ - r-base-dev \ - gcc g++ make pkg-config \ - libcurl4-openssl-dev libssl-dev libxml2-dev \ - libfontconfig1-dev libharfbuzz-dev libfribidi-dev \ - libfreetype-dev libpng-dev libtiff-dev libjpeg-dev \ - libcairo2-dev libxt-dev libx11-dev \ - && rm -rf /var/lib/apt/lists/* - -# Install R packages using Posit Package Manager -RUN R -e "options(repos = c(CRAN = 'https://packagemanager.posit.co/cran/__linux__/trixie/latest')); \ - install.packages(c( \ - 'dplyr', 'tidyr', 'data.table', 'magrittr', \ - 'ggplot2', 'lattice', 'scales', 'Cairo', \ - 'readr', 'readxl', 'writexl', 'jsonlite', 'xml2', \ - 'MASS', 'survival', 'lubridate', 'stringr', 'glue' \ - ))" - -################################ -# Final stage - runtime image -################################ -FROM dhi.io/debian-base:trixie-debian13-dev AS final +FROM dhi.io/debian-base:trixie-debian13-dev ARG BUILD_DATE ARG VERSION @@ -57,21 +27,34 @@ LABEL org.opencontainers.image.title="KubeCodeRun R Environment" \ SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install runtime dependencies (no -dev packages) -# init-system-helpers required FIRST to fix x11-common postinst failures +# Install r-base-core via equivs dummy to resolve DHI gcc-14-base conflict. +# Only r-base-core — NOT r-base (pulls gir1.2-glib-2.0 DHI conflict) or +# r-base-dev (pulls gfortran-14 → gcc-14 DHI conflict). +# Runtime shared libraries for R packages are also installed here. RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends equivs && \ + printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: gcc-14-base-dummy\nVersion: 14.2.0-19\nProvides: gcc-14-base (= 14.2.0-19)\nDescription: Satisfies gcc-14-base version constraint on DHI\n' > /tmp/gcc-14-base-dummy && \ + cd /tmp && equivs-build gcc-14-base-dummy && \ + dpkg -i gcc-14-base-dummy_14.2.0-19_all.deb && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - init-system-helpers \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ r-base-core \ + # Runtime shared libs needed by common R packages libcurl4t64 libssl3t64 libxml2 \ libfontconfig1 libharfbuzz0b libfribidi0 \ libfreetype6 libpng16-16t64 libtiff6 libjpeg62-turbo \ libcairo2 libxt6t64 libx11-6 \ - && rm -rf /var/lib/apt/lists/* + && apt-get purge -y equivs && \ + apt-get autoremove -y && \ + rm -rf /var/lib/apt/lists/* /tmp/*.deb /tmp/gcc-14-base-dummy -# Copy installed R packages from builder -COPY --from=builder /usr/local/lib/R/site-library /usr/local/lib/R/site-library +# Install R packages as pre-compiled binaries from Posit Package Manager +RUN Rscript -e "options(repos = c(CRAN = 'https://packagemanager.posit.co/cran/__linux__/bookworm/latest')); \ + install.packages(c( \ + 'dplyr', 'tidyr', 'data.table', 'magrittr', \ + 'ggplot2', 'lattice', 'scales', 'Cairo', \ + 'readr', 'readxl', 'writexl', 'jsonlite', 'xml2', \ + 'MASS', 'survival', 'lubridate', 'stringr', 'glue' \ + ), lib='/usr/local/lib/R/site-library')" RUN mkdir -p /mnt/data && chown 65532:65532 /mnt/data @@ -80,7 +63,7 @@ WORKDIR /mnt/data USER 65532 ENTRYPOINT ["/usr/bin/env", "-i", \ - "PATH=/usr/bin:/bin", \ + "PATH=/usr/local/bin:/usr/bin:/bin", \ "HOME=/tmp", \ "TMPDIR=/tmp", \ "R_LIBS_USER=/usr/local/lib/R/site-library", \ diff --git a/docker/requirements/nodejs.txt b/docker/requirements/nodejs.txt index e8b5683..285a2ad 100644 --- a/docker/requirements/nodejs.txt +++ b/docker/requirements/nodejs.txt @@ -26,7 +26,6 @@ simple-statistics # File formats - Office documents exceljs -xlsx pptxgenjs mammoth diff --git a/docker/runner/Dockerfile b/docker/runner/Dockerfile index a4352aa..34f69a6 100644 --- a/docker/runner/Dockerfile +++ b/docker/runner/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_DATE ARG VERSION ARG VCS_REF -FROM golang:1.24-alpine AS builder +FROM dhi.io/golang:1.26-debian13-dev AS builder WORKDIR /build COPY go.mod *.go ./ diff --git a/docker/runner/go.mod b/docker/runner/go.mod index 81fb59e..b5bde3e 100644 --- a/docker/runner/go.mod +++ b/docker/runner/go.mod @@ -1,3 +1,3 @@ module github.com/aron-muon/kubecoderun-runner -go 1.24 +go 1.26.3 diff --git a/pyproject.toml b/pyproject.toml index b68efac..fc4425c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,17 +11,19 @@ dependencies = [ "httpx>=0.28.1", "kubernetes>=34.1.0", "minio>=7.2.20", + "pyasn1>=0.6.3", "pydantic>=2.12.5", "pydantic-settings>=2.12.0", "pyjwt[crypto]>=2.10.0", "python-dateutil>=2.9.0.post0", "python-dotenv>=1.2.1", - "python-multipart>=0.0.21", + "python-multipart>=0.0.27", "redis>=7.1.0", "requests>=2.32.5", "requests-unixsocket>=0.4.1", "structlog>=25.5.0", "unidecode>=1.4.0", + "urllib3>=2.7.0", "uvicorn[standard]>=0.40.0", ] diff --git a/scripts/build-images.sh b/scripts/build-images.sh index becadb9..18593f5 100755 --- a/scripts/build-images.sh +++ b/scripts/build-images.sh @@ -199,6 +199,7 @@ build_image() { --build-arg VERSION="$TAG" \ --build-arg BUILD_DATE="$build_date" \ --build-arg VCS_REF="$vcs_ref" \ + --build-arg RUNNER_IMAGE="$(get_full_image_name runner)" \ -t "$full_name" \ -f "$DOCKER_DIR/$dockerfile" \ "$context_path" 2>&1) || exit_code=$? @@ -292,6 +293,7 @@ build_single_image() { --build-arg VERSION="$TAG" \ --build-arg BUILD_DATE="$build_date" \ --build-arg VCS_REF="$vcs_ref" \ + --build-arg RUNNER_IMAGE="$(get_full_image_name runner)" \ -t "$full_name" \ -f "$DOCKER_DIR/$dockerfile" \ "$context_path" diff --git a/uv.lock b/uv.lock index 858e975..8e9f8a0 100644 --- a/uv.lock +++ b/uv.lock @@ -1,5 +1,5 @@ version = 1 -revision = 2 +revision = 3 requires-python = ">=3.13" resolution-markers = [ "python_full_version >= '3.14'", @@ -726,19 +726,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/50/d2/6c99ec3d9e369ddc27adc758a82b6485d28ac797669be3571afa74757cae/geventhttpclient-2.3.7-cp314-cp314t-win_amd64.whl", hash = "sha256:607b7a1c4d03a94ec1a2f4e7891039fde84fcd816f2d921a28c11759427f068f", size = 49914, upload-time = "2025-12-07T19:48:42.276Z" }, ] -[[package]] -name = "google-auth" -version = "2.47.0" -source = { registry = "https://pypi.org/simple/" } -dependencies = [ - { name = "pyasn1-modules" }, - { name = "rsa" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/60/3c/ec64b9a275ca22fa1cd3b6e77fefcf837b0732c890aa32d2bd21313d9b33/google_auth-2.47.0.tar.gz", hash = "sha256:833229070a9dfee1a353ae9877dcd2dec069a8281a4e72e72f77d4a70ff945da", size = 323719, upload-time = "2026-01-06T21:55:31.045Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/db/18/79e9008530b79527e0d5f79e7eef08d3b179b7f851cfd3a2f27822fbdfa9/google_auth-2.47.0-py3-none-any.whl", hash = "sha256:c516d68336bfde7cf0da26aab674a36fedcf04b37ac4edd59c597178760c3498", size = 234867, upload-time = "2026-01-06T21:55:28.6Z" }, -] - [[package]] name = "greenlet" version = "3.3.0" @@ -879,6 +866,7 @@ dependencies = [ { name = "httpx" }, { name = "kubernetes" }, { name = "minio" }, + { name = "pyasn1" }, { name = "pydantic" }, { name = "pydantic-settings" }, { name = "pyjwt", extra = ["crypto"] }, @@ -890,6 +878,7 @@ dependencies = [ { name = "requests-unixsocket" }, { name = "structlog" }, { name = "unidecode" }, + { name = "urllib3" }, { name = "uvicorn", extra = ["standard"] }, ] @@ -916,17 +905,19 @@ requires-dist = [ { name = "httpx", specifier = ">=0.28.1" }, { name = "kubernetes", specifier = ">=34.1.0" }, { name = "minio", specifier = ">=7.2.20" }, + { name = "pyasn1", specifier = ">=0.6.3" }, { name = "pydantic", specifier = ">=2.12.5" }, { name = "pydantic-settings", specifier = ">=2.12.0" }, { name = "pyjwt", extras = ["crypto"], specifier = ">=2.10.0" }, { name = "python-dateutil", specifier = ">=2.9.0.post0" }, { name = "python-dotenv", specifier = ">=1.2.1" }, - { name = "python-multipart", specifier = ">=0.0.21" }, + { name = "python-multipart", specifier = ">=0.0.27" }, { name = "redis", specifier = ">=7.1.0" }, { name = "requests", specifier = ">=2.32.5" }, { name = "requests-unixsocket", specifier = ">=0.4.1" }, { name = "structlog", specifier = ">=25.5.0" }, { name = "unidecode", specifier = ">=1.4.0" }, + { name = "urllib3", specifier = ">=2.7.0" }, { name = "uvicorn", extras = ["standard"], specifier = ">=0.40.0" }, ] @@ -946,12 +937,12 @@ dev = [ [[package]] name = "kubernetes" -version = "34.1.0" +version = "36.0.0" source = { registry = "https://pypi.org/simple/" } dependencies = [ + { name = "aiohttp" }, { name = "certifi" }, { name = "durationpy" }, - { name = "google-auth" }, { name = "python-dateutil" }, { name = "pyyaml" }, { name = "requests" }, @@ -960,9 +951,9 @@ dependencies = [ { name = "urllib3" }, { name = "websocket-client" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/ef/55/3f880ef65f559cbed44a9aa20d3bdbc219a2c3a3bac4a30a513029b03ee9/kubernetes-34.1.0.tar.gz", hash = "sha256:8fe8edb0b5d290a2f3ac06596b23f87c658977d46b5f8df9d0f4ea83d0003912", size = 1083771, upload-time = "2025-09-29T20:23:49.283Z" } +sdist = { url = "https://files.pythonhosted.org/packages/bf/59/dc635e4e9afb3884bc5c57f14fe23783e4c04601aa20b835ac75c41d1625/kubernetes-36.0.0.tar.gz", hash = "sha256:027b606bb8032e6c6464a53236bdd9bd9a94c237e1063bc45a303c25b304ced9", size = 2346728, upload-time = "2026-05-20T20:44:24.28Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/ca/ec/65f7d563aa4a62dd58777e8f6aa882f15db53b14eb29aba0c28a20f7eb26/kubernetes-34.1.0-py2.py3-none-any.whl", hash = "sha256:bffba2272534e224e6a7a74d582deb0b545b7c9879d2cd9e4aae9481d1f2cc2a", size = 2008380, upload-time = "2025-09-29T20:23:47.684Z" }, + { url = "https://files.pythonhosted.org/packages/cd/d2/6f99ca9c7eb961dfdd45b9643101399a8ee20922c662c362c91e9cc7e832/kubernetes-36.0.0-py2.py3-none-any.whl", hash = "sha256:a766433357ec9f90db7565cccf52e28e7fca40b0ef366c80a6022adbc0ac0425", size = 4660469, upload-time = "2026-05-20T20:44:20.893Z" }, ] [[package]] @@ -1322,23 +1313,11 @@ wheels = [ [[package]] name = "pyasn1" -version = "0.6.1" -source = { registry = "https://pypi.org/simple/" } -sdist = { url = "https://files.pythonhosted.org/packages/ba/e9/01f1a64245b89f039897cb0130016d79f77d52669aae6ee7b159a6c4c018/pyasn1-0.6.1.tar.gz", hash = "sha256:6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034", size = 145322, upload-time = "2024-09-10T22:41:42.55Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/c8/f1/d6a797abb14f6283c0ddff96bbdd46937f64122b8c925cab503dd37f8214/pyasn1-0.6.1-py3-none-any.whl", hash = "sha256:0d632f46f2ba09143da3a8afe9e33fb6f92fa2320ab7e886e2d0f7672af84629", size = 83135, upload-time = "2024-09-11T16:00:36.122Z" }, -] - -[[package]] -name = "pyasn1-modules" -version = "0.4.2" +version = "0.6.3" source = { registry = "https://pypi.org/simple/" } -dependencies = [ - { name = "pyasn1" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/e9/e6/78ebbb10a8c8e4b61a59249394a4a594c1a7af95593dc933a349c8d00964/pyasn1_modules-0.4.2.tar.gz", hash = "sha256:677091de870a80aae844b1ca6134f54652fa2c8c5a52aa396440ac3106e941e6", size = 307892, upload-time = "2025-03-28T02:41:22.17Z" } +sdist = { url = "https://files.pythonhosted.org/packages/5c/5f/6583902b6f79b399c9c40674ac384fd9cd77805f9e6205075f828ef11fb2/pyasn1-0.6.3.tar.gz", hash = "sha256:697a8ecd6d98891189184ca1fa05d1bb00e2f84b5977c481452050549c8a72cf", size = 148685, upload-time = "2026-03-17T01:06:53.382Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/47/8d/d529b5d697919ba8c11ad626e835d4039be708a35b0d22de83a269a6682c/pyasn1_modules-0.4.2-py3-none-any.whl", hash = "sha256:29253a9207ce32b64c3ac6600edc75368f98473906e8fd1043bd6b5b1de2c14a", size = 181259, upload-time = "2025-03-28T02:41:19.028Z" }, + { url = "https://files.pythonhosted.org/packages/5d/a0/7d793dce3fa811fe047d6ae2431c672364b462850c6235ae306c0efd025f/pyasn1-0.6.3-py3-none-any.whl", hash = "sha256:a80184d120f0864a52a073acc6fc642847d0be408e7c7252f31390c0f4eadcde", size = 83997, upload-time = "2026-03-17T01:06:52.036Z" }, ] [[package]] @@ -1587,11 +1566,11 @@ wheels = [ [[package]] name = "python-multipart" -version = "0.0.21" +version = "0.0.29" source = { registry = "https://pypi.org/simple/" } -sdist = { url = "https://files.pythonhosted.org/packages/78/96/804520d0850c7db98e5ccb70282e29208723f0964e88ffd9d0da2f52ea09/python_multipart-0.0.21.tar.gz", hash = "sha256:7137ebd4d3bbf70ea1622998f902b97a29434a9e8dc40eb203bbcf7c2a2cba92", size = 37196, upload-time = "2025-12-17T09:24:22.446Z" } +sdist = { url = "https://files.pythonhosted.org/packages/4e/fe/70bd71a6738b09a0bdf6480ca6436b167469ca4578b2a0efbe390b4b0e70/python_multipart-0.0.29.tar.gz", hash = "sha256:643e93849196645e2dbdd81a0f8829a23123ad7f797a84a364c6fb3563f18904", size = 45678, upload-time = "2026-05-17T17:29:47.654Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/aa/76/03af049af4dcee5d27442f71b6924f01f3efb5d2bd34f23fcd563f2cc5f5/python_multipart-0.0.21-py3-none-any.whl", hash = "sha256:cf7a6713e01c87aa35387f4774e812c4361150938d20d232800f75ffcf266090", size = 24541, upload-time = "2025-12-17T09:24:21.153Z" }, + { url = "https://files.pythonhosted.org/packages/8f/cb/769cfc37177252872a45a71f3fbdde9d51b471a3f3c14bfe95dde3407386/python_multipart-0.0.29-py3-none-any.whl", hash = "sha256:2ddcc971cef266225f54f552d8fa10bcfbb1f14446caec199060daac59ff2d69", size = 29640, upload-time = "2026-05-17T17:29:45.69Z" }, ] [[package]] @@ -1767,18 +1746,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/25/7a/b0178788f8dc6cafce37a212c99565fa1fe7872c70c6c9c1e1a372d9d88f/rich-14.2.0-py3-none-any.whl", hash = "sha256:76bc51fe2e57d2b1be1f96c524b890b816e334ab4c1e45888799bfaab0021edd", size = 243393, upload-time = "2025-10-09T14:16:51.245Z" }, ] -[[package]] -name = "rsa" -version = "4.9.1" -source = { registry = "https://pypi.org/simple/" } -dependencies = [ - { name = "pyasn1" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/da/8a/22b7beea3ee0d44b1916c0c1cb0ee3af23b700b6da9f04991899d0c555d4/rsa-4.9.1.tar.gz", hash = "sha256:e7bdbfdb5497da4c07dfd35530e1a902659db6ff241e39d9953cad06ebd0ae75", size = 29034, upload-time = "2025-04-16T09:51:18.218Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/64/8d/0133e4eb4beed9e425d9a98ed6e081a55d195481b7632472be1af08d2f6b/rsa-4.9.1-py3-none-any.whl", hash = "sha256:68635866661c6836b8d39430f97a996acbd61bfa49406748ea243539fe239762", size = 34696, upload-time = "2025-04-16T09:51:17.142Z" }, -] - [[package]] name = "ruff" version = "0.14.11" @@ -1912,11 +1879,11 @@ wheels = [ [[package]] name = "urllib3" -version = "2.3.0" +version = "2.7.0" source = { registry = "https://pypi.org/simple/" } -sdist = { url = "https://files.pythonhosted.org/packages/aa/63/e53da845320b757bf29ef6a9062f5c669fe997973f966045cb019c3f4b66/urllib3-2.3.0.tar.gz", hash = "sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d", size = 307268, upload-time = "2024-12-22T07:47:30.032Z" } +sdist = { url = "https://files.pythonhosted.org/packages/53/0c/06f8b233b8fd13b9e5ee11424ef85419ba0d8ba0b3138bf360be2ff56953/urllib3-2.7.0.tar.gz", hash = "sha256:231e0ec3b63ceb14667c67be60f2f2c40a518cb38b03af60abc813da26505f4c", size = 433602, upload-time = "2026-05-07T16:13:18.596Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/c8/19/4ec628951a74043532ca2cf5d97b7b14863931476d117c471e8e2b1eb39f/urllib3-2.3.0-py3-none-any.whl", hash = "sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df", size = 128369, upload-time = "2024-12-22T07:47:28.074Z" }, + { url = "https://files.pythonhosted.org/packages/7f/3e/5db95bcf282c52709639744ca2a8b149baccf648e39c8cc87553df9eae0c/urllib3-2.7.0-py3-none-any.whl", hash = "sha256:9fb4c81ebbb1ce9531cce37674bbc6f1360472bc18ca9a553ede278ef7276897", size = 131087, upload-time = "2026-05-07T16:13:17.151Z" }, ] [[package]]