diff --git a/codeserver/ubi9-python-3.12/Dockerfile.cpu b/codeserver/ubi9-python-3.12/Dockerfile.cpu index 6c5528993..62b8df8d2 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.cpu @@ -83,7 +83,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -93,7 +93,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -114,11 +114,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -127,7 +127,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # codeserver # diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu index 19ef44bf7..86e3f722a 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu @@ -59,7 +59,7 @@ ARG TARGETARCH # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -69,7 +69,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN --mount=type=cache,target=/var/cache/dnf /bin/bash <<'EOF' @@ -119,11 +119,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -132,7 +132,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################## # wheel-builder stage # @@ -285,11 +285,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu index b86d8e3bc..15d2d60ff 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # jupyter-minimal # @@ -83,11 +83,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cuda b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cuda index 700b22fc5..4027f99ac 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cuda +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cuda @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -85,11 +85,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm index 11c52e0e0..7e144380b 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -83,11 +83,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda index 9d39f617c..614746303 100644 --- a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda +++ b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda index d299e411b..2315b4618 100644 --- a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda +++ b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm index fbc8aa8ae..76c05c33d 100644 --- a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm @@ -37,7 +37,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -47,7 +47,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -60,11 +60,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -73,7 +73,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -91,11 +91,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm index f75c7a4ac..b14bc0dc5 100644 --- a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm @@ -37,7 +37,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -47,7 +47,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -60,11 +60,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -73,7 +73,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -89,11 +89,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda index 4bf1308cf..fb34da6e7 100644 --- a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda +++ b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu index 8380b8368..9e2de8abb 100644 --- a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu @@ -62,7 +62,7 @@ USER root # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -72,7 +72,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -85,11 +85,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -98,7 +98,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # jupyter-minimal # @@ -115,11 +115,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/rstudio/c9s-python-3.12/Dockerfile.cpu b/rstudio/c9s-python-3.12/Dockerfile.cpu index d5e8d84be..7219b1581 100644 --- a/rstudio/c9s-python-3.12/Dockerfile.cpu +++ b/rstudio/c9s-python-3.12/Dockerfile.cpu @@ -12,14 +12,14 @@ FROM ${BASE_IMAGE} AS cpu-base WORKDIR /opt/app-root/bin -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt # OS Packages needs to be installed as root USER root -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -29,7 +29,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 diff --git a/rstudio/c9s-python-3.12/Dockerfile.cuda b/rstudio/c9s-python-3.12/Dockerfile.cuda index d4a45d050..5db5260bf 100644 --- a/rstudio/c9s-python-3.12/Dockerfile.cuda +++ b/rstudio/c9s-python-3.12/Dockerfile.cuda @@ -15,7 +15,7 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER root -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -25,7 +25,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 @@ -34,9 +34,9 @@ RUN dnf install -y mesa-libGL && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt WORKDIR /opt/app-root/src diff --git a/rstudio/rhel9-python-3.12/Dockerfile.cpu b/rstudio/rhel9-python-3.12/Dockerfile.cpu index dd57a7b6a..b83462724 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.cpu +++ b/rstudio/rhel9-python-3.12/Dockerfile.cpu @@ -31,7 +31,7 @@ if command -v subscription-manager &> /dev/null; then fi EOF -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -41,7 +41,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 @@ -50,9 +50,9 @@ RUN dnf install -y perl mesa-libGL && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt WORKDIR /opt/app-root/src diff --git a/rstudio/rhel9-python-3.12/Dockerfile.cuda b/rstudio/rhel9-python-3.12/Dockerfile.cuda index 8b50b3c59..923ece652 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.cuda +++ b/rstudio/rhel9-python-3.12/Dockerfile.cuda @@ -31,7 +31,7 @@ if command -v subscription-manager &> /dev/null; then fi EOF -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -41,7 +41,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 @@ -50,9 +50,9 @@ RUN dnf install -y perl mesa-libGL && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt WORKDIR /opt/app-root/src diff --git a/runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu b/runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu index b1c6eebbe..190e7fd71 100644 --- a/runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu +++ b/runtimes/datascience/ubi9-python-3.12/Dockerfile.cpu @@ -25,7 +25,7 @@ COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo ARG TARGETARCH -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -35,7 +35,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN --mount=type=cache,target=/var/cache/dnf /bin/bash <<'EOF' @@ -105,11 +105,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -118,7 +118,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################## # wheel-builder stage # diff --git a/runtimes/minimal/ubi9-python-3.12/Dockerfile.cpu b/runtimes/minimal/ubi9-python-3.12/Dockerfile.cpu index 1a7ef0745..578d74891 100644 --- a/runtimes/minimal/ubi9-python-3.12/Dockerfile.cpu +++ b/runtimes/minimal/ubi9-python-3.12/Dockerfile.cpu @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -50,11 +50,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -63,7 +63,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # runtime-minimal # diff --git a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda index ee9cdd911..ae239605a 100644 --- a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda +++ b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-runtime-pytorch # diff --git a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda index a07623152..9583e513e 100644 --- a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda +++ b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-runtime-pytorch # diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm index fcc903753..52185a7a1 100644 --- a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm +++ b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-runtime-pytorch # diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm index d61605782..3c20f59a2 100644 --- a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm +++ b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ########################### # rocm-runtime-tensorflow # diff --git a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda index 07bf4b8ac..c1c95853c 100644 --- a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda +++ b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda @@ -25,7 +25,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -35,7 +35,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -48,11 +48,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -61,7 +61,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################ # cuda-runtime-tensorflow # diff --git a/scripts/dockerfile_fragments.py b/scripts/dockerfile_fragments.py index 4fca5be4f..505ca8222 100755 --- a/scripts/dockerfile_fragments.py +++ b/scripts/dockerfile_fragments.py @@ -1,6 +1,18 @@ #!/usr/bin/env python3 from __future__ import annotations +""" +This script is inspired by the AIPCC `replace-markers.sh` script, invoked from `make regen` + https://gitlab.com/redhat/rhel-ai/core/base-images/app/-/blob/main/containerfiles/replace-markers.sh + +The original AIPCC version uses the `ed` command to replace everything between + `### BEGIN ` and `### END ` with the content of the . + +This script currently has the data inline, but this can be easily changed. +We could also support files, or maybe even `### BEGIN funcname("param1", "param2")` that would + run Python function `funcname` and paste in the return value. +""" + import os import textwrap import pathlib @@ -21,32 +33,20 @@ def main(): if dockerfile.is_relative_to(ROOT_DIR / "examples"): continue - blockinfile( - dockerfile, - textwrap.dedent(r""" - # Problem: The operation would result in removing the following protected packages: systemd - # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) - # Solution: --best --skip-broken does not work either, so use --nobest - RUN /bin/bash <<'EOF' - set -Eeuxo pipefail - dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 - dnf clean all -y - EOF + replacements = { + "upgrade first to avoid fixable vulnerabilities": textwrap.dedent(r""" + # Problem: The operation would result in removing the following protected packages: systemd + # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) + # Solution: --best --skip-broken does not work either, so use --nobest + RUN /bin/bash <<'EOF' + set -Eeuxo pipefail + dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 + dnf clean all -y + EOF """), - prefix="upgrade first to avoid fixable vulnerabilities", - ) - - blockinfile( - dockerfile, - textwrap.dedent('''RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12"'''), - prefix="Install micropipenv and uv to deploy packages from requirements.txt", - ) - - if not is_rstudio(dockerfile): - blockinfile( - dockerfile, - textwrap.dedent(r""" + "Install micropipenv and uv to deploy packages from requirements.txt": '''RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12"''', + "Install the oc client": textwrap.dedent(r""" RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -55,28 +55,47 @@ def main(): rm -f /tmp/openshift-client-linux.tar.gz EOF - """), - prefix="Install the oc client", - ) - - if is_jupyter(dockerfile): - blockinfile( - dockerfile, - textwrap.dedent(r""" + """), + "Dependencies for PDF export": textwrap.dedent(r""" RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" - """), - prefix="Dependencies for PDF export", + """), + } + + # sanity check that we don't have any unexpected `### BEGIN`s and `### END`s + begin = "#" * 3 + " BEGIN" + end = "#" * 3 + " END" + with open(dockerfile, "rt") as fp: + for line_no, line in enumerate(fp, start=1): + for prefix in (begin, end): + if line.rstrip().startswith(prefix): + suffix = line[len(prefix) + 1:].rstrip() + if suffix not in replacements: + raise ValueError( + f"Expected replacement for '{prefix} {suffix}' " + f"not found in {dockerfile}:{line_no}" + ) + + for prefix, contents in replacements.items(): + blockinfile( + filename=dockerfile, + contents=contents, + prefix=prefix, ) -def blockinfile(filename: str | os.PathLike, contents: str, prefix: str | None = None, *, comment: str = "#"): +def blockinfile( + filename: str | os.PathLike, + contents: str, prefix: str | None = None, + *, + comment: str = "#", +) -> None: """This is similar to the functions in * https://homely.readthedocs.io/en/latest/ref/files.html#homely-files-blockinfile-1 * ansible.modules.lineinfile """ - begin_marker = f"{comment} {prefix if prefix else ''} begin" - end_marker = f"{comment} {prefix if prefix else ''} end" + begin_marker = f"{comment * 3} BEGIN{" " + prefix if prefix else ""}" + end_marker = f"{comment * 3} END{" " + prefix if prefix else ""}" begin = end = -1 try: @@ -104,10 +123,8 @@ def blockinfile(filename: str | os.PathLike, contents: str, prefix: str | None = if new_contents and new_contents[-1] == "\n": new_contents = new_contents[:-1] if begin == end == -1: - # add at the end if no markers found - lines.append(f"\n{begin_marker}\n") - lines.extend(new_contents) - lines.append(f"\n{end_marker}\n") + # no markers found + return else: lines[begin: end + 1] = [f"{begin_marker}\n", *new_contents, f"\n{end_marker}\n"] @@ -117,36 +134,36 @@ def blockinfile(filename: str | os.PathLike, contents: str, prefix: str | None = fp.writelines(lines) -def is_jupyter(filename: pathlib.Path) -> bool: - return filename.is_relative_to(ROOT_DIR / "jupyter") - - -def is_rstudio(filename: pathlib.Path) -> bool: - return filename.is_relative_to(ROOT_DIR / "rstudio") - - if __name__ == "__main__": main() class TestBlockinfile: def test_adding_new_block(self, fs: FakeFilesystem): + """the file should not be modified if there is no block already""" fs.create_file("/config.txt", contents="hello\nworld") blockinfile("/config.txt", "key=value") - assert fs.get_object("/config.txt").contents == "hello\nworld\n# begin\nkey=value\n# end\n" + assert fs.get_object("/config.txt").contents == "hello\nworld" - def test_lastnewline_removal(self, fs: FakeFilesystem): - fs.create_file("/config.txt", contents="hello\nworld") + def test_updating_value_in_block(self, fs: FakeFilesystem): + fs.create_file("/config.txt", contents="hello\nworld\n### BEGIN\nkey=value1\n### END\n") - blockinfile("/config.txt", "key=value\n\n") + blockinfile("/config.txt", "key=value2") - assert fs.get_object("/config.txt").contents == "hello\nworld\n# begin\nkey=value\n\n# end\n" + assert fs.get_object("/config.txt").contents == "hello\nworld\n### BEGIN\nkey=value2\n### END\n" - def test_updating_value_in_block(self, fs: FakeFilesystem): - fs.create_file("/config.txt", contents="hello\nworld\n# begin\nkey=value1\n# end\n") + def test_lastnewline_removal(self, fs: FakeFilesystem): + fs.create_file("/config.txt", contents="hello\nworld\n### BEGIN\n### END\n") - blockinfile("/config.txt", "key=value2") + blockinfile("/config.txt", "key=value\n\n") + + assert fs.get_object("/config.txt").contents == "hello\nworld\n### BEGIN\nkey=value\n\n### END\n" - assert fs.get_object("/config.txt").contents == "hello\nworld\n# begin\nkey=value2\n# end\n" + def test_dry_run(self, fs: FakeFilesystem): + fs.add_real_directory(source_path=ROOT_DIR / "jupyter", read_only=False) + fs.add_real_directory(source_path=ROOT_DIR / "codeserver", read_only=False) + fs.add_real_directory(source_path=ROOT_DIR / "rstudio", read_only=False) + fs.add_real_directory(source_path=ROOT_DIR / "runtimes", read_only=False) + main()