From fc4a4f59464006163fd206bed60d90ad595fd91b Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sat, 1 Nov 2025 14:04:29 +0100 Subject: [PATCH 1/9] Add CentOS Stream with EPEL Python 3.13 Fixes: https://github.com/sclorg/s2i-python-container/issues/763 --- specs/multispec.yml | 4 ++++ src/Dockerfile-minimal.template | 3 +++ src/Dockerfile.template | 3 +++ 3 files changed, 10 insertions(+) diff --git a/specs/multispec.yml b/specs/multispec.yml index a7265d8f..6390f4d4 100644 --- a/specs/multispec.yml +++ b/specs/multispec.yml @@ -103,8 +103,10 @@ specs: 'mod_auth_gssapi', 'mod_ldap', 'mod_session', 'gcc-gfortran', 'libffi-devel', 'libtool-ltdl', 'krb5-devel'] + enable_epel_for: ["3.13", "3.13-minimal"] extra_pkgs: "3.12": ['python3', 'python3-devel', 'python3-setuptools', 'python3-pip'] + "3.13": ['python3.13', 'python3.13-devel', 'python3.13-pip'] fedora42: distros: @@ -246,7 +248,9 @@ matrix: version: "3.12-minimal" - distros: - fedora-42-x86_64 + - centos-stream-10-x86_64 version: "3.13" - distros: - fedora-42-x86_64 + - centos-stream-10-x86_64 version: "3.13-minimal" diff --git a/src/Dockerfile-minimal.template b/src/Dockerfile-minimal.template index 65915a16..7c3a01fd 100644 --- a/src/Dockerfile-minimal.template +++ b/src/Dockerfile-minimal.template @@ -58,6 +58,9 @@ LABEL summary="$SUMMARY" \ # findutils - find command is needed for fix-permissions script # nss_wrapper - used in generate_container_user script RUN INSTALL_PKGS="{{ spec.pkg_prefix }} glibc-langpack-en findutils nss_wrapper-libs" && \ + {% if spec.enable_epel_for and spec.version in spec.enable_epel_for %} + microdnf -y install epel-release && \ + {% endif %} microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \ microdnf -y clean all --enablerepo='*' diff --git a/src/Dockerfile.template b/src/Dockerfile.template index 17f2255d..5c246c6e 100644 --- a/src/Dockerfile.template +++ b/src/Dockerfile.template @@ -53,6 +53,9 @@ LABEL summary="$SUMMARY" \ RUN INSTALL_PKGS="{{ common.list_pkgs(extra_pkgs + spec.python_pkgs + spec.base_pkgs) -}} {% if spec.preinstall_cmd %} {{ common.preinstall_cmd(spec) -}} + {% endif %} + {% if spec.enable_epel_for and spec.version in spec.enable_epel_for %} + yum -y install --setopt=install_weak_deps=0 epel-release && \ {% endif %} {{ commands.pkginstaller.install([], {'docs': False}) }}{{ common.enablerepo(spec) }} $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ From 292c051403babe021a45f9449ae4dd928b7286cb Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sat, 1 Nov 2025 14:05:37 +0100 Subject: [PATCH 2/9] Distgen generated content --- 3.13-minimal/Dockerfile.c10s | 105 +++++++++++++++++++++++++++++++++++ 3.13/Dockerfile.c10s | 89 +++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) create mode 100644 3.13-minimal/Dockerfile.c10s create mode 100644 3.13/Dockerfile.c10s diff --git a/3.13-minimal/Dockerfile.c10s b/3.13-minimal/Dockerfile.c10s new file mode 100644 index 00000000..52c85618 --- /dev/null +++ b/3.13-minimal/Dockerfile.c10s @@ -0,0 +1,105 @@ +FROM quay.io/centos/centos:stream10-development-minimal + + +EXPOSE 8080 + +ENV PYTHON_VERSION=3.13 \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + CNB_STACK_ID=com.redhat.stacks.ubi10-python-313 \ + CNB_USER_ID=1001 \ + CNB_GROUP_ID=0 \ + PIP_NO_CACHE_DIR=off \ + # The following variables are usually available from parent s2i images \ + STI_SCRIPTS_PATH=/usr/libexec/s2i \ + APP_ROOT=/opt/app-root \ + HOME=/opt/app-root/src \ + PLATFORM="el10" + +# /opt/app-root/bin - the main venv +# /opt/app-root/src/bin - app-specific binaries +# /opt/app-root/src/.local/bin - tools like pipenv +ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH + +# Ensure the virtual environment is active in interactive shells +ENV BASH_ENV=${APP_ROOT}/bin/activate \ + ENV=${APP_ROOT}/bin/activate \ + PROMPT_COMMAND=". ${APP_ROOT}/bin/activate" + +ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \ + DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +building and running various Python $PYTHON_VERSION applications and frameworks. \ +Python is an easy to learn, powerful programming language. It has efficient high-level \ +data structures and a simple but effective approach to object-oriented programming. \ +Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +make it an ideal language for scripting and rapid application development in many areas \ +on most platforms." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="Python 3.13" \ + io.openshift.expose-services="8080:http" \ + io.openshift.tags="builder,python,python313,python-313,rh-python313" \ + com.redhat.component="python-313-container" \ + name="sclorg/python-313-minimal-c10s" \ + usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.13-minimal/test/setup-test-app/ ubi10/python-313-minimal python-sample-app" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ + io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-313-minimal" \ + maintainer="SoftwareCollections.org " + +# Very minimal set of packages +# Python is obvious in the Python container :) +# glibc-langpack-en is needed to set locale to en_US and disable warning about it +# findutils - find command is needed for fix-permissions script +# nss_wrapper - used in generate_container_user script +RUN INSTALL_PKGS="python3.13 glibc-langpack-en findutils nss_wrapper-libs" && \ + microdnf -y install epel-release && \ + microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \ + microdnf -y clean all --enablerepo='*' + +# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH. +COPY 3.13-minimal/s2i/bin/ $STI_SCRIPTS_PATH + +# Copy extra files to the image. +COPY 3.13-minimal/root/ / + +# Python 3.7+ only +# Yes, the directory below is already copied by the previous command. +# The problem here is that the wheels directory is copied as a symlink. +# Only if you specify symlink directly as a source, COPY copies all the +# files from the symlink destination. +COPY 3.13-minimal/root/opt/wheels /opt/wheels + +# This command sets (and also creates if necessary) +# the home directory - it has to be done here so the latter +# fix-permissions fixes this directory as well. +WORKDIR ${HOME} + +# - Create a Python virtual environment for use by any application to avoid +# potential conflicts with Python packages preinstalled in the main Python +# installation. +# - In order to drop the root user, we have to make some directories world +# writable as OpenShift default security model is to run the container +# under random UID. +RUN \ + python3.13 -m venv ${APP_ROOT} && \ + # We have to upgrade pip to a newer version because \ + # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \ + # support platforms like ppc64le, aarch64 or armv7 \ + # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \ + # because it's tested better then whatever version from PyPI and contains useful patches. \ + # We have to do it here so the permissions are correctly fixed and pip is able \ + # to reinstall itself in the next build phases in the assemble script if user wants the latest version \ + ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \ + rm -r /opt/wheels && \ + chown -R 1001:0 ${APP_ROOT} && \ + fix-permissions ${APP_ROOT} -P && \ + rpm-file-permissions + +USER 1001 + +# Set the default CMD to print the usage of the language image. +CMD $STI_SCRIPTS_PATH/usage diff --git a/3.13/Dockerfile.c10s b/3.13/Dockerfile.c10s new file mode 100644 index 00000000..87196fe3 --- /dev/null +++ b/3.13/Dockerfile.c10s @@ -0,0 +1,89 @@ +# This image provides a Python 3.13 environment you can use to run your Python +# applications. +FROM quay.io/sclorg/s2i-base-c10s:c10s + +EXPOSE 8080 + +ENV PYTHON_VERSION=3.13 \ + PATH=$HOME/.local/bin/:$PATH \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + PIP_NO_CACHE_DIR=off + +ENV NAME=python3 \ + ARCH=x86_64 + +ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ + DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +building and running various Python $PYTHON_VERSION applications and frameworks. \ +Python is an easy to learn, powerful programming language. It has efficient high-level \ +data structures and a simple but effective approach to object-oriented programming. \ +Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +make it an ideal language for scripting and rapid application development in many areas \ +on most platforms." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="Python 3.13" \ + io.openshift.expose-services="8080:http" \ + io.openshift.tags="builder,python,python313,python-313,rh-python313" \ + com.redhat.component="$NAME" \ + name="sclorg/python-313-c10s" \ + usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.13/test/setup-test-app/ $FGC/$NAME python-sample-app" \ + maintainer="SoftwareCollections.org " + +RUN INSTALL_PKGS="python3.13 python3.13-devel python3.13-pip nss_wrapper-libs httpd \ + httpd-devel mod_ssl mod_auth_gssapi mod_ldap mod_session \ + gcc-gfortran libffi-devel libtool-ltdl krb5-devel" && \ + yum -y install --setopt=install_weak_deps=0 epel-release && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo='*' + +# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH. +COPY 3.13/s2i/bin/ $STI_SCRIPTS_PATH + +# Copy extra files to the image. +COPY 3.13/root/ / + +# Python 3.7+ only +# Yes, the directory below is already copied by the previous command. +# The problem here is that the wheels directory is copied as a symlink. +# Only if you specify symlink directly as a source, COPY copies all the +# files from the symlink destination. +COPY 3.13/root/opt/wheels /opt/wheels +# - Create a Python virtual environment for use by any application to avoid +# potential conflicts with Python packages preinstalled in the main Python +# installation. +# - In order to drop the root user, we have to make some directories world +# writable as OpenShift default security model is to run the container +# under random UID. +RUN python3.13 -m venv ${APP_ROOT} && \ +# Python 3.7+ only code, Python <3.7 installs pip from PyPI in the assemble script. \ +# We have to upgrade pip to a newer verison because \ +# pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \ +# support platforms like ppc64le, aarch64 or armv7 \ +# We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \ +# because it's tested better then whatever version from PyPI and contains useful patches. \ +# We have to do it here (in the macro) so the permissions are correctly fixed and pip is able \ +# to reinstall itself in the next build phases in the assemble script if user wants the latest version \ +${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \ +rm -r /opt/wheels && \ +chown -R 1001:0 ${APP_ROOT} && \ +fix-permissions ${APP_ROOT} -P && \ +# The following echo adds the unset command for the variables set below to the \ +# venv activation script. This prevents the virtual environment from being \ +# activated multiple times and also every time the prompt is rendered. \ +echo "unset BASH_ENV PROMPT_COMMAND ENV" >> ${APP_ROOT}/bin/activate +# Ensure the virtualenv is activated in interactive shells +ENV BASH_ENV="${APP_ROOT}/bin/activate" \ + ENV="${APP_ROOT}/bin/activate" \ + PROMPT_COMMAND=". ${APP_ROOT}/bin/activate" + +USER 1001 + +# Set the default CMD to print the usage of the language image. +CMD $STI_SCRIPTS_PATH/usage From 829958e7e688ed079d32fa8a05ef5f823e6d110b Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sun, 2 Nov 2025 11:04:30 +0100 Subject: [PATCH 3/9] Switch stream10-development-minimal to newer stream10-minimal -development- container images are no longer actively rebuild. --- specs/multispec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/multispec.yml b/specs/multispec.yml index 6390f4d4..a7ff8455 100644 --- a/specs/multispec.yml +++ b/specs/multispec.yml @@ -93,7 +93,7 @@ specs: distros: - centos-stream-10-x86_64 el_version: "10" - minimal_image: "quay.io/centos/centos:stream10-development-minimal" + minimal_image: "quay.io/centos/centos:stream10-minimal" s2i_base: quay.io/sclorg/s2i-base-c10s img_tag: "c10s" org: "sclorg" From d7ebb14cb79598a16f89abe822c15f28117efca0 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sun, 2 Nov 2025 11:07:26 +0100 Subject: [PATCH 4/9] Distgen generated content --- 3.12-minimal/Dockerfile.c10s | 2 +- 3.13-minimal/Dockerfile.c10s | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3.12-minimal/Dockerfile.c10s b/3.12-minimal/Dockerfile.c10s index fc382f1c..d66575c8 100644 --- a/3.12-minimal/Dockerfile.c10s +++ b/3.12-minimal/Dockerfile.c10s @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream10-development-minimal +FROM quay.io/centos/centos:stream10-minimal EXPOSE 8080 diff --git a/3.13-minimal/Dockerfile.c10s b/3.13-minimal/Dockerfile.c10s index 52c85618..b55832f2 100644 --- a/3.13-minimal/Dockerfile.c10s +++ b/3.13-minimal/Dockerfile.c10s @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream10-development-minimal +FROM quay.io/centos/centos:stream10-minimal EXPOSE 8080 From 9c3bee887bb4d44b35e982777862d95b396b4f3e Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sun, 2 Nov 2025 11:27:30 +0100 Subject: [PATCH 5/9] Distgen generated content --- 3.13-minimal/Dockerfile.c10s | 2 +- src/Dockerfile-minimal.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3.13-minimal/Dockerfile.c10s b/3.13-minimal/Dockerfile.c10s index b55832f2..34031864 100644 --- a/3.13-minimal/Dockerfile.c10s +++ b/3.13-minimal/Dockerfile.c10s @@ -56,7 +56,7 @@ LABEL summary="$SUMMARY" \ # findutils - find command is needed for fix-permissions script # nss_wrapper - used in generate_container_user script RUN INSTALL_PKGS="python3.13 glibc-langpack-en findutils nss_wrapper-libs" && \ - microdnf -y install epel-release && \ + microdnf -y install --setopt=install_weak_deps=0 epel-release && \ microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \ microdnf -y clean all --enablerepo='*' diff --git a/src/Dockerfile-minimal.template b/src/Dockerfile-minimal.template index 7c3a01fd..26ef35a2 100644 --- a/src/Dockerfile-minimal.template +++ b/src/Dockerfile-minimal.template @@ -59,7 +59,7 @@ LABEL summary="$SUMMARY" \ # nss_wrapper - used in generate_container_user script RUN INSTALL_PKGS="{{ spec.pkg_prefix }} glibc-langpack-en findutils nss_wrapper-libs" && \ {% if spec.enable_epel_for and spec.version in spec.enable_epel_for %} - microdnf -y install epel-release && \ + microdnf -y install --setopt=install_weak_deps=0 epel-release && \ {% endif %} microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \ microdnf -y clean all --enablerepo='*' From 584af32b12b9ed83fc4caa6f739c92e4c8645b8f Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Sun, 2 Nov 2025 11:32:55 +0100 Subject: [PATCH 6/9] CI configuration --- .github/workflows/build-and-push.yml | 16 ++++++++++++++++ .github/workflows/container-tests.yml | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml index 5e162f10..aeaedaa5 100644 --- a/.github/workflows/build-and-push.yml +++ b/.github/workflows/build-and-push.yml @@ -118,6 +118,22 @@ jobs: tag: "313" image_name: "python-313-minimal" + - dockerfile: "3.13/Dockerfile.c10s" + docker_context: "3.13" + registry_namespace: "sclorg" + quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME" + quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN" + tag: "c10s" + image_name: "python-313-c10s" + + - dockerfile: "3.13-minimal/Dockerfile.c10s" + docker_context: "3.13-minimal" + registry_namespace: "sclorg" + quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME" + quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN" + tag: "c10s" + image_name: "python-313-minimal-c10s" + steps: - name: Build and push to quay.io registry uses: sclorg/build-and-push-action@v4 diff --git a/.github/workflows/container-tests.yml b/.github/workflows/container-tests.yml index 676872fb..679bac57 100644 --- a/.github/workflows/container-tests.yml +++ b/.github/workflows/container-tests.yml @@ -60,7 +60,7 @@ jobs: strategy: fail-fast: false matrix: - version: [ "3.9", "3.9-minimal", "3.11", "3.11-minimal", "3.12", "3.12-minimal", "3.13" ] + version: [ "3.9", "3.9-minimal", "3.11", "3.11-minimal", "3.12", "3.12-minimal", "3.13", "3.13-minimal" ] os_test: [ "fedora", "rhel8", "rhel9", "rhel10", "c9s", "c10s" ] test_case: [ "container" ] if: | From cf914d7f844fc43b5f8983da6f8ef3b17d457e22 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 6 Nov 2025 13:47:45 +0100 Subject: [PATCH 7/9] Fix typos in names of container images --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6e0d1db5..184b8bd6 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ Images available on Quay are: * CentOS Stream 9 [python-311-c9s](https://quay.io/repository/sclorg/python-311-c9s) * CentOS Stream 9 [python-312-minimal-c9s](https://quay.io/repository/sclorg/python-312-minimal-c9s) * CentOS Stream 9 [python-312-c9s](https://quay.io/repository/sclorg/python-312-c9s) -* CentOS Stream 10 [python-312-minimal-c9s](https://quay.io/repository/sclorg/python-312-minimal-c10s) -* CentOS Stream 10 [python-312-c9s](https://quay.io/repository/sclorg/python-312-c10s) +* CentOS Stream 10 [python-312-minimal-c10s](https://quay.io/repository/sclorg/python-312-minimal-c10s) +* CentOS Stream 10 [python-312-c10s](https://quay.io/repository/sclorg/python-312-c10s) * Fedora [python-313](https://quay.io/repository/fedora/python-313) * Fedora [python-313-minimal](https://quay.io/repository/fedora/python-313-minimal) From a64781b7ee3f2530ffddd9bd4502e0df121978b8 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 6 Nov 2025 13:48:27 +0100 Subject: [PATCH 8/9] Add Python 3.13 on C10S to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 184b8bd6..16c47d35 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,8 @@ Images available on Quay are: * CentOS Stream 9 [python-312-c9s](https://quay.io/repository/sclorg/python-312-c9s) * CentOS Stream 10 [python-312-minimal-c10s](https://quay.io/repository/sclorg/python-312-minimal-c10s) * CentOS Stream 10 [python-312-c10s](https://quay.io/repository/sclorg/python-312-c10s) +* CentOS Stream 10 [python-313-minimal-c10s](https://quay.io/repository/sclorg/python-313-minimal-c10s) +* CentOS Stream 10 [python-313-c10s](https://quay.io/repository/sclorg/python-313-c10s) * Fedora [python-313](https://quay.io/repository/fedora/python-313) * Fedora [python-313-minimal](https://quay.io/repository/fedora/python-313-minimal) From fb40d698b690bda806ee657a448a8bd27986db8b Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 6 Nov 2025 13:49:31 +0100 Subject: [PATCH 9/9] Fix supported Fedora versions --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 16c47d35..397a9186 100644 --- a/README.md +++ b/README.md @@ -75,8 +75,7 @@ CentOS Stream versions currently supported are: * CentOS Stream 10 ([quay.io/sclorg](https://quay.io/organization/sclorg)) Fedora versions currently supported are: -* Fedora 40 ([quay.io/fedora](https://quay.io/organization/fedora)) -* Fedora 41 ([quay.io/fedora](https://quay.io/organization/fedora)) +* Fedora 42 ([quay.io/fedora](https://quay.io/organization/fedora)) Download --------