Add CentOS Stream with EPEL Python 3.13

.github/workflows/build-and-push.yml

@@ -118,6 +118,22 @@ jobs:
             tag: "313"
             image_name: "python-313-minimal"
 
+          - dockerfile: "3.13/Dockerfile.c10s"
+            docker_context: "3.13"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN"
+            tag: "c10s"
+            image_name: "python-313-c10s"
+
+          - dockerfile: "3.13-minimal/Dockerfile.c10s"
+            docker_context: "3.13-minimal"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN"
+            tag: "c10s"
+            image_name: "python-313-minimal-c10s"
+
     steps:
       - name: Build and push to quay.io registry
         uses: sclorg/build-and-push-action@v4

.github/workflows/container-tests.yml

@@ -60,7 +60,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        version: [ "3.9", "3.9-minimal", "3.11", "3.11-minimal", "3.12", "3.12-minimal", "3.13" ]
+        version: [ "3.9", "3.9-minimal", "3.11", "3.11-minimal", "3.12", "3.12-minimal", "3.13", "3.13-minimal" ]
         os_test: [ "fedora", "rhel8", "rhel9", "rhel10", "c9s", "c10s" ]
         test_case: [ "container" ]
     if: |

3.12-minimal/Dockerfile.c10s

@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream10-development-minimal
+FROM quay.io/centos/centos:stream10-minimal
 
 
 EXPOSE 8080

3.13-minimal/Dockerfile.c10s

@@ -0,0 +1,105 @@
+FROM quay.io/centos/centos:stream10-minimal
+
+
+EXPOSE 8080
+
+ENV PYTHON_VERSION=3.13 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    CNB_STACK_ID=com.redhat.stacks.ubi10-python-313 \
+    CNB_USER_ID=1001 \
+    CNB_GROUP_ID=0 \
+    PIP_NO_CACHE_DIR=off \
+    # The following variables are usually available from parent s2i images \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_ROOT=/opt/app-root \
+    HOME=/opt/app-root/src \
+    PLATFORM="el10"
+
+# /opt/app-root/bin - the main venv
+# /opt/app-root/src/bin - app-specific binaries
+# /opt/app-root/src/.local/bin - tools like pipenv
+ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH
+
+# Ensure the virtual environment is active in interactive shells
+ENV BASH_ENV=${APP_ROOT}/bin/activate \
+    ENV=${APP_ROOT}/bin/activate \
+    PROMPT_COMMAND=". ${APP_ROOT}/bin/activate"
+
+ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \
+    DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
+building and running various Python $PYTHON_VERSION applications and frameworks. \
+Python is an easy to learn, powerful programming language. It has efficient high-level \
+data structures and a simple but effective approach to object-oriented programming. \
+Python's elegant syntax and dynamic typing, together with its interpreted nature, \
+make it an ideal language for scripting and rapid application development in many areas \
+on most platforms."
+
+LABEL summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION" \
+      io.k8s.display-name="Python 3.13" \
+      io.openshift.expose-services="8080:http" \
+      io.openshift.tags="builder,python,python313,python-313,rh-python313" \
+      com.redhat.component="python-313-container" \
+      name="sclorg/python-313-minimal-c10s" \
+      usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.13-minimal/test/setup-test-app/ ubi10/python-313-minimal python-sample-app" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-313-minimal" \
+      maintainer="SoftwareCollections.org <sclorg@redhat.com>"
+
+# Very minimal set of packages
+# Python is obvious in the Python container :)
+# glibc-langpack-en is needed to set locale to en_US and disable warning about it
+# findutils - find command is needed for fix-permissions script
+# nss_wrapper - used in generate_container_user script
+RUN INSTALL_PKGS="python3.13 glibc-langpack-en findutils nss_wrapper-libs" && \
+    microdnf -y install --setopt=install_weak_deps=0 epel-release && \
+    microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
+    microdnf -y clean all --enablerepo='*'
+
+# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
+COPY 3.13-minimal/s2i/bin/ $STI_SCRIPTS_PATH
+
+# Copy extra files to the image.
+COPY 3.13-minimal/root/ /
+
+# Python 3.7+ only
+# Yes, the directory below is already copied by the previous command.
+# The problem here is that the wheels directory is copied as a symlink.
+# Only if you specify symlink directly as a source, COPY copies all the
+# files from the symlink destination.
+COPY 3.13-minimal/root/opt/wheels /opt/wheels
+
+# This command sets (and also creates if necessary)
+# the home directory - it has to be done here so the latter
+# fix-permissions fixes this directory as well.
+WORKDIR ${HOME}
+
+# - Create a Python virtual environment for use by any application to avoid
+#   potential conflicts with Python packages preinstalled in the main Python
+#   installation.
+# - In order to drop the root user, we have to make some directories world
+#   writable as OpenShift default security model is to run the container
+#   under random UID.
+RUN \
+    python3.13 -m venv ${APP_ROOT} && \
+    # We have to upgrade pip to a newer version because \
+    # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
+    #   support platforms like ppc64le, aarch64 or armv7 \
+    # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
+    # because it's tested better then whatever version from PyPI and contains useful patches. \
+    # We have to do it here so the permissions are correctly fixed and pip is able \
+    # to reinstall itself in the next build phases in the assemble script if user wants the latest version \
+    ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
+    rm -r /opt/wheels && \
+    chown -R 1001:0 ${APP_ROOT} && \
+    fix-permissions ${APP_ROOT} -P && \
+    rpm-file-permissions
+
+USER 1001
+
+# Set the default CMD to print the usage of the language image.
+CMD $STI_SCRIPTS_PATH/usage

3.13/Dockerfile.c10s

@@ -0,0 +1,89 @@
+# This image provides a Python 3.13 environment you can use to run your Python
+# applications.
+FROM quay.io/sclorg/s2i-base-c10s:c10s
+
+EXPOSE 8080
+
+ENV PYTHON_VERSION=3.13 \
+    PATH=$HOME/.local/bin/:$PATH \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    PIP_NO_CACHE_DIR=off
+
+ENV NAME=python3 \
+    ARCH=x86_64
+
+ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \
+    DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
+building and running various Python $PYTHON_VERSION applications and frameworks. \
+Python is an easy to learn, powerful programming language. It has efficient high-level \
+data structures and a simple but effective approach to object-oriented programming. \
+Python's elegant syntax and dynamic typing, together with its interpreted nature, \
+make it an ideal language for scripting and rapid application development in many areas \
+on most platforms."
+
+LABEL summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION" \
+      io.k8s.display-name="Python 3.13" \
+      io.openshift.expose-services="8080:http" \
+      io.openshift.tags="builder,python,python313,python-313,rh-python313" \
+      com.redhat.component="$NAME" \
+      name="sclorg/python-313-c10s" \
+      usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.13/test/setup-test-app/ $FGC/$NAME python-sample-app" \
+      maintainer="SoftwareCollections.org <sclorg@redhat.com>"
+
+RUN INSTALL_PKGS="python3.13 python3.13-devel python3.13-pip nss_wrapper-libs httpd \
+        httpd-devel mod_ssl mod_auth_gssapi mod_ldap mod_session \
+        gcc-gfortran libffi-devel libtool-ltdl krb5-devel" && \
+    yum -y install --setopt=install_weak_deps=0 epel-release && \
+    yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum -y clean all --enablerepo='*'
+
+# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
+COPY 3.13/s2i/bin/ $STI_SCRIPTS_PATH
+
+# Copy extra files to the image.
+COPY 3.13/root/ /
+
+# Python 3.7+ only
+# Yes, the directory below is already copied by the previous command.
+# The problem here is that the wheels directory is copied as a symlink.
+# Only if you specify symlink directly as a source, COPY copies all the
+# files from the symlink destination.
+COPY 3.13/root/opt/wheels /opt/wheels
+# - Create a Python virtual environment for use by any application to avoid
+#   potential conflicts with Python packages preinstalled in the main Python
+#   installation.
+# - In order to drop the root user, we have to make some directories world
+#   writable as OpenShift default security model is to run the container
+#   under random UID.
+RUN python3.13 -m venv ${APP_ROOT} && \
+# Python 3.7+ only code, Python <3.7 installs pip from PyPI in the assemble script. \
+# We have to upgrade pip to a newer verison because \
+# pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
+#   support platforms like ppc64le, aarch64 or armv7 \
+# We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
+# because it's tested better then whatever version from PyPI and contains useful patches. \
+# We have to do it here (in the macro) so the permissions are correctly fixed and pip is able \
+# to reinstall itself in the next build phases in the assemble script if user wants the latest version \
+${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
+rm -r /opt/wheels && \
+chown -R 1001:0 ${APP_ROOT} && \
+fix-permissions ${APP_ROOT} -P && \
+# The following echo adds the unset command for the variables set below to the \
+# venv activation script. This prevents the virtual environment from being \
+# activated multiple times and also every time the prompt is rendered. \
+echo "unset BASH_ENV PROMPT_COMMAND ENV" >> ${APP_ROOT}/bin/activate
+# Ensure the virtualenv is activated in interactive shells
+ENV BASH_ENV="${APP_ROOT}/bin/activate" \
+    ENV="${APP_ROOT}/bin/activate" \
+    PROMPT_COMMAND=". ${APP_ROOT}/bin/activate"
+
+USER 1001
+
+# Set the default CMD to print the usage of the language image.
+CMD $STI_SCRIPTS_PATH/usage

README.md

@@ -12,8 +12,10 @@ Images available on Quay are:
 * CentOS Stream 9 [python-311-c9s](https://quay.io/repository/sclorg/python-311-c9s)
 * CentOS Stream 9 [python-312-minimal-c9s](https://quay.io/repository/sclorg/python-312-minimal-c9s)
 * CentOS Stream 9 [python-312-c9s](https://quay.io/repository/sclorg/python-312-c9s)
-* CentOS Stream 10 [python-312-minimal-c9s](https://quay.io/repository/sclorg/python-312-minimal-c10s)
-* CentOS Stream 10 [python-312-c9s](https://quay.io/repository/sclorg/python-312-c10s)
+* CentOS Stream 10 [python-312-minimal-c10s](https://quay.io/repository/sclorg/python-312-minimal-c10s)
+* CentOS Stream 10 [python-312-c10s](https://quay.io/repository/sclorg/python-312-c10s)
+* CentOS Stream 10 [python-313-minimal-c10s](https://quay.io/repository/sclorg/python-313-minimal-c10s)
+* CentOS Stream 10 [python-313-c10s](https://quay.io/repository/sclorg/python-313-c10s)
 * Fedora [python-313](https://quay.io/repository/fedora/python-313)
 * Fedora [python-313-minimal](https://quay.io/repository/fedora/python-313-minimal)
 
@@ -73,8 +75,7 @@ CentOS Stream versions currently supported are:
 * CentOS Stream 10 ([quay.io/sclorg](https://quay.io/organization/sclorg))
 
 Fedora versions currently supported are:
-* Fedora 40 ([quay.io/fedora](https://quay.io/organization/fedora))
-* Fedora 41 ([quay.io/fedora](https://quay.io/organization/fedora))
+* Fedora 42 ([quay.io/fedora](https://quay.io/organization/fedora))
 
 Download
 --------

specs/multispec.yml

@@ -93,7 +93,7 @@ specs:
       distros:
         - centos-stream-10-x86_64
       el_version: "10"
-      minimal_image: "quay.io/centos/centos:stream10-development-minimal"
+      minimal_image: "quay.io/centos/centos:stream10-minimal"
       s2i_base: quay.io/sclorg/s2i-base-c10s
       img_tag: "c10s"
       org: "sclorg"
@@ -103,8 +103,10 @@ specs:
                   'mod_auth_gssapi', 'mod_ldap', 'mod_session',
                   'gcc-gfortran', 'libffi-devel', 'libtool-ltdl',
                   'krb5-devel']
+      enable_epel_for: ["3.13", "3.13-minimal"]
       extra_pkgs:
         "3.12": ['python3', 'python3-devel', 'python3-setuptools', 'python3-pip']
+        "3.13": ['python3.13', 'python3.13-devel', 'python3.13-pip']
 
     fedora42:
       distros:
@@ -246,7 +248,9 @@ matrix:
       version: "3.12-minimal"
     - distros:
         - fedora-42-x86_64
+        - centos-stream-10-x86_64
       version: "3.13"
     - distros:
         - fedora-42-x86_64
+        - centos-stream-10-x86_64
       version: "3.13-minimal"

src/Dockerfile-minimal.template

@@ -58,6 +58,9 @@ LABEL summary="$SUMMARY" \
 # findutils - find command is needed for fix-permissions script
 # nss_wrapper - used in generate_container_user script
 RUN INSTALL_PKGS="{{ spec.pkg_prefix }} glibc-langpack-en findutils nss_wrapper-libs" && \
+    {% if spec.enable_epel_for and spec.version in spec.enable_epel_for %}
+    microdnf -y install --setopt=install_weak_deps=0 epel-release && \
+    {% endif %}
     microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
     microdnf -y clean all --enablerepo='*'
 

src/Dockerfile.template

@@ -53,6 +53,9 @@ LABEL summary="$SUMMARY" \
 RUN INSTALL_PKGS="{{ common.list_pkgs(extra_pkgs + spec.python_pkgs + spec.base_pkgs) -}}
     {% if spec.preinstall_cmd %}
 {{ common.preinstall_cmd(spec) -}}
+    {% endif %}
+    {% if spec.enable_epel_for and spec.version in spec.enable_epel_for %}
+    yum -y install --setopt=install_weak_deps=0 epel-release && \
     {% endif %}
     {{ commands.pkginstaller.install([], {'docs': False}) }}{{ common.enablerepo(spec) }} $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \