From 5088fdcfae1beac59875ac9ee504143a3b177eac Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:02:56 -0500 Subject: [PATCH 1/3] Install cisagov/skeleton-python-library directly Instead of downloading the source archive, extracting it, and then installing it with pip we instead just let pip directly install the package. --- Dockerfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9c939b7..7492a54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -79,12 +79,7 @@ WORKDIR ${CISA_HOME} # cache. This results in a smaller final image, at the cost of # slightly longer install times. ### -RUN wget --output-document sourcecode.tgz \ - https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz \ - && tar --extract --gzip --file sourcecode.tgz --strip-components=1 \ - && pip3 install --no-cache-dir --requirement requirements.txt \ - && ln -snf /run/secrets/quote.txt src/example/data/secret.txt \ - && rm sourcecode.tgz +RUN pip3 install --no-cache-dir https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz ### # Prepare to run From 22aa084d4fb438dde49b07189f64ef9abfd588cb Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:05:26 -0500 Subject: [PATCH 2/3] Remove unused OS package dependencies Since we are now installing cisagov/skeleton-python-library directly with pip we no longer need these OS packages. --- Dockerfile | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7492a54..ce1aa88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,19 +45,6 @@ RUN apk --update --no-cache --quiet upgrade RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} -### -# Dependencies -# -# Note that we use apk --no-cache to avoid writing to a local cache. -# This results in a smaller final image, at the cost of slightly -# longer install times. -### -ENV DEPS \ - ca-certificates \ - openssl \ - py-pip -RUN apk --no-cache --quiet add ${DEPS} - ### # Make sure pip, setuptools, and wheel are the latest versions # From 66032eaac5fdd596af939a774f4751266f8602c2 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:11:44 -0500 Subject: [PATCH 3/3] Change the secret message being checks in tests Now that we are not overwriting the internal Python package file the text we look for must match what is output by default. The Docker Compose secret configuration is left in place to continue to serve as an example and to be leveraged for a future update to cisagov/skeleton-python-library that can provide similar functionality to what was removed in this project. --- tests/container_test.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/container_test.py b/tests/container_test.py index c2e1874..60402a4 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -11,9 +11,7 @@ ENV_VAR = "ECHO_MESSAGE" ENV_VAR_VAL = "Hello World from docker compose!" READY_MESSAGE = "This is a debug message" -SECRET_QUOTE = ( - "There are no secrets better kept than the secrets everybody guesses." # nosec -) +SECRET_QUOTE = "Three may keep a secret, if two of them are dead." # nosec RELEASE_TAG = os.getenv("RELEASE_TAG") VERSION_FILE = "src/version.txt"