adding container/minimal docs to describe updating requirements (#73)

grokspawn · web-flow · commit 5f5e41fdb6b2 · 2024-05-13T13:14:21.000-05:00
Signed-off-by: Jordan Keister &lt;jordan@nimblewidget.com&gt;
diff --git a/images/ansible-operator/README.md b/images/ansible-operator/README.md
@@ -0,0 +1,8 @@
+We build the base image using the Dockerfile, which validates the python requirements scaffolding that it copies from this directory. 
+
+To update the requirements (`Pipfile` and `Pipfile.lock`) build and execute the image generated by `pipfile.Dockerfile` like so:
+
+1. docker build -f ./pipfile.Dockerfile -t pipfile-generator .
+2. docker run --rm -it -v .:/tmp/pip-airlock:Z pipfile-generator
+3. Commit the newly-generated `Pipfile.lock` file (NB: this directory is in root .gitignore file, so you must `git add -f`)
+
diff --git a/images/ansible-operator/pipfile.Dockerfile b/images/ansible-operator/pipfile.Dockerfile
@@ -0,0 +1,32 @@
+FROM registry.access.redhat.com/ubi8/ubi:8.9-1107 AS basebuilder
+
+# Install Rust so that we can ensure backwards compatibility with installing/building the cryptography wheel across all platforms
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+RUN rustc --version
+
+# Copy python dependencies (including ansible) to be installed using Pipenv
+COPY ./Pipfile ./
+# Instruct pip(env) not to keep a cache of installed packages,
+# to install into the global site-packages and
+# to clear the pipenv cache as well
+ENV PIP_NO_CACHE_DIR=1 \
+    PIPENV_SYSTEM=1 \
+    PIPENV_CLEAR=1
+# Ensure fresh metadata rather than cached metadata, install system and pip python deps,
+# and remove those not needed at runtime.
+RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
+  && yum update -y \
+  && yum install -y libffi-devel openssl-devel python39-devel gcc python39-pip python39-setuptools \
+  && pip3 install --upgrade pip~=23.3.2 \
+  && pip3 install pipenv==2023.11.15 \
+  && pipenv lock \
+  && pipenv check \
+  && yum remove -y gcc libffi-devel openssl-devel python39-devel \
+  && yum clean all \
+  && rm -rf /var/cache/yum
+
+VOLUME /tmp/pip-airlock
+ENTRYPOINT ["cp", "./Pipfile.lock", "/tmp/pip-airlock/"]
+# to pull the generated lockfile, run this like 
+# docker run --rm -it -v .:/tmp/pip-airlock:Z <image>
