Migrate pulumi-python image to match upstream with 3.13 as latest

taylorific · taylorific · commit 80a29a49735e · 2025-09-08T09:13:10.000-04:00
diff --git a/pulumi/pulumi-python/Containerfile b/pulumi/pulumi-python/Containerfile
@@ -1,36 +1,21 @@
 # syntax=docker/dockerfile:1
 # Arguments used in FROM need to be defined before the first build stage
-ARG BUILD_IMAGE=docker.io/ubuntu:noble-20250714
-ARG BASE_IMAGE=docker.io/polymathrobotics/python:3.9-noble
+ARG LANGUAGE_VERSION=3.13
+ARG BUILD_IMAGE=docker.io/ubuntu:noble-20250805
+ARG BASE_IMAGE=docker.io/polymathrobotics/python:${LANGUAGE_VERSION}-slim-noble
 # hadolint ignore=DL3006
 FROM $BUILD_IMAGE AS build
 
 ARG PULUMI_VERSION
-ARG CINC_AUDITOR_URL_AMD64
-ARG CINC_AUDITOR_SHA256_AMD64
-ARG CINC_AUDITOR_URL_ARM64
-ARG CINC_AUDITOR_SHA256_ARM64
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN <<EOF
   apt-get update
   apt-get install -y --no-install-recommends \
     ca-certificates \
-    curl
-  dpkgArch="$(dpkg --print-architecture)"
-  case "${dpkgArch##*-}" in \
-    amd64) \
-      CINC_AUDITOR_URL="$CINC_AUDITOR_URL_AMD64" \
-      CINC_AUDITOR_SHA256="$CINC_AUDITOR_SHA256_AMD64" \
-      ;; \
-    arm64) \
-      CINC_AUDITOR_URL="$CINC_AUDITOR_URL_ARM64" \
-      CINC_AUDITOR_SHA256="$CINC_AUDITOR_SHA256_ARM64" \
-      ;; \
-    *) echo "unsupported architecture"; exit 1 ;; \
-    esac
-  curl -fsSL -o /tmp/cinc-auditor.deb "${CINC_AUDITOR_URL}"
-  echo "${CINC_AUDITOR_SHA256} /tmp/cinc-auditor.deb" | sha256sum -c -
+    curl \
+    build-essential \
+    git
 EOF
 
 # Install the Pulumi SDK, including the CLI and language runtimes.
@@ -42,41 +27,29 @@ RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION
 # hadolint ignore=DL3006
 FROM $BASE_IMAGE
 
-ENV PATH=/opt/cinc-auditor/bin:/opt/cinc-auditor/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-# Run the entire container with the default locale to be en_US.UTF-8
-RUN <<EOF
-  apt-get update
-  apt-get install -y --no-install-recommends locales
-  locale-gen en_US.UTF-8
-  update-locale LANG=en_US.UTF-8
-  # The official Ubuntu images automatically run `apt-get clean`, so explicit
-  # invocation is not required
-  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-EOF
-
-ENV LANG=en_US.UTF-8 \
-    LANGUAGE=en_US:en \
-    LC_ALL=en_US.UTF-8
-
 WORKDIR /pulumi/projects
 
-COPY --from=build /tmp/cinc-auditor.deb  /tmp/cinc-auditor.deb
-
-RUN --mount=type=cache,target=/var/lib/apt/list \
-    --mount=type=cache,target=/var/cache/apt <<EOF
-  apt-get update
-  apt-get install -y --no-install-recommends /tmp/cinc-auditor.deb
-  rm -rf /tmp/cinc-auditor.deb
+RUN <<EOF
+  apt-get update -y
   DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     ca-certificates \
+    curl \
     git \
     vim
 EOF
 
+# Install poetry
+RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/share/pypoetry python3 -
+RUN ln -s /usr/local/share/pypoetry/bin/poetry /usr/local/bin/
+
+# Install uv
+RUN curl -LsSf https://astral.sh/uv/install.sh | XDG_BIN_HOME=/usr/local/share/uv bash -s -- --no-modify-path
+RUN ln -s /usr/local/share/uv/uv /usr/local/bin/
+RUN ln -s /usr/local/share/uv/uvx /usr/local/bin/
+
 # Uses the workdir, copies from pulumi interim container
 COPY --from=build /root/.pulumi/bin/pulumi /pulumi/bin/pulumi
 COPY --from=build /root/.pulumi/bin/*-python* /pulumi/bin/
 
 ENV PATH="/pulumi/bin:${PATH}"
-CMD ["pulumi"]
+CMD ["pulumi"]
diff --git a/pulumi/pulumi-python/docker-bake.hcl b/pulumi/pulumi-python/docker-bake.hcl
@@ -1,45 +1,119 @@
 variable "TAG_PREFIX" {
-  default =  "docker.io/polymathrobotics/pulumi-python"
+  default =  "docker.io/polymathrobotics"
 }
 
 variable "VERSION" {
-  default =  "3.186.0"
+  default =  "3.192.0"
+}
+
+# Explicitly define the latest Python version used for the consolidated image
+variable "LATEST_PYTHON" {
+  default = "3.13"
 }
 
 # There's no darwin-based Docker, so if we're running on macOS, change the platform to linux
 variable "LOCAL_PLATFORM" {
   default = regex_replace("${BAKE_LOCAL_PLATFORM}", "^(darwin)", "linux")
 }
 
+variable "IMAGES" {
+  default = [
+    "pulumi-python-3.9",
+    "pulumi-python-3.10",
+    "pulumi-python-3.11",
+    "pulumi-python-3.12",
+    "pulumi-python-3.13"
+  ]
+}
+
 target "_common" {
   args = {
     PULUMI_VERSION = "${VERSION}"
-    CINC_AUDITOR_URL_AMD64 = "https://ftp.osuosl.org/pub/cinc/files/stable/cinc-auditor/6.8.24/ubuntu/24.04/cinc-auditor_6.8.24-1_amd64.deb"
-    CINC_AUDITOR_SHA256_AMD64 = "13907518ae88cc12d85fb09e2bca5c6f48d9ced75fe1dad61285d1d884cda9c7"
-    CINC_AUDITOR_URL_ARM64 = "https://ftp.osuosl.org/pub/cinc/files/stable/cinc-auditor/6.8.24/ubuntu/24.04/cinc-auditor_6.8.24-1_arm64.deb"
-    CINC_AUDITOR_SHA256_ARM64 = "7453d58358cc158ddfe7a92a4557966c1e4b472e207e6097cf2490b323bd2616"
   }
   dockerfile = "Containerfile"
-  tags = [
-    "${TAG_PREFIX}:${VERSION}",
-    "${TAG_PREFIX}:latest"
-  ]
   labels = {
     "org.opencontainers.image.source" = "https://github.com/polymathrobotics/oci"
     "org.opencontainers.image.licenses" = "Apache-2.0"
     "org.opencontainers.image.description" = "Pulumi CLI container for python."
-    "org.opencontainers.image.title" = "${TAG_PREFIX}"
+    "org.opencontainers.image.title" = "${TAG_PREFIX}/pulumi-python"
     "org.opencontainers.image.created" = "${timestamp()}"
     "dev.polymathrobotics.image.readme-filepath" = "pulumi/README.md"
   }
 }
 
-target "local" {
+target "local-matrix" {
+  # replace `.` with `-` for the expanded image_name
+  name = "local-${regex_replace("${image_name}", "\\.", "-")}"
   inherits = ["_common"]
+  matrix = {
+    image_name = IMAGES
+  }
+  platforms = ["${LOCAL_PLATFORM}"]
+  tags = [
+    "${TAG_PREFIX}/${image_name}:${VERSION}",
+    "${TAG_PREFIX}/${image_name}:${VERSION}-noble",
+    "${TAG_PREFIX}/${image_name}:latest"
+  ]
+  args = {
+    LANGUAGE_VERSION = "${regex_replace("${image_name}", "^.*-", "")}"
+  }
+}
+
+group "local" {
+  targets = [
+    "local-matrix",          # all expanded matrix targets
+    "local-pulumi-python-latest"
+  ]
+}
+
+target "local-pulumi-python-latest" {
+  inherits  = ["_common"]
   platforms = ["${LOCAL_PLATFORM}"]
+  tags = [
+    "${TAG_PREFIX}/pulumi-python:${VERSION}",
+    "${TAG_PREFIX}/pulumi-python:${VERSION}-noble",
+    "${TAG_PREFIX}/pulumi-python:latest",
+  ]
+  args = {
+    LANGUAGE_VERSION = "${LATEST_PYTHON}"
+  }
 }
 
-target "default" {
+target "default-matrix" {
+  # replace `.` with `-` for the expanded image_name
+  name = "default-${regex_replace("${image_name}", "\\.", "-")}"
   inherits = ["_common"]
+  matrix = {
+    image_name = IMAGES
+  }
+  # target = image_name
+  platforms = ["linux/amd64", "linux/arm64/v8"]
+  tags = [
+    "${TAG_PREFIX}/${image_name}:${VERSION}",
+    "${TAG_PREFIX}/${image_name}:${VERSION}-noble",
+    "${TAG_PREFIX}/${image_name}:latest"
+  ]
+  args = {
+    LANGUAGE_VERSION = "${regex_replace("${image_name}", "^.*-", "")}"
+  }
+}
+
+target "default-pulumi-python-latest" {
+  inherits  = ["_common"]
   platforms = ["linux/amd64", "linux/arm64/v8"]
+  tags = [
+    "${TAG_PREFIX}/pulumi-python:${VERSION}",
+    "${TAG_PREFIX}/pulumi-python:${VERSION}-noble",
+    "${TAG_PREFIX}/pulumi-python:latest",
+  ]
+  args = {
+    LANGUAGE_VERSION = "${LATEST_PYTHON}"
+  }
 }
+
+group "default" {
+  targets = [
+    "default-matrix",          # all expanded matrix targets
+    "default-pulumi-python-latest"
+  ]
+}
