Add support python-314{-minimal} for RHEL9 and RHEL10

.github/workflows/build-and-push.yml

@@ -142,6 +142,30 @@ jobs:
             tag: "314"
             image_name: "python-314-minimal"
 
+          - dockerfile: "3.14/Dockerfile.c9s"
+            docker_context: "3.14"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN"
+            tag: "c9s"
+            image_name: "python-314-c9s"
+
+          - dockerfile: "3.14-minimal/Dockerfile.c9s"
+            docker_context: "3.14-minimal"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN"
+            tag: "c9s"
+            image_name: "python-314-minimal-c9s"
+
+          - dockerfile: "3.14-minimal/Dockerfile.c10s"
+            docker_context: "3.14-minimal"
+            registry_namespace: "sclorg"
+            quayio_username: "QUAY_IMAGE_SCLORG_BUILDER_USERNAME"
+            quayio_token: "QUAY_IMAGE_SCLORG_BUILDER_TOKEN"
+            tag: "c10s"
+            image_name: "python-314-minimal-c10s"
+
     steps:
       - name: Build and push to quay.io registry
         uses: sclorg/build-and-push-action@v4

3.14-minimal/Dockerfile.c10s

@@ -0,0 +1,105 @@
+FROM quay.io/centos/centos:stream10-minimal
+
+
+EXPOSE 8080
+
+ENV PYTHON_VERSION=3.14 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    CNB_STACK_ID=com.redhat.stacks.ubi10-python-314 \
+    CNB_USER_ID=1001 \
+    CNB_GROUP_ID=0 \
+    PIP_NO_CACHE_DIR=off \
+    # The following variables are usually available from parent s2i images \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_ROOT=/opt/app-root \
+    HOME=/opt/app-root/src \
+    PLATFORM="el10"
+
+# /opt/app-root/bin - the main venv
+# /opt/app-root/src/bin - app-specific binaries
+# /opt/app-root/src/.local/bin - tools like pipenv
+ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH
+
+# Ensure the virtual environment is active in interactive shells
+ENV BASH_ENV=${APP_ROOT}/bin/activate \
+    ENV=${APP_ROOT}/bin/activate \
+    PROMPT_COMMAND=". ${APP_ROOT}/bin/activate"
+
+ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \
+    DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
+building and running various Python $PYTHON_VERSION applications and frameworks. \
+Python is an easy to learn, powerful programming language. It has efficient high-level \
+data structures and a simple but effective approach to object-oriented programming. \
+Python's elegant syntax and dynamic typing, together with its interpreted nature, \
+make it an ideal language for scripting and rapid application development in many areas \
+on most platforms."
+
+LABEL summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION" \
+      io.k8s.display-name="Python 3.14" \
+      io.openshift.expose-services="8080:http" \
+      io.openshift.tags="builder,python,python314,python-314,rh-python314" \
+      com.redhat.component="python-314-container" \
+      name="sclorg/python-314-minimal-c10s" \
+      usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.14-minimal/test/setup-test-app/ ubi10/python-314-minimal python-sample-app" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-314-minimal" \
+      maintainer="SoftwareCollections.org <sclorg@redhat.com>"
+
+# Very minimal set of packages
+# Python is obvious in the Python container :)
+# glibc-langpack-en is needed to set locale to en_US and disable warning about it
+# findutils - find command is needed for fix-permissions script
+# nss_wrapper - used in generate_container_user script
+RUN INSTALL_PKGS="python3.14 glibc-langpack-en findutils nss_wrapper-libs" && \
+    microdnf -y install --setopt=install_weak_deps=0 epel-release && \
+    microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
+    microdnf -y clean all --enablerepo='*'
+
+# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
+COPY 3.14-minimal/s2i/bin/ $STI_SCRIPTS_PATH
+
+# Copy extra files to the image.
+COPY 3.14-minimal/root/ /
+
+# Python 3.7+ only
+# Yes, the directory below is already copied by the previous command.
+# The problem here is that the wheels directory is copied as a symlink.
+# Only if you specify symlink directly as a source, COPY copies all the
+# files from the symlink destination.
+COPY 3.14-minimal/root/opt/wheels /opt/wheels
+
+# This command sets (and also creates if necessary)
+# the home directory - it has to be done here so the latter
+# fix-permissions fixes this directory as well.
+WORKDIR ${HOME}
+
+# - Create a Python virtual environment for use by any application to avoid
+#   potential conflicts with Python packages preinstalled in the main Python
+#   installation.
+# - In order to drop the root user, we have to make some directories world
+#   writable as OpenShift default security model is to run the container
+#   under random UID.
+RUN \
+    python3.14 -m venv ${APP_ROOT} && \
+    # We have to upgrade pip to a newer version because \
+    # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
+    #   support platforms like ppc64le, aarch64 or armv7 \
+    # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
+    # because it's tested better then whatever version from PyPI and contains useful patches. \
+    # We have to do it here so the permissions are correctly fixed and pip is able \
+    # to reinstall itself in the next build phases in the assemble script if user wants the latest version \
+    ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
+    rm -r /opt/wheels && \
+    chown -R 1001:0 ${APP_ROOT} && \
+    fix-permissions ${APP_ROOT} -P && \
+    rpm-file-permissions
+
+USER 1001
+
+# Set the default CMD to print the usage of the language image.
+CMD $STI_SCRIPTS_PATH/usage

3.14-minimal/Dockerfile.rhel10

@@ -0,0 +1,104 @@
+FROM ubi10-minimal:latest
+
+
+EXPOSE 8080
+
+ENV PYTHON_VERSION=3.14 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    CNB_STACK_ID=com.redhat.stacks.ubi10-python-314 \
+    CNB_USER_ID=1001 \
+    CNB_GROUP_ID=0 \
+    PIP_NO_CACHE_DIR=off \
+    # The following variables are usually available from parent s2i images \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_ROOT=/opt/app-root \
+    HOME=/opt/app-root/src \
+    PLATFORM="el10"
+
+# /opt/app-root/bin - the main venv
+# /opt/app-root/src/bin - app-specific binaries
+# /opt/app-root/src/.local/bin - tools like pipenv
+ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH
+
+# Ensure the virtual environment is active in interactive shells
+ENV BASH_ENV=${APP_ROOT}/bin/activate \
+    ENV=${APP_ROOT}/bin/activate \
+    PROMPT_COMMAND=". ${APP_ROOT}/bin/activate"
+
+ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \
+    DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
+building and running various Python $PYTHON_VERSION applications and frameworks. \
+Python is an easy to learn, powerful programming language. It has efficient high-level \
+data structures and a simple but effective approach to object-oriented programming. \
+Python's elegant syntax and dynamic typing, together with its interpreted nature, \
+make it an ideal language for scripting and rapid application development in many areas \
+on most platforms."
+
+LABEL summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION" \
+      io.k8s.display-name="Python 3.14" \
+      io.openshift.expose-services="8080:http" \
+      io.openshift.tags="builder,python,python314,python-314,rh-python314" \
+      com.redhat.component="python-314-container" \
+      name="ubi10/python-314-minimal" \
+      usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.14-minimal/test/setup-test-app/ ubi10/python-314-minimal python-sample-app" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      io.buildpacks.stack.id="com.redhat.stacks.ubi10-python-314-minimal" \
+      maintainer="SoftwareCollections.org <sclorg@redhat.com>"
+
+# Very minimal set of packages
+# Python is obvious in the Python container :)
+# glibc-langpack-en is needed to set locale to en_US and disable warning about it
+# findutils - find command is needed for fix-permissions script
+# nss_wrapper - used in generate_container_user script
+RUN INSTALL_PKGS="python3.14 glibc-langpack-en findutils nss_wrapper-libs" && \
+    microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
+    microdnf -y clean all --enablerepo='*'
+
+# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
+COPY 3.14-minimal/s2i/bin/ $STI_SCRIPTS_PATH
+
+# Copy extra files to the image.
+COPY 3.14-minimal/root/ /
+
+# Python 3.7+ only
+# Yes, the directory below is already copied by the previous command.
+# The problem here is that the wheels directory is copied as a symlink.
+# Only if you specify symlink directly as a source, COPY copies all the
+# files from the symlink destination.
+COPY 3.14-minimal/root/opt/wheels /opt/wheels
+
+# This command sets (and also creates if necessary)
+# the home directory - it has to be done here so the latter
+# fix-permissions fixes this directory as well.
+WORKDIR ${HOME}
+
+# - Create a Python virtual environment for use by any application to avoid
+#   potential conflicts with Python packages preinstalled in the main Python
+#   installation.
+# - In order to drop the root user, we have to make some directories world
+#   writable as OpenShift default security model is to run the container
+#   under random UID.
+RUN \
+    python3.14 -m venv ${APP_ROOT} && \
+    # We have to upgrade pip to a newer version because \
+    # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
+    #   support platforms like ppc64le, aarch64 or armv7 \
+    # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
+    # because it's tested better then whatever version from PyPI and contains useful patches. \
+    # We have to do it here so the permissions are correctly fixed and pip is able \
+    # to reinstall itself in the next build phases in the assemble script if user wants the latest version \
+    ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
+    rm -r /opt/wheels && \
+    chown -R 1001:0 ${APP_ROOT} && \
+    fix-permissions ${APP_ROOT} -P && \
+    rpm-file-permissions
+
+USER 1001
+
+# Set the default CMD to print the usage of the language image.
+CMD $STI_SCRIPTS_PATH/usage

3.14-minimal/Dockerfile.rhel9

@@ -0,0 +1,104 @@
+FROM ubi9/ubi-minimal:latest
+
+
+EXPOSE 8080
+
+ENV PYTHON_VERSION=3.14 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    CNB_STACK_ID=com.redhat.stacks.ubi9-python-314 \
+    CNB_USER_ID=1001 \
+    CNB_GROUP_ID=0 \
+    PIP_NO_CACHE_DIR=off \
+    # The following variables are usually available from parent s2i images \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_ROOT=/opt/app-root \
+    HOME=/opt/app-root/src \
+    PLATFORM="el9"
+
+# /opt/app-root/bin - the main venv
+# /opt/app-root/src/bin - app-specific binaries
+# /opt/app-root/src/.local/bin - tools like pipenv
+ENV PATH=$APP_ROOT/bin:$HOME/bin:$HOME/.local/bin:$PATH
+
+# Ensure the virtual environment is active in interactive shells
+ENV BASH_ENV=${APP_ROOT}/bin/activate \
+    ENV=${APP_ROOT}/bin/activate \
+    PROMPT_COMMAND=". ${APP_ROOT}/bin/activate"
+
+ENV SUMMARY="Minimal platform for building and running Python $PYTHON_VERSION applications" \
+    DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \
+building and running various Python $PYTHON_VERSION applications and frameworks. \
+Python is an easy to learn, powerful programming language. It has efficient high-level \
+data structures and a simple but effective approach to object-oriented programming. \
+Python's elegant syntax and dynamic typing, together with its interpreted nature, \
+make it an ideal language for scripting and rapid application development in many areas \
+on most platforms."
+
+LABEL summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION" \
+      io.k8s.display-name="Python 3.14" \
+      io.openshift.expose-services="8080:http" \
+      io.openshift.tags="builder,python,python314,python-314,rh-python314" \
+      com.redhat.component="python-314-container" \
+      name="ubi9/python-314-minimal" \
+      usage="s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.14-minimal/test/setup-test-app/ ubi9/python-314-minimal python-sample-app" \
+      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
+      io.buildpacks.stack.id="com.redhat.stacks.ubi9-python-314-minimal" \
+      maintainer="SoftwareCollections.org <sclorg@redhat.com>"
+
+# Very minimal set of packages
+# Python is obvious in the Python container :)
+# glibc-langpack-en is needed to set locale to en_US and disable warning about it
+# findutils - find command is needed for fix-permissions script
+# nss_wrapper - used in generate_container_user script
+RUN INSTALL_PKGS="python3.14 glibc-langpack-en findutils nss_wrapper-libs" && \
+    microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
+    microdnf -y clean all --enablerepo='*'
+
+# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH.
+COPY 3.14-minimal/s2i/bin/ $STI_SCRIPTS_PATH
+
+# Copy extra files to the image.
+COPY 3.14-minimal/root/ /
+
+# Python 3.7+ only
+# Yes, the directory below is already copied by the previous command.
+# The problem here is that the wheels directory is copied as a symlink.
+# Only if you specify symlink directly as a source, COPY copies all the
+# files from the symlink destination.
+COPY 3.14-minimal/root/opt/wheels /opt/wheels
+
+# This command sets (and also creates if necessary)
+# the home directory - it has to be done here so the latter
+# fix-permissions fixes this directory as well.
+WORKDIR ${HOME}
+
+# - Create a Python virtual environment for use by any application to avoid
+#   potential conflicts with Python packages preinstalled in the main Python
+#   installation.
+# - In order to drop the root user, we have to make some directories world
+#   writable as OpenShift default security model is to run the container
+#   under random UID.
+RUN \
+    python3.14 -m venv ${APP_ROOT} && \
+    # We have to upgrade pip to a newer version because \
+    # pip < 19.3 does not support manylinux2014 wheels. Only manylinux2014 (and later) wheels \
+    #   support platforms like ppc64le, aarch64 or armv7 \
+    # We are newly using wheel from one of the latest stable Fedora releases (from RPM python-pip-wheel) \
+    # because it's tested better then whatever version from PyPI and contains useful patches. \
+    # We have to do it here so the permissions are correctly fixed and pip is able \
+    # to reinstall itself in the next build phases in the assemble script if user wants the latest version \
+    ${APP_ROOT}/bin/pip install /opt/wheels/pip-* && \
+    rm -r /opt/wheels && \
+    chown -R 1001:0 ${APP_ROOT} && \
+    fix-permissions ${APP_ROOT} -P && \
+    rpm-file-permissions
+
+USER 1001
+
+# Set the default CMD to print the usage of the language image.
+CMD $STI_SCRIPTS_PATH/usage