search

OpenJobDescription / openjd-sessions-for-python

Provides a Python library that can be used to build a runtime that is able to run Jobs in a Session as defined by Open Job Description.
https://github.com/OpenJobDescription/openjd-specifications/wiki
Apache License 2.0
10 stars 12 forks source link

chore: upgrade test containers from buster to bookworm and cache Python deps #178

Open jusiskin opened 1 week ago

jusiskin commented 1 week ago

What was the problem/requirement? (What/Why)

The developer scripting for test automation uses Docker to setup Linux containers used for cross-user test automation. There are two problems with this scripting:

  1. The scripting is not optimized for a rapid developer iteration loop. The openjd-sessions code is bind mounted when launching the container which means that the hatch environment must be created each time the tests are run.
  2. The Dockerfiles build on the python:3.7-buster base container image. This container image is now end-of-life and a new image was last pushed a year ago (https://hub.docker.com/_/python/tags?name=3.9-buster)

What was the solution? (How)

  1. Refactor the Dockerfiles to build the hatch environment into the Docker image and not when running the container
  2. Modify the Dockerfiles to use python:3.7-bookworm.
    1. This required adding -y to apt-get install ... commands in the Dockerfiles since this was a behavior change from buster to bookworm
    2. The test_subprocess.py test module needed to be modified due to a behavior change between the base images. Processes killed with signals are put in a "zombie" state if their parent is still running but hasn't checked the exit code of the process (see https://en.wikipedia.org/wiki/Zombie_process)

What is the impact of this change?

  1. The developer iteration loop is faster
  2. The container uses a base container image that is actively maintained and reflects an up-to-date environment

How was this change tested?

See DEVELOPMENT.md for information on running tests.

Was this change documented?

Is this a breaking change?

A breaking change is one that modifies a public contract in a way that is not backwards compatible. See the Public Interfaces section of the DEVELOPMENT.md for more information on the public contracts.

No, there were no breaking changes made

Does this change impact security?

This change does not impact the threat model of the package

This change improves the development-time security posture since developers will be using an actively maintained base container image.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

sonarcloud[bot] commented 1 week ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud