cloud-gov · dandersonsw · Sep 10, 2024 · Sep 6, 2024 · Sep 9, 2024 · Sep 10, 2024
@@ -22,19 +22,10 @@ jobs:
     params: {depth: 1}
     trigger: true
     passed: [reconfigure]
-
-  - put: dev-docker-image
-    # We push this docker image _only_ so that we can use it in the next task
-    # below.  :shrug: concourse.
-    params:
-      build: src
-      dockerfile: src/docker/Dockerfile.dev
-      tag_as_latest: true
-      cache: true
-
+  - get: external-domain-migrator-testing
   - task: test
     # Run the tests using the image pushed above.
-    image: dev-docker-image
+    image: external-domain-migrator-testing
     config:
       platform: linux
       params:
@@ -228,14 +219,14 @@ resources:
     branch: main
     commit_verification_keys: ((cloud-gov-pgp-keys))
 
-- name: dev-docker-image
-  type: docker-image
-  icon: docker
+- name: external-domain-broker-migrator-testing
+  type: registry-image
   source:
-    email: ((docker-email))
-    username: ((docker-username))
-    password: ((docker-password))
-    repository: ((docker-image-dev))
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: external-domain-broker-migrator-testing
+    aws_region: us-gov-west-1
+    tag: latest
 
 - name: cf-dev
   type: cf

@@ -68,6 +68,7 @@ build_image() {
     --build-arg UID="$(id -u)" \
     --build-arg GID="$(id -g)" \
     --build-arg USER="$USER" \
+    --build-arg base_image="ubuntu:22.04" \
     .
 }
 

@@ -1,4 +1,6 @@
-FROM python:3.9-slim as base
+ARG base_image
+
+FROM ${base_image} AS base
 
 # When building locally, these should be set to your UID/GID.  That way, any
 # files written to the $PWD mount will be owned by you.  This is not
@@ -9,7 +11,7 @@ ARG USER=app
 
 # In case the host user's GID is already in the base image.
 RUN grep -q ":$GID:" /etc/group \
- || groupadd --gid="$GID" "$USER"
+      || groupadd --gid="$GID" "$USER"
 
 RUN useradd \
       --home-dir="/home/$USER" \
@@ -23,64 +25,74 @@ RUN useradd \
       "$USER"
 
 RUN apt update \
- && apt -y upgrade \
- && apt install -y --no-install-recommends \
+      && apt -y upgrade \
+      && apt install -y --no-install-recommends \
       build-essential \
       libpq-dev \
       curl \
       gnupg2 \
       procps \
       git \
-      lsb-release
+      lsb-release \
+      ca-certificates \
+      python3.11 \
+      python3-pip \
+      python3.11-dev
+
+# Symlink python and pip to python3.11
+RUN ln -s /usr/bin/python3.11 /usr/bin/python
 
 # Install Fake Pebble LE server
 COPY --from=letsencrypt/pebble /usr/bin/pebble /usr/bin/pebble
 COPY --from=letsencrypt/pebble /test/ /test/
 COPY --from=letsencrypt/pebble-challtestsrv /usr/bin/pebble-challtestsrv /usr/bin/pebble-challtestsrv
 
 RUN cp /test/certs/pebble.minica.pem /usr/local/share/ca-certificates/pebble.crt \
- && update-ca-certificates
+      && update-ca-certificates
 
 # Install Postgresql
 ENV PG_MAJOR=15
 RUN echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main"\
-    > /etc/apt/sources.list.d/pgdg.list \
- && curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
- && apt update \
- && apt install -y --no-install-recommends "postgresql-$PG_MAJOR"
+      > /etc/apt/sources.list.d/pgdg.list \
+      && curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+      && apt update \
+      && DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends "postgresql-$PG_MAJOR"
+
+# Disable login shell for postgres user
+RUN usermod -s /sbin/nologin postgres
 
 ENV PGDATA /tmp/data
 ENV PGCONFIG /tmp/data/postgresql.conf
 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin
 
 RUN mkdir -p "$PGDATA" \
- && chown -R "$USER:" "$PGDATA" \
- && chmod 700 "$PGDATA"
+      && chown -R "$USER:" "$PGDATA" \
+      && chmod 700 "$PGDATA"
 
 ENV POSTGRES_HOST_AUTH_METHOD=trust
 
 RUN echo "Installing latest piptools" && \
-pip install --upgrade pip && \
-pip install pip-tools
+      python -m pip install --upgrade pip && \
+      python -m pip install pip-tools
 
 # Install local python packages
 COPY pip-tools/dev-requirements.txt ./pip-tools/
-RUN pip install -r pip-tools/dev-requirements.txt
+RUN python -m pip install -r pip-tools/dev-requirements.txt
 
 WORKDIR /app
 RUN chown "$UID:$GID" .
 USER $UID:$GID
 
 RUN initdb \
-  && echo "unix_socket_directories = '$PGDATA'" >> "$PGCONFIG" \
-  && echo "log_statement = 'all'" >> "$PGCONFIG" \
-  && echo "log_connections = on" >> "$PGCONFIG" \
-  && echo "log_disconnections = on" >> "$PGCONFIG" \
-  && echo "log_line_prefix = ''" >> "$PGCONFIG" \
-  && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" "$PGCONFIG" \
-  && grep -F "listen_addresses = '*'" "$PGCONFIG" \
-  && echo 'CREATE DATABASE "local-development-cdn"' | postgres --single -D "$PGDATA" postgres \
-  && echo 'CREATE DATABASE "local-development-domain"' | postgres --single -D "$PGDATA" postgres
+      && echo "unix_socket_directories = '$PGDATA'" >> "$PGCONFIG" \
+      && echo "log_statement = 'all'" >> "$PGCONFIG" \
+      && echo "log_connections = on" >> "$PGCONFIG" \
+      && echo "log_disconnections = on" >> "$PGCONFIG" \
+      && echo "log_line_prefix = ''" >> "$PGCONFIG" \
+      && sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" "$PGCONFIG" \
+      && grep -F "listen_addresses = '*'" "$PGCONFIG" \
+      && echo 'CREATE DATABASE "local-development-cdn"' | postgres --single -D "$PGDATA" postgres \
+      && echo 'CREATE DATABASE "local-development-domain"' | postgres --single -D "$PGDATA" postgres
 
 COPY . .
 

@@ -2,42 +2,42 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --output-file=pip-tools/dev-requirements.txt pip-tools/dev-requirements.in
+#    ./dev update-requirements
 #
-aiohappyeyeballs==2.3.5
-    # via aiohttp
-aiohttp==3.10.3
+aiohappyeyeballs==2.4.0
+    # via
+    #   -r pip-tools/../requirements.txt
+    #   aiohttp
+aiohttp==3.10.5
     # via
     #   -r pip-tools/../requirements.txt
     #   cloudfoundry-client
 aiosignal==1.3.1
     # via
     #   -r pip-tools/../requirements.txt
     #   aiohttp
-async-timeout==4.0.3
-    # via -r pip-tools/../requirements.txt
-attrs==23.2.0
+attrs==24.2.0
     # via
     #   -r pip-tools/../requirements.txt
     #   aiohttp
-black==24.4.2
+black==24.8.0
     # via -r pip-tools/dev-requirements.in
-boto3==1.34.140
+boto3==1.35.13
     # via -r pip-tools/../requirements.txt
-botocore==1.34.140
+botocore==1.35.13
     # via
     #   -r pip-tools/../requirements.txt
     #   boto3
     #   s3transfer
 build==1.2.1
     # via pip-tools
-certifi==2024.7.4
+certifi==2024.8.30
     # via
     #   -r pip-tools/../requirements.txt
     #   requests
 cfenv==0.5.3
     # via -r pip-tools/../requirements.txt
-cffi==1.16.0
+cffi==1.17.1
     # via
     #   -r pip-tools/../requirements.txt
     #   cryptography
@@ -53,15 +53,15 @@ cloudfoundry-client==1.37.1
     # via -r pip-tools/../requirements.txt
 colorama==0.4.6
     # via pytest-watch
-cryptography==42.0.8
+cryptography==43.0.1
     # via -r pip-tools/../requirements.txt
 dnspython==2.6.1
     # via -r pip-tools/../requirements.txt
 docopt==0.6.2
     # via pytest-watch
 environs==11.0.0
     # via -r pip-tools/../requirements.txt
-flake8==7.1.0
+flake8==7.1.1
     # via -r pip-tools/dev-requirements.in
 frozenlist==1.4.1
     # via
@@ -78,7 +78,7 @@ greenlet==3.0.3
     # via
     #   -r pip-tools/../requirements.txt
     #   sqlalchemy
-idna==3.7
+idna==3.8
     # via
     #   -r pip-tools/../requirements.txt
     #   requests
@@ -90,7 +90,7 @@ jmespath==1.0.1
     #   -r pip-tools/../requirements.txt
     #   boto3
     #   botocore
-marshmallow==3.21.3
+marshmallow==3.22.0
     # via
     #   -r pip-tools/../requirements.txt
     #   environs
@@ -130,13 +130,13 @@ polling2==0.5.0
     # via
     #   -r pip-tools/../requirements.txt
     #   cloudfoundry-client
-protobuf==5.27.2
+protobuf==5.28.0
     # via
     #   -r pip-tools/../requirements.txt
     #   cloudfoundry-client
 psycopg2==2.9.9
     # via -r pip-tools/../requirements.txt
-pycodestyle==2.12.0
+pycodestyle==2.12.1
     # via flake8
 pycparser==2.22
     # via
@@ -148,7 +148,7 @@ pyproject-hooks==1.1.0
     # via
     #   build
     #   pip-tools
-pytest==8.2.2
+pytest==8.3.2
     # via
     #   -r pip-tools/dev-requirements.in
     #   pytest-profiling
@@ -165,7 +165,7 @@ python-dotenv==1.0.1
     # via
     #   -r pip-tools/../requirements.txt
     #   environs
-pyyaml==6.0.1
+pyyaml==6.0.2
     # via
     #   -r pip-tools/../requirements.txt
     #   cloudfoundry-client
@@ -191,7 +191,7 @@ six==1.16.0
     #   orderedmultidict
     #   pytest-profiling
     #   python-dateutil
-sqlalchemy==2.0.31
+sqlalchemy==2.0.34
     # via
     #   -r pip-tools/../requirements.txt
     #   sqlalchemy-utils
@@ -201,20 +201,20 @@ typing-extensions==4.12.2
     # via
     #   -r pip-tools/../requirements.txt
     #   sqlalchemy
-urllib3==1.26.19
+urllib3==2.2.2
     # via
     #   -r pip-tools/../requirements.txt
     #   botocore
     #   requests
-watchdog==4.0.1
+watchdog==5.0.2
     # via pytest-watch
 websocket-client==1.8.0
     # via
     #   -r pip-tools/../requirements.txt
     #   cloudfoundry-client
-wheel==0.43.0
+wheel==0.44.0
     # via pip-tools
-yarl==1.9.4
+yarl==1.9.11
     # via
     #   -r pip-tools/../requirements.txt
     #   aiohttp

@@ -1,6 +1,6 @@
 [tool.black]
 line-length = 88
-target-version = ['py39']
+target-version = ['py311']
 include = '\.pyi?$'
 exclude = '''
 /(