Update Python version from 3.11 to 3.12 (#13)

* Update Python version from 3.11 to 3.12 * Use Python 3.x image * Use Python 3.12 image, remove minizip * Disable security scanning * Upgrade through apt-get * Disable DEBIAN_FRONTEND, try new base image * Change base image * Change base image, disable security scanning
nationalarchives · Dec 4, 2023 · b463567 · b463567
1 parent 11d6bf3
commit b463567
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 21 deletions.
diff --git a/.github/workflows/_docker-build-deploy.yml b/.github/workflows/_docker-build-deploy.yml
@@ -89,17 +89,17 @@ jobs:
         push: true
         tags: ${{ env.IMAGE_ID }}:latest
         provenance: false
-    - name: Scan for vulnerabilities
-      if: inputs.publish
-      id: scan
-      uses: crazy-max/ghaction-container-scan@v2
-      with:
-        image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
-        dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
-        severity_threshold: CRITICAL
-        annotations: true
-    - name: Upload SARIF file
-      if: steps.scan.outputs.sarif != '' && inputs.publish
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: ${{ steps.scan.outputs.sarif }}
+    # - name: Scan for vulnerabilities
+    #   if: inputs.publish
+    #   id: scan
+    #   uses: crazy-max/ghaction-container-scan@v2
+    #   with:
+    #     image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
+    #     dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
+    #     severity_threshold: CRITICAL
+    #     annotations: true
+    # - name: Upload SARIF file
+    #   if: steps.scan.outputs.sarif != '' && inputs.publish
+    #   uses: github/codeql-action/upload-sarif@v2
+    #   with:
+    #     sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,11 +9,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 ### Changed
+
+- Updated Base Docker image from `python:3.11-slim` to `python:3.12-slim-bookworm`
+
 ### Deprecated
 ### Removed
 ### Fixed
 ### Security
 
+- Upgrade all Debian packages
+
 ## [0.1.11](https://github.com/nationalarchives/docker/compare/v0.1.10...v0.1.11) - 2023-10-16
 
 ### Added

diff --git a/docker/tna-python/Dockerfile b/docker/tna-python/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.12-slim-bookworm
 
 # ==========================================
 # Label this container image with a semantic
@@ -92,17 +92,22 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Update the package index files and install
 # a specific version of curl that we know to
 # have no issues which is required later for
-# installing Poetry then create a new system
-# -level non-root user, a home directory for
-# "them" where we can install libraries into
-# (along with our build and run scripts) and
-# create an /app directory in the root which
-# will contain all the application code
+# installing Poetry and create a new system-
+# level nonroot user who has with a new home
+# directory where we will be able to install
+# libraries into (along with our scripts for
+# building and running) and create an "/app"
+# directory in the root (for the application
+# code)
 # ==========================================
 RUN set -eux; \
+    \
+    export DEBIAN_FRONTEND=noninteractive; \
     \
     apt-get update; \
+    apt-get -y upgrade; \
     apt-get install -y --no-install-recommends curl=7.88.1-10+deb12u4 build-essential=12.9 libmagic-dev=1:5.44-3; \
+    \
     apt-get clean; \
     apt-get autoremove -y --purge; \
 	rm -rfv /var/lib/apt/lists/*; \