From f95ee4ffb89b3448470144af56a73e2aac7d7df4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Thu, 6 Nov 2025 13:48:46 +0100 Subject: [PATCH] NO-JIRA: refactor(jupyter/minimal/Dockerfile.rocm): wrap multiple RUN commands with bash for improved readability and error handling --- .../minimal/ubi9-python-3.12/Dockerfile.rocm | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm index b02c6f7dc4..d5753cd9ee 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm @@ -34,7 +34,12 @@ EOF # upgrade first to avoid fixable vulnerabilities end # Install useful OS packages -RUN dnf install -y perl mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum +RUN /bin/bash <<'EOF' +set -Eeuxo pipefail +dnf install -y perl mesa-libGL skopeo +dnf clean all +rm -rf /var/cache/yum +EOF # Other apps and tools installed as default user USER 1001 @@ -89,21 +94,24 @@ USER 1001 COPY ${MINIMAL_SOURCE_CODE}/pylock.toml ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ # Install Python dependencies from Pipfile.lock file -RUN echo "Installing softwares and packages" && \ - # This may have to download and compile some dependencies, and as we don't lock requirements from `build-system.requires`, - # we often don't know the correct hashes and `--require-hashes` would therefore fail on non amd64, where building is common. - uv pip install --strict --no-deps --no-cache --no-config --no-progress --verify-hashes --compile-bytecode --index-strategy=unsafe-best-match --requirements=./pylock.toml && \ - # Disable announcement plugin of jupyterlab \ - jupyter labextension disable "@jupyterlab/apputils-extension:announcements" && \ - # Replace Notebook's launcher, "(ipykernel)" with Python's version 3.x.y \ - sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json && \ - # copy jupyter configuration - cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter && \ - # Fix permissions to support pip in Openshift environments \ - chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \ - fix-permissions /opt/app-root -P && \ - # Apply JupyterLab addons \ - /opt/app-root/bin/utils/addons/apply.sh +RUN /bin/bash <<'EOF' +set -Eeuxo pipefail +echo "Installing softwares and packages" +# This may have to download and compile some dependencies, and as we don't lock requirements from `build-system.requires`, +# we often don't know the correct hashes and `--require-hashes` would therefore fail on non amd64, where building is common. +uv pip install --strict --no-deps --no-cache --no-config --no-progress --verify-hashes --compile-bytecode --index-strategy=unsafe-best-match --requirements=./pylock.toml +# Disable announcement plugin of jupyterlab +jupyter labextension disable "@jupyterlab/apputils-extension:announcements" +# Replace Notebook's launcher, "(ipykernel)" with Python's version 3.x.y +sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json +# copy jupyter configuration +cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter +# Fix permissions to support pip in Openshift environments +chmod -R g+w /opt/app-root/lib/python3.12/site-packages +fix-permissions /opt/app-root -P +# Apply JupyterLab addons +/opt/app-root/bin/utils/addons/apply.sh +EOF WORKDIR /opt/app-root/src