From 97a89f7e6949a442347735ca1b0bea246a3206ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Sat, 15 Nov 2025 13:14:30 +0100 Subject: [PATCH] RHAIENG-1965: chore(cli): update Dockerfile.konflux* comments for consistency with `scripts/dockerfile_fragments.py` * https://github.com/opendatahub-io/notebooks/pull/2682 --- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.cpu | 16 +++++++-------- .../minimal/ubi9-python-3.12/Dockerfile.cpu | 2 +- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 20 ++++++++++++------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 16 +++++++-------- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 16 +++++++-------- .../rhel9-python-3.12/Dockerfile.konflux.cpu | 8 ++++---- .../rhel9-python-3.12/Dockerfile.konflux.cuda | 8 ++++---- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.cpu | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.cuda | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.cuda | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.rocm | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.rocm | 12 +++++------ .../ubi9-python-3.12/Dockerfile.konflux.cuda | 12 +++++------ 21 files changed, 142 insertions(+), 136 deletions(-) diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index d619c50144..79462f9274 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -85,7 +85,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -95,7 +95,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -116,11 +116,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -129,7 +129,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # codeserver # diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index f731b5e8f7..4e48d64ae0 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -54,7 +54,7 @@ ARG TARGETARCH # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -64,7 +64,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN --mount=type=cache,target=/var/cache/dnf /bin/bash <<'EOF' @@ -114,11 +114,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -127,7 +127,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################## # wheel-builder stage # @@ -280,11 +280,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu index ab09afba52..99b9726a08 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu @@ -101,7 +101,7 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +# Dependencies for PDF export RUN --mount=type=cache,from=pdf-builder,source=/usr/local/,target=/pdf_builder/,rw \ bash -c ' \ if [[ "$(uname -m)" == "ppc64le" ]]; then \ diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 9c3871fa36..77b3080125 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -41,7 +41,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -51,7 +51,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -64,11 +64,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -77,7 +77,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # jupyter-minimal # @@ -93,7 +93,7 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +# Dependencies for PDF export RUN --mount=type=cache,from=pdf-builder,source=/usr/local/,target=/pdf_builder/,rw \ bash -c ' \ if [[ "$(uname -m)" == "ppc64le" ]]; then \ @@ -138,3 +138,9 @@ LABEL name="rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9" \ description="Minimal Jupyter CPU notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \ io.k8s.description="Minimal Jupyter CPU notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \ com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf" + +### BEGIN Dependencies for PDF export +RUN ./utils/install_pdf_deps.sh +ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" + +### END Dependencies for PDF export diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda index 945ba0492c..5208c64b59 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -25,7 +25,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -35,7 +35,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -48,11 +48,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -61,7 +61,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -87,11 +87,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm index 8ff3a46338..edcd490452 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -75,11 +75,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda index 3b105b0336..08a7e46472 100644 --- a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda index c7ef81df1e..6c3d6ff6f3 100644 --- a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm index c67cb79a6d..c03d0b2126 100644 --- a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -37,7 +37,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -47,7 +47,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -60,11 +60,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -73,7 +73,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -91,11 +91,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm index 9785459caa..8e7d535049 100644 --- a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -37,7 +37,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -47,7 +47,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -60,11 +60,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -73,7 +73,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-jupyter-minimal # @@ -89,11 +89,11 @@ COPY ${JUPYTER_REUSABLE_UTILS} utils/ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda index 15ca7dae25..a1bdbc83fd 100644 --- a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -39,7 +39,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -49,7 +49,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -62,11 +62,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -75,7 +75,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-jupyter-minimal # @@ -93,11 +93,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu index 3bb1248442..a8ef90fe17 100644 --- a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -66,7 +66,7 @@ USER root # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -76,7 +76,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -89,11 +89,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -102,7 +102,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # jupyter-minimal # @@ -119,11 +119,11 @@ COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ USER 0 -# Dependencies for PDF export begin +### BEGIN Dependencies for PDF export RUN ./utils/install_pdf_deps.sh ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH" -# Dependencies for PDF export end +### END Dependencies for PDF export USER 1001 diff --git a/rstudio/rhel9-python-3.12/Dockerfile.konflux.cpu b/rstudio/rhel9-python-3.12/Dockerfile.konflux.cpu index 105bea386c..a2b780e623 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.konflux.cpu +++ b/rstudio/rhel9-python-3.12/Dockerfile.konflux.cpu @@ -31,7 +31,7 @@ if command -v subscription-manager &> /dev/null; then fi EOF -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -41,7 +41,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 @@ -50,9 +50,9 @@ RUN dnf install -y perl mesa-libGL && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt WORKDIR /opt/app-root/src diff --git a/rstudio/rhel9-python-3.12/Dockerfile.konflux.cuda b/rstudio/rhel9-python-3.12/Dockerfile.konflux.cuda index 0bb6b6964d..c18261252f 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.konflux.cuda +++ b/rstudio/rhel9-python-3.12/Dockerfile.konflux.cuda @@ -31,7 +31,7 @@ if command -v subscription-manager &> /dev/null; then fi EOF -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -41,7 +41,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages # remove skopeo, CVE-2025-4674 @@ -50,9 +50,9 @@ RUN dnf install -y perl mesa-libGL && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt WORKDIR /opt/app-root/src diff --git a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index a11d08f9ed..74c07964e6 100644 --- a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -27,7 +27,7 @@ COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo ARG TARGETARCH -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -37,7 +37,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN --mount=type=cache,target=/var/cache/dnf /bin/bash <<'EOF' @@ -107,11 +107,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -120,7 +120,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################## # wheel-builder stage # diff --git a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 090114a3ba..544b3f328e 100644 --- a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -52,11 +52,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -65,7 +65,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client #################### # runtime-minimal # diff --git a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda index ea54bc5db1..d652d24076 100644 --- a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-runtime-pytorch # diff --git a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda index ac153dcbd1..ad5eb553bd 100644 --- a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -23,7 +23,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -33,7 +33,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -46,11 +46,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -59,7 +59,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################### # cuda-runtime-pytorch # diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm index 1313ea7b55..03edc4467e 100644 --- a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ######################## # rocm-runtime-pytorch # diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm index 20997f4b7a..599aa8ba9c 100644 --- a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -21,7 +21,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -31,7 +31,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -44,11 +44,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -57,7 +57,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ########################### # rocm-runtime-tensorflow # diff --git a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda index ce56e0e866..dbe70b1a16 100644 --- a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -25,7 +25,7 @@ USER 0 # By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo -# upgrade first to avoid fixable vulnerabilities begin +### BEGIN upgrade first to avoid fixable vulnerabilities # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) # Solution: --best --skip-broken does not work either, so use --nobest @@ -35,7 +35,7 @@ dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setopt=in dnf clean all -y EOF -# upgrade first to avoid fixable vulnerabilities end +### END upgrade first to avoid fixable vulnerabilities # Install useful OS packages RUN /bin/bash <<'EOF' @@ -48,11 +48,11 @@ EOF # Other apps and tools installed as default user USER 1001 -# Install micropipenv and uv to deploy packages from requirements.txt begin +### BEGIN Install micropipenv and uv to deploy packages from requirements.txt RUN pip install --no-cache-dir --extra-index-url https://pypi.org/simple -U "micropipenv[toml]==1.9.0" "uv==0.8.12" -# Install micropipenv and uv to deploy packages from requirements.txt end +### END Install micropipenv and uv to deploy packages from requirements.txt -# Install the oc client begin +### BEGIN Install the oc client RUN /bin/bash <<'EOF' set -Eeuxo pipefail curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ @@ -61,7 +61,7 @@ tar -xzvf /tmp/openshift-client-linux.tar.gz oc rm -f /tmp/openshift-client-linux.tar.gz EOF -# Install the oc client end +### END Install the oc client ############################ # cuda-runtime-tensorflow #