remove Python dependencies from Ubuntu FIPS base image

🤖 Generated with [opencode](https://opencode.ai)

Co-Authored-By: opencode <[email protected]>

Author: thatguyinabeanie

Dockerfile

@@ -7,7 +7,7 @@ ARG BASE_IMAGE_NAME=ubuntu-fips
 ARG BASE_IMAGE_TAG=22.04
 ARG ECR_URI=${ECR_ACCOUNT_ID}.dkr.ecr-fips.${ECR_REGION}.amazonaws.com/${BASE_IMAGE_NAME}:${BASE_IMAGE_TAG} 
 
-FROM ${ECR_URI} as ubuntu-fips-python-s6
+FROM ${ECR_URI} as ubuntu-fips-s6
 # set version labels
 ARG BUILD_DATE
 ARG VERSION
@@ -23,26 +23,21 @@ LABEL maintainer="civisanalytics"
 ENV REL=jammy
 ENV ARCH=amd64
 
-# Install Python 3.10 and development tools
+# Install base development tools (no Python)
 RUN apt-get update && apt-get install -y \
   curl \
   tzdata \
-  python3.10 \
-  python3.10-dev \
-  python3.10-venv \
-  python3-pip \
   build-essential \
   libpq-dev \
   git \
   ca-certificates \
   openssl \
   xz-utils \
   libssl-dev && \
+  # Clean up
   rm -rf /var/lib/apt/lists/* && \
   # Update CA certificates to ensure SSL/TLS works properly
-  update-ca-certificates && \
-  ln -sf /usr/bin/python3.10 /usr/bin/python && \
-  ln -sf /usr/bin/python3.10 /usr/bin/python3
+  update-ca-certificates 
 
 # add s6 overlay
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
@@ -61,7 +56,7 @@ ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-s
 ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run"
 ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown"
 
-FROM ubuntu-fips-python-s6 as linuxserver-python-base
+FROM ubuntu-fips-s6 as linuxserver-base
 
 # set environment variables
 ARG DEBIAN_FRONTEND="noninteractive"
@@ -71,9 +66,7 @@ ENV HOME="/workspace" \
   TERM="xterm" \
   S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
   S6_VERBOSITY=1 \
-  S6_STAGE2_HOOK=/docker-mods \
-  VIRTUAL_ENV=/lsiopy \
-  PATH="/lsiopy/bin:$PATH"
+  S6_STAGE2_HOOK=/docker-mods
 
 RUN \
   echo "**** Ripped from Ubuntu Docker Logic ****" && \
@@ -132,8 +125,7 @@ RUN \
     /app \
     /config \
     /defaults \
-    /workspace \
-    /lsiopy && \
+    /workspace && \
   echo "**** cleanup ****" && \
   apt-get autoremove && \
   apt-get clean && \

buildspec/merge_master.yaml

@@ -0,0 +1,14 @@
+version: 0.2
+phases:
+  pre_build:
+    commands:
+      - echo Logging in to Amazon ECR...
+      - aws ecr get-login-password --region ${AWS_DEFAULT_REGION} | docker login --username AWS --password-stdin ${FIPS_REPOSITORY_URI}
+  build:
+    commands:
+      - echo Building the Docker image...
+      - docker build -t ${FIPS_REPOSITORY_URI}:latest .
+      - docker image push --all-tags  ${FIPS_REPOSITORY_URI}
+  post_build:
+    commands:
+      - echo Build completed!

buildspec/push.yaml

@@ -0,0 +1,19 @@
+version: 0.2
+phases:
+  build:
+    commands:
+      - echo Logging in to Amazon ECR...
+      - aws ecr get-login-password --region ${AWS_DEFAULT_REGION} | docker login --username AWS --password-stdin ${FIPS_REPOSITORY_URI}
+      - export COMMIT_HASH_SHORT="$(echo $COMMIT_HASH | cut -c 1-7)"
+      - echo Building the Docker image...
+      - echo $FIPS_REPOSITORY_URI
+      - echo $COMMIT_HASH_SHORT
+      - echo $BRANCH_NAME
+      - docker build --tag ${FIPS_REPOSITORY_URI}:${COMMIT_HASH_SHORT} --tag ${FIPS_REPOSITORY_URI}:${BRANCH_NAME} .
+      # We have a life cycle policy in place to expire and delete images from dev branches,
+      # so there are no issues with pushing as many of these images as there may be.
+      - docker image push --all-tags ${FIPS_REPOSITORY_URI}
+  post_build:
+    commands:
+      - echo Build completed!
+      - printf '{"tag":"%s"}' $COMMIT_HASH_SHORT > build.json

buildspec/release.yaml

@@ -0,0 +1,17 @@
+
+version: 0.2
+phases:
+  build:
+    commands:
+      - echo Logging in to Amazon ECR...
+      - aws ecr get-login-password --region ${AWS_DEFAULT_REGION} | docker login --username AWS --password-stdin ${FIPS_REPOSITORY_URI}
+      - echo Building the Docker image...
+      - PATCH_TAG=${TAG_NAME#"v"} # major.minor.patch
+      - MINOR_TAG=${PATCH_TAG%.*} # major.minor
+      - MAJOR_TAG=${MINOR_TAG%.*} # major
+      - docker build -t ${FIPS_REPOSITORY_URI}:${PATCH_TAG} -t ${FIPS_REPOSITORY_URI}:${MINOR_TAG} -t ${FIPS_REPOSITORY_URI}:${MAJOR_TAG} .
+      - docker image push --all-tags  ${FIPS_REPOSITORY_URI}
+  post_build:
+    commands:
+      - echo Build completed!
+      - printf '{"tag":"%s"}' $TAG_NAME > build.json

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
-      target: linuxserver-python-base
+      target: linuxserver-base
       platforms:
         - linux/amd64
       args: