-
Notifications
You must be signed in to change notification settings - Fork 64
chore: add virtualenv and uv to selenium container #704
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -31,7 +31,7 @@ VNC_GEOMETRY="1600x900" \ | |||||
| SELENIUM_VERSION=${SELENIUM_MAJOR_VERSION}.${SELENIUM_MINOR_VERSION}.${SELENIUM_PATCH_VERSION} \ | ||||||
| SELENIUM_PATH=${SELENIUM_HOME}/selenium-server/selenium-server-standalone.jar \ | ||||||
| SELENIUM_HTTP_JDK_CLIENT_PATH=${SELENIUM_HOME}/selenium-server/selenium-http-jdk-client.jar \ | ||||||
| PATH=${SELENIUM_HOME}/firefox:/opt/google/chrome:${PATH} | ||||||
| PATH=${SELENIUM_HOME}/.local/bin:${SELENIUM_HOME}/firefox:/opt/google/chrome:${PATH} | ||||||
|
|
||||||
| EXPOSE ${SELENIUM_PORT} ${VNC_PORT} ${API_PORT} | ||||||
|
|
||||||
|
|
@@ -125,6 +125,7 @@ python3-cffi \ | |||||
| python3-devel \ | ||||||
| python3-markupsafe \ | ||||||
| python3-pip \ | ||||||
| python3-virtualenv \ | ||||||
| python3-pyyaml \ | ||||||
| python3-ruamel-yaml \ | ||||||
| python3-wheel \ | ||||||
|
|
@@ -140,7 +141,11 @@ xkeyboard-config" && \ | |||||
| microdnf -q -y install ${PACKAGES} >/dev/null | ||||||
| # ^ https://github.com/rpm-software-management/dnf5/issues/570 | ||||||
|
|
||||||
| RUN --mount=type=bind,src=dist,dst=/dist python3 -m pip install --no-cache-dir --extra server "$(ls -1 /dist/ansible_dev_tools-*)[server]" | ||||||
|
|
||||||
| # install uv and all supported python versions with it | ||||||
| RUN --mount=type=cache,target=/.cache/uv python3 -m pip install --root-user-action=ignore uv | ||||||
|
||||||
| RUN --mount=type=cache,target=/.cache/uv python3 -m pip install --root-user-action=ignore uv | |
| RUN --mount=type=cache,target=/.cache/uv PIP_CACHE_DIR=/.cache/uv python3 -m pip install --root-user-action=ignore uv |
Copilot
AI
Mar 11, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
python3 -m pip install --root-user-action=ignore uv pulls the uv package from PyPI without any version pinning or integrity verification, creating a supply chain risk. An attacker who compromises the uv distribution (or intercepts traffic) could get arbitrary code executed in this image build and at runtime when uv is invoked. Pin uv to a specific, trusted version (and ideally verify its integrity via a hash or lockfile) to ensure builds are deterministic and not exposed to unexpected upstream changes.
Copilot
AI
Mar 11, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uv python install ... will download multiple interpreter distributions during the build, but this layer doesn’t use a BuildKit cache mount for uv’s download/cache directory. Adding a cache mount aligned to uv’s cache location (or setting UV_CACHE_DIR to a mounted path) can significantly speed up rebuilds and reduce network flakiness in CI.
Copilot
AI
Mar 11, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uv python install 3.10 3.11 3.12 3.13 3.14 introduces a Python 3.14 runtime in the image, but the repo’s declared/tested support appears to stop at 3.13 (e.g. classifiers in pyproject.toml and CI max_python in .github/workflows/tox.yml). To keep a single source of truth for supported versions (and avoid unexpected bloat/build failures if 3.14 isn’t intended), please align this list with the project’s supported versions or document why 3.14 is required here.
| RUN uv python install 3.10 3.11 3.12 3.13 3.14 | |
| RUN uv python install 3.10 3.11 3.12 3.13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment says "install uv and all supported python versions with it", but this step only installs uv; the Python versions are installed later (after switching to USER 1001). Please update the comment to reflect what happens in this stage to avoid confusion during future maintenance.