Switch to api_base_image 1.2.0, including dual-installation of Python 3.13 for uWSGI to use.

Author: kburke

docker/entity-api/Dockerfile

@@ -1,5 +1,5 @@
 # Parent image
-FROM hubmap/api-base-image:1.1.0
+FROM hubmap/api-base-image:1.2.0
 
 LABEL description="HuBMAP Entity API Service"
 
@@ -13,45 +13,64 @@ WORKDIR /usr/src/app
 # Copy from host to image
 COPY . .
 
-# http://nginx.org/en/linux_packages.html#RHEL-CentOS
-# Set up the yum repository to install the latest mainline version of Nginx
-RUN echo $'[nginx-mainline]\n\
-name=nginx mainline repo\n\
-baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/\n\
-gpgcheck=1\n\
-enabled=0\n\
-gpgkey=https://nginx.org/keys/nginx_signing.key\n\
-module_hotfixes=true\n'\
->> /etc/yum.repos.d/nginx.repo
+# Set up the repository file for the mainline version of
+# nginx which dnf should use (in the legacy "yum" location.)
+RUN set -eux && \
+    cat <<'EOF' > /etc/yum.repos.d/nginx.repo
+[nginx-mainline]
+name=nginx mainline repo
+baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
 
 # Reduce the number of layers in image by minimizing the number of separate RUN commands
 # 1 - Install the prerequisites
 # 2 - By default, the repository for stable nginx packages is used. We would like to use mainline nginx packages
-# 3 - Install nginx (using the custom yum repo specified earlier)
+# 3 - Install nginx (using the custom dnf/yum repo specified earlier)
 # 4 - Remove the default nginx config file
 # 5 - Overwrite the nginx.conf with ours to run nginx as non-root
 # 6 - Remove the nginx directory copied from host machine (nginx/conf.d gets mounted to the container)
-# 7 - Upgrade pip (the one installed in base image may be old) and install flask app dependencies (pip3 also works)
+# 7 - Upgrade pip (the one installed in base image may be old) and install service requirements.txt packages
 # 8 - Make the start script executable
-# 9 - Clean all yum cache
-RUN yum install -y yum-utils && \
-    yum-config-manager --enable nginx-mainline && \
-    yum install -y nginx && \
-    rm /etc/nginx/conf.d/default.conf && \
-    mv nginx/nginx.conf /etc/nginx/nginx.conf && \
-    rm -rf nginx && \
-    pip install --upgrade pip -r src/requirements.txt && \
-    chmod +x start.sh && \
-    yum clean all 
+# 9 - Clean the dnf/yum cache and other locations to reduce Docker Image layer size.
+# Assume the base image has upgraded dnf and installed its dnf-plugins-core
+ RUN dnf install --assumeyes dnf-plugins-core && \
+     dnf config-manager --enable nginx-mainline && \
+     dnf install --assumeyes nginx && \
+     # Push aside nginx default.conf files that may exist on the system
+     [ ! -f /etc/nginx/conf.d/default.conf ] || mv /etc/nginx/conf.d/default.conf /tmp/etc_nginx_conf.d_default.conf.ORIGINAL && \
+     [ ! -f /etc/nginx/nginx.conf ] || mv /etc/nginx/nginx.conf /tmp/etc_nginx_nginx.conf.ORIGINAL && \
+     # Install the nginx default.conf file just installed in WORKDIR
+     mv nginx/nginx.conf /etc/nginx/nginx.conf && \
+     # Clean up the nginx install directory in WORKDIR
+     [ ! -d nginx ] || mv nginx /tmp/nginx_from_WORKDIR && \
+     # Push aside the verification file from the base image which will
+     # no longer report correctly once uWSGI is started for the service.
+     [ ! -f /tmp/verify_uwsgi.sh ] || mv /tmp/verify_uwsgi.sh /tmp/verify_uwsgi.sh.ORIGINAL && \
+     # Install the requirements.txt file for the service
+     pip3.13 install --no-cache-dir --upgrade pip -r src/requirements.txt && \
+     # Make the script referenced in the CMD directive below executable.
+     chmod 755 start.sh && \
+     # Clean up artifacts to slim down this layer of the Docker Image
+     dnf clean all && \
+     rm -rf /var/cache/dnf \
+            /var/log/dnf \
+     	     /var/log/yum \
+     	     /root/.cache
 
 # The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. 
 # EXPOSE does not make the ports of the container accessible to the host.
 # Here 5000 is for the uwsgi socket, 8080 for nginx
 EXPOSE 5000 8080
 
-# Set an entrypoint
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
+# Set an entrypoint by moving the file copied into the WORKDIR to
+# the location referenced by the ENTRYPOINT directive below, and
+# make it executable.
+RUN mv entrypoint.sh /usr/local/bin/entrypoint.sh && \
+    chmod 755 /usr/local/bin/entrypoint.sh
 
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 

docker/entity-api/start.sh

@@ -5,4 +5,4 @@
 nginx -g 'daemon off;' &
 
 # Start uwsgi and keep it running in foreground
-uwsgi --ini /usr/src/app/src/uwsgi.ini
+/usr/local/python3.13/bin/uwsgi --ini /usr/src/app/src/uwsgi.ini

src/requirements.txt

@@ -12,7 +12,7 @@ nested-lookup==0.2.22
 
 # The commons package requires requests>=2.22.0 and PyYAML>=5.3.1
 requests==2.32.3
-PyYAML==5.4.1
+PyYAML==6.0.3
 
 # Use the published package from PyPI as default
 # Use the branch name of commons from github for testing new changes made in commons from different branch