Skip to content

RHAIENG-2042: fixup(base-images): add TARGETARCH as an argument to ubi9-python-3.12 Dockerfile #2695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

RHAIENG-2042: fixup(base-images): add TARGETARCH as an argument to ubi9-python-3.12 Dockerfile #2695

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions base-images/cpu/c9s-python-3.12/Dockerfile.cpu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ RUN \
--mount=type=cache,sharing=locked,id=dnf-c9s,target=/var/cache/dnf \
/bin/bash <<'EOF'
set -Eeuxo pipefail
# AIPCC bases enable codeready-builder, so we need to do the CentOS equivalent
# In RHEL this is codeready-builder-for-rhel-${RELEASEVER_MAJOR}-${ARCH}-eus-rpms
# or codeready-builder-for-rhel-${RELEASEVER_MAJOR}-${ARCH}-rpms
/usr/bin/crb enable
Comment on lines +66 to +69
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Clarify the shift of CRB enablement from script to Dockerfile.

The addition of /usr/bin/crb enable directly in the Dockerfile (lines 66-69) indicates that codeready-builder enablement has been moved from the aipcc.sh script (where install_csb() was presumably called). This is a functional shift that should be validated:

  1. Confirm that the install_csb() function has been removed from base-images/utils/aipcc.sh
  2. Verify that calling crb enable directly in the Dockerfile does not conflict with any invocations in the script
  3. Ensure that this approach is consistent with the ubi9 variant (mentioned in the PR title but not shown in this review)

🏁 Script executed:

#!/bin/bash
# Description: Verify the removal of install_csb() and absence of conflicting crb enable calls

# Check if install_csb() exists in aipcc.sh
rg -n 'install_csb' base-images/utils/aipcc.sh

# Check if there are any remaining crb or codeready-builder references in aipcc.sh
rg -n -i 'crb|codeready' base-images/utils/aipcc.sh

# Verify that ubi9 Dockerfile also includes the same crb enable call
rg -n 'crb enable' base-images/cpu/ubi9-python-3.12/Dockerfile.cpu

Length of output: 0

I need to gather more information about the repository structure and file contents since the initial search produced no output.

🏁 Script executed:

#!/bin/bash
# Check if files exist and get directory structure
echo "=== Checking directory structure ==="
find base-images -type f -name "aipcc.sh" 2>/dev/null || echo "aipcc.sh not found in base-images"
find base-images -type f -name "Dockerfile.cpu" 2>/dev/null | head -20

echo -e "\n=== Checking aipcc.sh exists and has content ==="
if [ -f "base-images/utils/aipcc.sh" ]; then
  wc -l base-images/utils/aipcc.sh
  echo "File exists"
else
  echo "aipcc.sh not found at expected path"
fi

echo -e "\n=== Checking c9s Dockerfile exists ==="
if [ -f "base-images/cpu/c9s-python-3.12/Dockerfile.cpu" ]; then
  echo "File exists"
else
  echo "c9s Dockerfile not found"
fi

Length of output: 303

🏁 Script executed:

#!/bin/bash
# View content of aipcc.sh to check for install_csb and crb references
echo "=== Searching aipcc.sh for install_ functions ==="
grep -n "^install_" base-images/utils/aipcc.sh | head -20

echo -e "\n=== Searching aipcc.sh for crb or codeready (case-insensitive) ==="
grep -n -i "crb\|codeready" base-images/utils/aipcc.sh || echo "No matches found"

echo -e "\n=== Viewing c9s Dockerfile (lines 60-75) ==="
sed -n '60,75p' base-images/cpu/c9s-python-3.12/Dockerfile.cpu

echo -e "\n=== Viewing ubi9 Dockerfile (lines 60-75) ==="
sed -n '60,75p' base-images/cpu/ubi9-python-3.12/Dockerfile.cpu

echo -e "\n=== Checking for any crb enable in aipcc.sh ==="
grep -n "crb enable" base-images/utils/aipcc.sh || echo "No crb enable found in aipcc.sh"

Length of output: 796

🏁 Script executed:

#!/bin/bash
# Check if crb enable exists anywhere in ubi9 Dockerfile
echo "=== Searching ubi9 Dockerfile for crb enable ==="
grep -n "crb enable" base-images/cpu/ubi9-python-3.12/Dockerfile.cpu || echo "No crb enable found in ubi9"

echo -e "\n=== ubi9 Dockerfile total lines ==="
wc -l base-images/cpu/ubi9-python-3.12/Dockerfile.cpu

echo -e "\n=== Viewing full ubi9 Dockerfile ==="
cat base-images/cpu/ubi9-python-3.12/Dockerfile.cpu

Length of output: 742

Address inconsistency: crb enable missing from ubi9 variant.

The verification confirms a significant inconsistency between the c9s and ubi9 variants:

  • c9s Dockerfile (lines 66-69): Includes /usr/bin/crb enable before calling /mnt/aipcc.sh
  • ubi9 Dockerfile (24 lines total): No crb enable call present

The original concerns were validated:

  1. install_csb() confirmed removed from base-images/utils/aipcc.sh
  2. ✓ No conflicting crb enable calls in the script
  3. ✗ Inconsistency with ubi9: the functional shift was applied only to c9s

Either add /usr/bin/crb enable to the ubi9 Dockerfile (before calling /mnt/aipcc.sh) for consistency, or document why ubi9 differs from c9s.

🤖 Prompt for AI Agents 
In base-images/cpu/ubi9-python-3.12/Dockerfile.cpu (the ubi9 variant, full file
~24 lines) the `/usr/bin/crb enable` call is missing compared to c9s (which runs
it before `/mnt/aipcc.sh` around lines 66-69); add a `/usr/bin/crb enable`
invocation immediately before the `/mnt/aipcc.sh` call in the ubi9 Dockerfile to
mirror c9s behavior, or if ubi9 must differ, add a short comment in the ubi9
Dockerfile documenting why the CRB enable step is intentionally omitted and
reference the c9s Dockerfile for context.

/mnt/aipcc.sh
fix-permissions ${APP_ROOT} -P
EOF
Expand Down
2 changes: 2 additions & 0 deletions base-images/cpu/ubi9-python-3.12/Dockerfile.cpu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ FROM registry.access.redhat.com/ubi9/python-312:latest AS base

USER 0

ARG TARGETARCH
RUN \
--mount=from=buildscripts,source=/mnt,target=/mnt \
--mount=type=cache,sharing=locked,id=dnf-ubi9,target=/var/cache/dnf \
/bin/bash <<'EOF'
export TARGETARCH=$TARGETARCH
/mnt/aipcc.sh
Copy link
Member Author

@jiridanek jiridanek Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coderabbitai as expected, this fails on

  + dnf config-manager --set-enabled crb
  Updating Subscription Management repositories.
  Unable to read consumer identity
  
  This system is not registered with an entitlement server. You can use subscription-manager to register.
  
  Error: No matching repo to modify: crb.
  subprocess exited with status 1
  subprocess exited with status 1

Copy link
Contributor

@coderabbitai coderabbitai bot Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Look at the aipcc.sh script to understand what it's doing with the crb repository
cat base-images/utils/aipcc.sh

Length of output: 9069

🏁 Script executed:

#!/bin/bash
# Check if there are other Dockerfiles that might show how to handle UBI9 vs c9s differences
fd -e cpu -t f "Dockerfile" base-images/cpu

Length of output: 94

🏁 Script executed:

#!/bin/bash
# Look at the c9s equivalent to see if it handles this differently
cat base-images/cpu/c9s-python-3.12/Dockerfile.cpu 2>/dev/null || echo "File not found"

Length of output: 2395

🏁 Script executed:

#!/bin/bash
# Search for any existing handling of UBI9 vs c9s repository differences
rg -n "crb|CodeReady" base-images/

Length of output: 71

@jiridanek The issue is clear from the aipcc.sh script. The install_csb() function at line 343 tries to enable the crb (CodeReady Builder) repository, which exists in CentOS Stream 9 but not in UBI9.

The script assumes it's running on CentOS Stream 9 where the crb repository is available. UBI9 (Universal Base Image) has a different repository structure and doesn't include the CodeReady Builder repository.

Here are a few solutions:

Option 1: Detect the OS and conditionally enable crb

Modify aipcc.sh to check the OS type before enabling crb:

function install_csb() {
    dnf install "${DNF_OPTS[@]}" dnf-plugins-core
    
    # Only enable crb on CentOS Stream, not on UBI
    if grep -q "CentOS Stream" /etc/os-release; then
        dnf config-manager --set-enabled crb
    fi
}

Option 2: Check if the repository exists before enabling

function install_csb() {
    dnf install "${DNF_OPTS[@]}" dnf-plugins-core
    
    # Only enable crb if it exists
    if dnf repolist --all | grep -q "^crb"; then
        dnf config-manager --set-enabled crb
    fi
}

Option 3: Pass an environment variable from the Dockerfile

Set a variable in the ubi9 Dockerfile to indicate it's UBI9, and check it in the script.

The first option is probably the cleanest since it explicitly handles the different base images. Would you like me to prepare a patch for aipcc.sh with one of these approaches?

EOF

Expand Down
10 changes: 0 additions & 10 deletions base-images/utils/aipcc.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,14 +335,6 @@ function uninstall_epel() {
dnf remove "${DNF_OPTS[@]}" epel-release
}

# AIPCC bases enable codeready-builder, so we need to do the CentOS equivalent
# In RHEL this is codeready-builder-for-rhel-${RELEASEVER_MAJOR}-${ARCH}-eus-rpms
# or codeready-builder-for-rhel-${RELEASEVER_MAJOR}-${ARCH}-rpms
function install_csb() {
dnf install "${DNF_OPTS[@]}" dnf-plugins-core
dnf config-manager --set-enabled crb
}

# create Python virtual env and update pip inside the venv
function install_python_venv() {
# install venv with bundled pip (no --upgrade-deps)
Expand All @@ -354,8 +346,6 @@ function install_python_venv() {
}

function main() {
install_csb

install_epel

# install security updates
Expand Down
Loading