Generate constraints file to pin deps in Docker images

Dockerfiles pin versions using constraints file Pulling out strip_hashes and add --no-deps flag
2026-06-08 16:22:18 -04:00 · 2019-01-18 17:09:19 -08:00 · 2019-01-18 17:09:19 -08:00 · 7c731599a0
commit 7c731599a0
parent bda840b3ee
18 changed files with 40 additions and 20 deletions
--- a/8
+++ b/8
@ -6,7 +6,13 @@ VOLUME /etc/letsencrypt /var/lib/letsencrypt
 WORKDIR /opt/certbot

 COPY CHANGELOG.md README.rst setup.py src/
+
+# Generate constraints file to pin dependency versions
 COPY letsencrypt-auto-source/pieces/dependency-requirements.txt .
+COPY tools /opt/certbot/tools
+RUN sh -c 'cat dependency-requirements.txt | /opt/certbot/tools/strip_hashes.py > unhashed_requirements.txt'
+RUN sh -c 'cat tools/dev_constraints.txt unhashed_requirements.txt | /opt/certbot/tools/merge_requirements.py > docker_constraints.txt'
+
 COPY acme src/acme
 COPY certbot src/certbot

@ -23,7 +29,7 @@ RUN apk add --no-cache --virtual .build-deps \
        musl-dev \
        libffi-dev \
    && pip install -r /opt/certbot/dependency-requirements.txt \
-    && pip install --no-cache-dir \
+    && pip install --no-cache-dir --no-deps \
        --editable /opt/certbot/src/acme \
        --editable /opt/certbot/src \
    && apk del .build-deps
--- a/certbot-dns-cloudflare/Dockerfile
+++ b/certbot-dns-cloudflare/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-cloudflare

-RUN pip install --no-cache-dir --editable src/certbot-dns-cloudflare
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-cloudflare
--- a/certbot-dns-cloudxns/Dockerfile
+++ b/certbot-dns-cloudxns/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-cloudxns

-RUN pip install --no-cache-dir --editable src/certbot-dns-cloudxns
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-cloudxns
--- a/certbot-dns-digitalocean/Dockerfile
+++ b/certbot-dns-digitalocean/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-digitalocean

-RUN pip install --no-cache-dir --editable src/certbot-dns-digitalocean
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-digitalocean
--- a/certbot-dns-dnsimple/Dockerfile
+++ b/certbot-dns-dnsimple/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-dnsimple

-RUN pip install --no-cache-dir --editable src/certbot-dns-dnsimple
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-dnsimple
--- a/certbot-dns-dnsmadeeasy/Dockerfile
+++ b/certbot-dns-dnsmadeeasy/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-dnsmadeeasy

-RUN pip install --no-cache-dir --editable src/certbot-dns-dnsmadeeasy
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-dnsmadeeasy
--- a/certbot-dns-gehirn/Dockerfile
+++ b/certbot-dns-gehirn/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-gehirn

-RUN pip install --no-cache-dir --editable src/certbot-dns-gehirn
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-gehirn
--- a/certbot-dns-google/Dockerfile
+++ b/certbot-dns-google/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-google

-RUN pip install --no-cache-dir --editable src/certbot-dns-google
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-google
--- a/certbot-dns-linode/Dockerfile
+++ b/certbot-dns-linode/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-linode

-RUN pip install --no-cache-dir --editable src/certbot-dns-linode
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-linode
--- a/certbot-dns-luadns/Dockerfile
+++ b/certbot-dns-luadns/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-luadns

-RUN pip install --no-cache-dir --editable src/certbot-dns-luadns
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-luadns
--- a/certbot-dns-nsone/Dockerfile
+++ b/certbot-dns-nsone/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-nsone

-RUN pip install --no-cache-dir --editable src/certbot-dns-nsone
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-nsone
--- a/certbot-dns-ovh/Dockerfile
+++ b/certbot-dns-ovh/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-ovh

-RUN pip install --no-cache-dir --editable src/certbot-dns-ovh
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-ovh
--- a/certbot-dns-rfc2136/Dockerfile
+++ b/certbot-dns-rfc2136/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-rfc2136

-RUN pip install --no-cache-dir --editable src/certbot-dns-rfc2136
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-rfc2136
--- a/certbot-dns-route53/Dockerfile
+++ b/certbot-dns-route53/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-route53

-RUN pip install --no-cache-dir --editable src/certbot-dns-route53
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-route53
--- a/certbot-dns-sakuracloud/Dockerfile
+++ b/certbot-dns-sakuracloud/Dockerfile
@ -2,4 +2,4 @@ FROM certbot/certbot

 COPY . src/certbot-dns-sakuracloud

-RUN pip install --no-cache-dir --editable src/certbot-dns-sakuracloud
+RUN pip install --constraint docker_constraints.txt --no-cache-dir --editable src/certbot-dns-sakuracloud
--- a/tools/dev_constraints.txt
+++ b/tools/dev_constraints.txt
@ -1,4 +1,4 @@
-# Specifies Python package versions for development.
+# Specifies Python package versions for development and building Docker images.
 # It includes in particular packages not specified in letsencrypt-auto's requirements file.
 # Some dev package versions specified here may be overridden by higher level constraints
 # files during tests (eg. letsencrypt-auto-source/pieces/dependency-requirements.txt).
--- a/tools/pip_install.py
+++ b/tools/pip_install.py
@ -19,6 +19,7 @@ import tempfile

 import merge_requirements as merge_module
 import readlink
+import strip_hashes


 def find_tools_path():
@ -47,10 +48,7 @@ def certbot_normal_processing(tools_path, test_constraints):
    with open(certbot_requirements, 'r') as fd:
        data = fd.readlines()
    with open(test_constraints, 'w') as fd:
-        for line in data:
-            search = re.search(r'^(\S*==\S*).*$', line)
-            if search:
-                fd.write('{0}{1}'.format(search.group(1), os.linesep))
+        fd.write(strip_hashes.main(data))


 def merge_requirements(tools_path, requirements, test_constraints, all_constraints):
--- a/tools/strip_hashes.py
+++ b/tools/strip_hashes.py
@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+import os
+import re
+import sys
+
+def main(args):
+    out_lines = []
+    for line in args:
+        search = re.search(r'^(\S*==\S*).*$', line)
+        if search:
+            out_lines.append(search.group(1))
+    return os.linesep.join(out_lines)
+
+if __name__ == '__main__':
+    print(main(sys.argv[1:]))