Libyaml install from apt

This PS is to install libyaml from apt instead of building it from source. Also we upgrade the Helm version to 3.17.3 because of CVE. In order to decrease the image size *-dev libs are installed only when needed to build/install Python packages. Change-Id: I274cc6987b8c887a2ac46ac8c785fe19ed05de51
2025-04-24 17:37:24 +00:00
parent 19a3843892
commit 5a7236e76f
4 changed files with 32 additions and 30 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -154,7 +154,7 @@
      flannel_version: v0.25.4
      metallb_setup: false
      metallb_version: "0.13.12"
-      helm_version: "v3.14.0"
+      helm_version: "v3.17.3"
      crictl_version: "v1.30.1"
      zuul_osh_relative_path: ../../openstack/openstack-helm
      zuul_osh_infra_relative_path: ../../openstack/openstack-helm
@@ -254,7 +254,7 @@
    parent: deckhand-base
    vars:
      site: airskiff
-      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
+      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
      HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
      OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
      CLONE_DECKHAND: false
--- a/bindep.txt
+++ b/bindep.txt
@@ -9,6 +9,7 @@ libkrb5-dev [platform:dpkg]
 libpq-dev [platform:dpkg]
 libsasl2-dev [platform:dpkg]
 libssl-dev [platform:dpkg]
+libyaml-dev [platform:dpkg]
 libre2-dev [platform:dpkg]
 postgresql [platform:dpkg]
 postgresql-contrib [platform:dpkg]
--- a/images/deckhand/Dockerfile.ubuntu_jammy
+++ b/images/deckhand/Dockerfile.ubuntu_jammy
@@ -38,26 +38,15 @@ EXPOSE $PORT
 RUN set -x && \
    apt-get update && apt-get upgrade -y && \
    apt-get -y install \
-    automake \
    ca-certificates \
    curl \
-    g++ \
-    gcc \
-    git \
-    libffi-dev \
-    libpq-dev \
-    libssl-dev \
-    libtool \
-    make \
    netbase \
    netcat \
    python3 \
    python3-dateutil \
    python3-dev \
-    python3-pip \
    python3-setuptools \
    --no-install-recommends \
-    && python3 -m pip install -U pip \
    && apt-get clean \
    && rm -rf \
        /var/lib/apt/lists/* \
@@ -67,21 +56,6 @@ RUN set -x && \
        /usr/share/doc \
        /usr/share/doc-base

-# Install LibYAML
-ENV LD_LIBRARY_PATH=/usr/local/lib
-
-ARG LIBYAML_VERSION=0.2.5
-RUN set -ex \
-    && git clone https://github.com/yaml/libyaml.git \
-    && cd libyaml \
-    && git checkout $LIBYAML_VERSION \
-    && ./bootstrap \
-    && ./configure \
-    && make \
-    && make install \
-    && cd .. \
-    && rm -fr libyaml
-
 # Create deckhand user
 RUN useradd -ms /bin/bash deckhand

@@ -94,7 +68,34 @@ RUN chown -R deckhand: /home/deckhand \

 # Set work directory and install dependencies
 WORKDIR /home/deckhand
-RUN pip3 install --no-cache-dir -r requirements-frozen.txt
+
+RUN set -ex \
+        && buildDeps=' \
+        automake \
+        gcc \
+        libffi-dev \
+        libpq-dev \
+        libssl-dev \
+        libtool \
+        libyaml-dev \
+        make \
+        python3-pip \
+        ' \
+        && apt-get -qq update \
+        # Keep git separate so it's not removed below
+        && apt-get install -y $buildDeps git --no-install-recommends \
+        && python3 -m pip install -U pip \
+        && pip3 install -r requirements-frozen.txt --no-cache-dir \
+        && apt-get purge -y --auto-remove $buildDeps \
+        && apt-get autoremove -yqq --purge \
+        && apt-get clean \
+        && rm -rf \
+            /var/lib/apt/lists/* \
+            /tmp/* \
+            /var/tmp/* \
+            /usr/share/man \
+            /usr/share/doc \
+            /usr/share/doc-base

 # Setting deckhand version for BPR
 ENV PBR_VERSION 1.1
--- a/tools/helm_install.sh
+++ b/tools/helm_install.sh
@@ -17,7 +17,7 @@
 set -x

 HELM=$1
-HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz"}
+HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"}


 function install_helm_binary {