implemented python-only target

bwsw · bwsw · commit 776bce661556 · 2026-01-20T16:45:43.000+01:00
diff --git a/.github/workflows/python-314t-rust.yml b/.github/workflows/python-314t-rust.yml
@@ -18,6 +18,125 @@ env:
 
 jobs:
 
+  # Build job for py314t image (base Python image)
+  build-py314t:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4.4.1
+
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      # Install the cosign tool except on PR
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Set up QEMU for cross-platform builds
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # Set up BuildKit Docker container builder
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login against a Docker registry except on PR
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push by digest
+        id: build-py314t
+        uses: docker/build-push-action@v6
+        with:
+          provenance: false
+          sbom: false
+          file: docker/Dockerfile.py314t_rust
+          target: py314t
+          platforms: ${{ matrix.platform }}
+          tags: ghcr.io/insight-platform/py314t
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests-py314t
+          digest="${{ steps.build-py314t.outputs.digest }}"
+          touch "${{ runner.temp }}/digests-py314t/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-py314t-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests-py314t/*
+          if-no-files-found: error
+          retention-days: 1
+
+  # Merge job for py314t image
+  merge-py314t:
+    runs-on: ubuntu-latest
+    needs:
+      - build-py314t
+    if: github.event_name != 'pull_request'
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4.4.1
+
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests-py314t
+          pattern: digests-py314t-*
+          merge-multiple: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests-py314t
+        run: |
+          docker buildx imagetools create \
+            -t ghcr.io/insight-platform/py314t:${{ env.GITHUB_REF_SLUG }} \
+            $(printf 'ghcr.io/insight-platform/py314t@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/insight-platform/py314t:${{ env.GITHUB_REF_SLUG }}
+
   # Build job for py314t_rust image
   build-py314t-rust:
     runs-on: ubuntu-latest
@@ -68,12 +187,13 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push by digest
-        id: build
+        id: build-py314t-rust
         uses: docker/build-push-action@v6
         with:
           provenance: false
           sbom: false
           file: docker/Dockerfile.py314t_rust
+          target: py314t_rust
           platforms: ${{ matrix.platform }}
           tags: ghcr.io/insight-platform/py314t_rust
           outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
@@ -84,7 +204,7 @@ jobs:
       - name: Export digest
         run: |
           mkdir -p ${{ runner.temp }}/digests-py314trust
-          digest="${{ steps.build.outputs.digest }}"
+          digest="${{ steps.build-py314t-rust.outputs.digest }}"
           touch "${{ runner.temp }}/digests-py314trust/${digest#sha256:}"
 
       - name: Upload digest
@@ -95,7 +215,6 @@ jobs:
           if-no-files-found: error
           retention-days: 1
 
-
   # Merge job for py314t_rust image
   merge-py314t-rust:
     runs-on: ubuntu-latest
diff --git a/docker/Dockerfile.py314t_rust b/docker/Dockerfile.py314t_rust
@@ -1,14 +1,14 @@
-FROM debian:bookworm-slim
+# Stage 1: Build Python 3.14t
+FROM debian:bookworm-slim AS python-base
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-# Install dependencies needed for building Python and Rust
+# Install dependencies needed for building Python
 RUN --mount=type=cache,target=/var/lib/apt/lists \
     apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     pkg-config \
     curl \
-    git \
     wget \
     ca-certificates \
     gcc \
@@ -27,12 +27,10 @@ RUN --mount=type=cache,target=/var/lib/apt/lists \
     make \
     tk-dev \
     uuid-dev \
-    unzip \
     xz-utils \
     zlib1g-dev
 
 # Build Python 3.14 with free-threading (--disable-gil)
-# Note: Using latest available version - adjust PYTHON_VERSION as needed
 ENV PYTHON_VERSION=3.14.0
 WORKDIR /tmp
 RUN wget -q https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz && \
@@ -59,6 +57,21 @@ RUN python3.14t --version && \
     ls -la /usr/local/lib/libpython3.14t* && \
     python3.14t -c "import sysconfig; print('Lib dir:', sysconfig.get_config_var('LIBDIR'))"
 
+WORKDIR /opt
+
+# Stage 2: py314t - Python-only image
+FROM python-base AS py314t
+# This stage is just the Python base, no additional changes needed
+
+# Stage 3: py314t_rust - Python + Rust image
+FROM python-base AS py314t_rust
+
+# Install additional dependencies needed for Rust
+RUN --mount=type=cache,target=/var/lib/apt/lists \
+    apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    unzip
+
 RUN --mount=type=bind,source=.,target=/opt/scripts bash /opt/scripts/docker/install-basic-deps.sh
 
 WORKDIR /opt
