fix: update Dockerfile to conditionally set pip index URL and trusted host for nexus authentication

BraisVQ · BraisVQ · commit 5d5dec196d50 · 2026-04-17T12:17:38.000+02:00
diff --git a/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi9 b/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi9
@@ -33,14 +33,8 @@ ENV TERRAFORM_VERSION=1.4.6 \
     RBENV_ROOT=/opt/rbenv \
     RBENV_SHELL=bash \
     NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
-    UV_INDEX_URL=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple \
-    PIP_TRUSTED_HOST=${nexusHost} \
-    UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt
-    
-
-ENV UV_DEFAULT_INDEX=${UV_INDEX_URL} \
-    PIP_INDEX_URL=${UV_INDEX_URL} \
-    PIP_CERT=${UV_CA_CERTIFICATE}
+    UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt \
+    PIP_CERT=/etc/ssl/certs/ca-bundle.crt
 
 ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \
     readline \
@@ -72,15 +66,28 @@ RUN set -x \
 RUN curl -LsSf https://astral.sh/uv/${UV_VERSION}/install.sh | sh && \
     mkdir -p $HOME/.config/pip && \
     echo "[global]" > $HOME/.config/pip/pip.conf && \
-    echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \
-    echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf
+    if [ -n "${nexusHost}" ] && [ -n "${nexusAuth}" ]; then \
+      echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \
+      echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf && \
+      echo "export UV_DEFAULT_INDEX=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" > /etc/profile.d/uv-index.sh; \
+    else \
+      echo "export UV_DEFAULT_INDEX=https://pypi.org/simple" > /etc/profile.d/uv-index.sh; \
+    fi && \
+    yum -y clean all
 
 RUN for pyVersion in 3.8 3.9 3.11; do \
         uv python install $pyVersion && \
-        uv pip install --verbose --system --break-system-packages --python $pyVersion --trusted-host ${nexusHost} --prerelease=allow \
-            virtualenv \
-            pycodestyle \
-        -r /tmp/requirements.txt; \
+        if [ -n "${nexusHost}" ] && [ -n "${nexusAuth}" ]; then \
+          uv pip install --verbose --system --break-system-packages --python $pyVersion --index-url https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple --trusted-host ${nexusHost} --prerelease=allow \
+              virtualenv \
+              pycodestyle \
+              -r /tmp/requirements.txt; \
+        else \
+          uv pip install --verbose --system --break-system-packages --python $pyVersion --prerelease=allow \
+              virtualenv \
+              pycodestyle \
+              -r /tmp/requirements.txt; \
+        fi; \
     done && \
     rm -f /tmp/requirements.txt && \
     uv python pin 3.11 && \
diff --git a/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi9 b/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi9
@@ -38,14 +38,8 @@ ENV TERRAFORM_VERSION=1.9.4 \
     TASK_VERSION=3.38.0 \
     UV_VERSION=0.10.9 \
     NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
-    UV_INDEX_URL=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple \
-    PIP_TRUSTED_HOST=${nexusHost} \
-    UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt
-    
-
-ENV UV_DEFAULT_INDEX=${UV_INDEX_URL} \
-    PIP_INDEX_URL=${UV_INDEX_URL} \
-    PIP_CERT=${UV_CA_CERTIFICATE}
+    UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt \
+    PIP_CERT=/etc/ssl/certs/ca-bundle.crt
 
 ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \
     readline \
@@ -76,15 +70,24 @@ RUN set -x \
 RUN curl -LsSf https://astral.sh/uv/${UV_VERSION}/install.sh | sh && \
     mkdir -p $HOME/.config/pip && \
     echo "[global]" > $HOME/.config/pip/pip.conf && \
-    echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \
-    echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf
+    if [ -n "${nexusHost}" ] && [ -n "${nexusAuth}" ]; then \
+      echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \
+      echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf; \
+    fi
 
 RUN for pyVersion in 3.9 3.11 3.12; do \
         uv python install $pyVersion && \
-        uv pip install --verbose --system --break-system-packages --python $pyVersion --trusted-host ${nexusHost} --prerelease=allow \
-            virtualenv \
-            pycodestyle \
-            -r /tmp/requirements.txt; \
+        if [ -n "${nexusHost}" ] && [ -n "${nexusAuth}" ]; then \
+          uv pip install --verbose --system --break-system-packages --python $pyVersion --index-url https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple --trusted-host ${nexusHost} --prerelease=allow \
+              virtualenv \
+              pycodestyle \
+              -r /tmp/requirements.txt; \
+        else \
+          uv pip install --verbose --system --break-system-packages --python $pyVersion --prerelease=allow \
+              virtualenv \
+              pycodestyle \
+              -r /tmp/requirements.txt; \
+        fi; \
     done && \
     rm -f /tmp/requirements.txt && \
     uv python pin 3.12 && \
