From 7f03da23ddf6436f79e7fe39ddcfaa03375766af Mon Sep 17 00:00:00 2001 From: alex wiesner Date: Sun, 15 Mar 2026 15:40:40 +0000 Subject: [PATCH] align dependency runtime baselines across Docker and CI --- .github/.docker-compose-database.yml | 2 +- .github/workflows/backend-beta.yml | 7 +++++-- .github/workflows/backend-latest.yml | 3 +++ .github/workflows/backend-release.yml | 7 +++++-- .github/workflows/backend-test.yml | 6 +++--- .github/workflows/frontend-beta.yml | 7 +++++-- .github/workflows/frontend-latest.yml | 3 +++ .github/workflows/frontend-release.yml | 7 +++++-- .github/workflows/frontend-test.yml | 2 ++ .github/workflows/trivy_security_scans.yml | 7 +++++-- backend/Dockerfile | 5 +++-- backend/server/requirements.txt | 4 ++-- cdn/Dockerfile | 6 ++++-- cdn/requirements.txt | 3 ++- docker-compose.dev.yml | 7 ++++++- 15 files changed, 54 insertions(+), 22 deletions(-) diff --git a/.github/.docker-compose-database.yml b/.github/.docker-compose-database.yml index 19d54f43..cb3202b6 100644 --- a/.github/.docker-compose-database.yml +++ b/.github/.docker-compose-database.yml @@ -1,6 +1,6 @@ services: db: - image: postgis/postgis:15-3.3 + image: postgis/postgis:16-3.5 container_name: voyage-db restart: unless-stopped ports: diff --git a/.github/workflows/backend-beta.yml b/.github/workflows/backend-beta.yml index 85b3c622..521753e6 100644 --- a/.github/workflows/backend-beta.yml +++ b/.github/workflows/backend-beta.yml @@ -13,16 +13,17 @@ on: env: IMAGE_NAME: "voyage-backend" + PYTHON_IMAGE: "python:3.13-slim" jobs: upload: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -48,6 +49,8 @@ jobs: with: context: ./backend platforms: linux/amd64,linux/arm64 + build-args: | + PYTHON_IMAGE=${{ env.PYTHON_IMAGE }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:beta diff --git a/.github/workflows/backend-latest.yml b/.github/workflows/backend-latest.yml index 7e029d24..2284b5ab 100644 --- a/.github/workflows/backend-latest.yml +++ b/.github/workflows/backend-latest.yml @@ -15,6 +15,7 @@ on: env: IMAGE_NAME: "voyage-backend" + PYTHON_IMAGE: "python:3.13-slim" jobs: upload: @@ -50,6 +51,8 @@ jobs: with: context: ./backend platforms: linux/amd64,linux/arm64 + build-args: | + PYTHON_IMAGE=${{ env.PYTHON_IMAGE }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:latest diff --git a/.github/workflows/backend-release.yml b/.github/workflows/backend-release.yml index e0621d2c..abe15928 100644 --- a/.github/workflows/backend-release.yml +++ b/.github/workflows/backend-release.yml @@ -10,16 +10,17 @@ on: env: IMAGE_NAME: "voyage-backend" + PYTHON_IMAGE: "python:3.13-slim" jobs: upload: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -45,6 +46,8 @@ jobs: with: context: ./backend platforms: linux/amd64,linux/arm64 + build-args: | + PYTHON_IMAGE=${{ env.PYTHON_IMAGE }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} diff --git a/.github/workflows/backend-test.yml b/.github/workflows/backend-test.yml index a01cd48f..24249d40 100644 --- a/.github/workflows/backend-test.yml +++ b/.github/workflows/backend-test.yml @@ -15,15 +15,15 @@ jobs: steps: - uses: actions/checkout@v4 - - name: set up python 3.12 + - name: set up python 3.13 uses: actions/setup-python@v5 with: - python-version: "3.12" + python-version: "3.13" - name: install dependencies run: | sudo apt update -q - sudo apt install -y -q python3-gdal + sudo apt install -y -q gdal-bin libgdal-dev - name: start database run: | diff --git a/.github/workflows/frontend-beta.yml b/.github/workflows/frontend-beta.yml index cfb4d0db..ea738f7f 100644 --- a/.github/workflows/frontend-beta.yml +++ b/.github/workflows/frontend-beta.yml @@ -13,16 +13,17 @@ on: env: IMAGE_NAME: "voyage-frontend" + BUN_VERSION: "1.3.10" jobs: upload: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -48,6 +49,8 @@ jobs: with: context: ./frontend platforms: linux/amd64,linux/arm64 + build-args: | + BUN_VERSION=${{ env.BUN_VERSION }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:beta diff --git a/.github/workflows/frontend-latest.yml b/.github/workflows/frontend-latest.yml index cf4eddfa..59c8aeb3 100644 --- a/.github/workflows/frontend-latest.yml +++ b/.github/workflows/frontend-latest.yml @@ -15,6 +15,7 @@ on: env: IMAGE_NAME: "voyage-frontend" + BUN_VERSION: "1.3.10" jobs: upload: @@ -50,6 +51,8 @@ jobs: with: context: ./frontend platforms: linux/amd64,linux/arm64 + build-args: | + BUN_VERSION=${{ env.BUN_VERSION }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:latest diff --git a/.github/workflows/frontend-release.yml b/.github/workflows/frontend-release.yml index 268464f5..e20feeb8 100644 --- a/.github/workflows/frontend-release.yml +++ b/.github/workflows/frontend-release.yml @@ -10,16 +10,17 @@ on: env: IMAGE_NAME: "voyage-frontend" + BUN_VERSION: "1.3.10" jobs: upload: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -45,6 +46,8 @@ jobs: with: context: ./frontend platforms: linux/amd64,linux/arm64 + build-args: | + BUN_VERSION=${{ env.BUN_VERSION }} push: true tags: | ghcr.io/${{ steps.repo_owner.outputs.repo_owner }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} diff --git a/.github/workflows/frontend-test.yml b/.github/workflows/frontend-test.yml index 09eed3d3..6a159837 100644 --- a/.github/workflows/frontend-test.yml +++ b/.github/workflows/frontend-test.yml @@ -17,6 +17,8 @@ jobs: - name: setup bun uses: oven-sh/setup-bun@v2 + with: + bun-version: 1.3.10 - name: install dependencies working-directory: frontend diff --git a/.github/workflows/trivy_security_scans.yml b/.github/workflows/trivy_security_scans.yml index 0d7be0d7..9cbf9476 100644 --- a/.github/workflows/trivy_security_scans.yml +++ b/.github/workflows/trivy_security_scans.yml @@ -41,6 +41,9 @@ jobs: image-scan: name: Trivy Docker Image Scan (Backend & Frontend) runs-on: ubuntu-latest + env: + BUN_VERSION: "1.3.10" + PYTHON_IMAGE: "python:3.13-slim" steps: - name: Checkout code @@ -57,10 +60,10 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build backend Docker image - run: docker build -t voyage-backend ./backend + run: docker build --build-arg PYTHON_IMAGE=${{ env.PYTHON_IMAGE }} -t voyage-backend ./backend - name: Build frontend Docker image - run: docker build -t voyage-frontend ./frontend + run: docker build --build-arg BUN_VERSION=${{ env.BUN_VERSION }} -t voyage-frontend ./frontend - name: Scan backend Docker image with Trivy uses: aquasecurity/trivy-action@master diff --git a/backend/Dockerfile b/backend/Dockerfile index 6e61d324..98199d17 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,5 +1,6 @@ # Stage 1: Build stage with dependencies -FROM python:3.13-slim AS builder +ARG PYTHON_IMAGE=python:3.13-slim +FROM ${PYTHON_IMAGE} AS builder # Metadata labels LABEL maintainer="Voyage contributors" \ @@ -35,7 +36,7 @@ RUN pip install --upgrade pip \ && pip install --no-cache-dir -r requirements.txt # Stage 2: Final image with runtime dependencies -FROM python:3.13-slim +FROM ${PYTHON_IMAGE} WORKDIR /code ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 diff --git a/backend/server/requirements.txt b/backend/server/requirements.txt index 72777318..d75efae6 100644 --- a/backend/server/requirements.txt +++ b/backend/server/requirements.txt @@ -33,5 +33,5 @@ legacy-cgi==2.6.4 requests>=2.32.5 cryptography>=46.0.5 django-mcp-server>=0.5.7 -litellm>=1.82.1 -duckduckgo-search>=4.0.0 +litellm>=1.82.2 +duckduckgo-search>=8.1.1 diff --git a/cdn/Dockerfile b/cdn/Dockerfile index f47e79a0..d1206b17 100644 --- a/cdn/Dockerfile +++ b/cdn/Dockerfile @@ -1,11 +1,13 @@ # Use an official Python image as a base -FROM python:3.11-slim +ARG PYTHON_IMAGE=python:3.13-slim +FROM ${PYTHON_IMAGE} # Set the working directory WORKDIR /app # Install required Python packages -RUN pip install --no-cache-dir requests osm2geojson +COPY requirements.txt /app/requirements.txt +RUN pip install --no-cache-dir -r /app/requirements.txt # Copy the script into the container COPY main.py /app/main.py diff --git a/cdn/requirements.txt b/cdn/requirements.txt index 1f11fabb..289428db 100644 --- a/cdn/requirements.txt +++ b/cdn/requirements.txt @@ -1 +1,2 @@ -osm2geojson==0.2.5 \ No newline at end of file +requests==2.32.5 +osm2geojson==0.3.2 diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index ee105e59..b6117349 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -3,6 +3,8 @@ services: build: context: ./frontend/ target: builder + args: + BUN_VERSION: ${BUN_VERSION:-1.3.10} # image: ghcr.io/alex-wiesner/voyage-frontend:latest restart: unless-stopped user: root @@ -28,7 +30,10 @@ services: - postgres_data:/var/lib/postgresql/data/ server: - build: ./backend/ + build: + context: ./backend/ + args: + PYTHON_IMAGE: ${PYTHON_IMAGE:-python:3.13-slim} # image: ghcr.io/alex-wiesner/voyage-backend:latest restart: unless-stopped entrypoint: []