From b97b51074b50e96fa81ac26271387e016f77393e Mon Sep 17 00:00:00 2001 From: ITQ Date: Sat, 22 Nov 2025 16:43:06 +0300 Subject: [PATCH] (scope): [body] [footer(s)] --- .gitlab-ci.yml | 10 +++++++++- Containerfile | 2 +- Containerfile.ml | 8 +++----- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 733b9c5..c5c676e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -179,7 +179,7 @@ cache: policy: pull-push before_script: - apt-get update - - apt-get install -y --no-install-recommends ca-certificates curl just + - apt-get install -y --no-install-recommends ca-certificates curl just git - update-ca-certificates - curl -LsSf https://astral.sh/uv/install.sh | sh - export PATH="$HOME/.local/bin:$PATH" @@ -348,6 +348,14 @@ sast-image-migrations: dependencies: - build-migrations +sast-image-ml: + <<: *trivy-image-scan + variables: + IMAGE_NAME: $BASE_IMAGE_NAME/ml + IMAGE_TYPE: ml + dependencies: + - build-ml + tag-runtime: <<: *tag-config variables: diff --git a/Containerfile b/Containerfile index 79e039f..b4390f1 100644 --- a/Containerfile +++ b/Containerfile @@ -21,7 +21,7 @@ RUN apt-get update && \ COPY pyproject.toml uv.lock ./ -RUN uv sync --frozen --no-dev --no-cache --group backend +RUN uv sync --group backend --frozen --no-cache # Stage 2: Runtime diff --git a/Containerfile.ml b/Containerfile.ml index 2aa78a6..2ab5e34 100644 --- a/Containerfile.ml +++ b/Containerfile.ml @@ -1,9 +1,7 @@ # syntax=docker/dockerfile:1.20 -ARG PY_IMAGE=docker.io/python:3.12-slim - # Stage 1: Builder -FROM ${PY_IMAGE} AS builder +FROM docker.io/python:3.12-slim AS builder RUN apt-get update && \ apt-get install -y --no-install-recommends \ @@ -23,10 +21,10 @@ ENV PYTHONDONTWRITEBYTECODE=1 \ COPY pyproject.toml uv.lock ./ -RUN uv sync --frozen --no-dev --no-cache --group ml +RUN uv sync --frozen --no-cache --group ml # Stage 2: ML Runtime -FROM ${PY_IMAGE} AS ml +FROM docker.io/python:3.12-slim AS ml RUN apt-get update && \ apt-get install -y --no-install-recommends \