From a4736b07feb805550935045bf5fe46de71e4f7a7 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 15 Jun 2026 16:11:34 -0500 Subject: [PATCH 1/5] Dockerfile: build with el9 and use python3.12 --- Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a6f16fda..b9d00106e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hub.opensciencegrid.org/opensciencegrid/software-base:24-el8-release +FROM hub.osg-htc.org/osg-htc/software-base:25-el9-release # Install dependencies (application, Apache) RUN \ @@ -7,8 +7,8 @@ RUN \ gcc \ git \ libyaml-devel \ - python39-devel \ - python39-pip \ + python3.12-devel \ + python3.12-pip \ && yum install -y \ fetch-crl \ httpd \ @@ -21,13 +21,11 @@ RUN \ osg-internal-cas \ && yum clean all && rm -rf /var/cache/yum/* -RUN alternatives --set python3 /usr/bin/python3.9 - WORKDIR /app # Install application dependencies COPY requirements-apache.txt requirements-rootless.txt ./ -RUN pip3 install --no-cache-dir -r requirements-apache.txt +RUN pip3.12 install --no-cache-dir -r requirements-apache.txt # Create data directory, and gather SSH keys for git RUN mkdir /data && \ From ef3eec1b8c0d331dd8dc357cc149f063ff269851 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 15 Jun 2026 16:11:52 -0500 Subject: [PATCH 2/5] Requirements: update to latest --- requirements-apache.txt | 4 +-- requirements-rootless.txt | 58 ++++++++++++++++++++------------------- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/requirements-apache.txt b/requirements-apache.txt index 2844e6680..749c134bd 100644 --- a/requirements-apache.txt +++ b/requirements-apache.txt @@ -1,6 +1,6 @@ -r requirements-rootless.txt # mod-wsgi requires apache httpd headers (redhat package httpd-devel, ubuntu package apache2-dev) -# also gcc and python headers (redhat package python39-devel or similar) -mod-wsgi~=4.9.4 +# also gcc and python headers (redhat package python3.12-devel or similar) +mod-wsgi~=6.0.4 diff --git a/requirements-rootless.txt b/requirements-rootless.txt index 740f496bb..95c751d31 100644 --- a/requirements-rootless.txt +++ b/requirements-rootless.txt @@ -1,33 +1,35 @@ # This file is included in requirements-apache.txt -asn1~=2.7.0 -blinker~=1.6.2 -certifi>=2023.5.7 -chardet~=5.1.0 -charset-normalizer~=3.1.0 -click~=8.1.3 -configobj~=5.0.8 +asn1~=3.3.0 +blinker~=1.9.0 +certifi>=2026.5.20 +chardet~=7.4.3 +charset-normalizer~=3.4.7 +click~=8.4.1 +configobj~=5.0.9 enum-compat~=0.0.3 -Flask~=2.3.2 -Flask-WTF~=1.1.1 -gitdb~=4.0.10 -GitPython~=3.1.31 -icalendar~=5.0.5 -idna~=3.4 -itsdangerous~=2.1.2 -Jinja2~=3.1.2 +Flask~=3.1.3 +Flask-WTF~=1.3.0 +gitdb~=4.0.12 +GitPython~=3.1.50 +icalendar~=7.1.3 +idna~=3.18 +itsdangerous~=2.2.0 +Jinja2~=3.1.6 ldap3~=2.9.1 -MarkupSafe~=2.1.2 -prometheus-client~=0.20.0 +MarkupSafe~=3.0.3 +prometheus-client~=0.25.0 pyasn1~=0.6.3 -python-dateutil~=2.8.2 -python-gnupg~=0.5.0 -pytz>=2023.3 -PyYAML~=6.0 -requests~=2.32.4 -six~=1.16.0 -smmap~=5.0.0 -urllib3~=2.6.3 -Werkzeug~=3.1.4 -WTForms~=3.0.1 -xmltodict~=0.13.0 +python-dateutil~=2.9.0 +python-gnupg~=0.5.6 +pytz>=2026.2 +PyYAML~=6.0.3 +requests~=2.34.2 +six~=1.17.0 +smmap~=5.0.3 +typing-extensions~=4.15.0 +tzdata>=2026.2 +urllib3~=2.7.0 +Werkzeug~=3.1.8 +WTForms~=3.2.2 +xmltodict~=1.0.4 From 291ab63de052ee2d3334eb0066181f0734019ee4 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 15 Jun 2026 16:30:23 -0500 Subject: [PATCH 3/5] apache.conf: reference the Python 3.12 mod_wsgi module --- docker/apache.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/apache.conf b/docker/apache.conf index 0bf734f19..b358e4241 100644 --- a/docker/apache.conf +++ b/docker/apache.conf @@ -1,7 +1,7 @@ Listen 8080 Listen 8443 -LoadModule wsgi_module /usr/local/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so +LoadModule wsgi_module /usr/local/lib64/python3.12/site-packages/mod_wsgi/server/mod_wsgi-py312.cpython-312-x86_64-linux-gnu.so WSGIPythonPath /app # Run apps in separate processes to stop yaml.CSafeLoader import-time error From 86c4973218767e42c899321c6c5c0dbe6584ad9b Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 15 Jun 2026 16:44:27 -0500 Subject: [PATCH 4/5] GHA: use Python 3.12 for validate-code and validate-data --- .github/workflows/validate-code.yml | 2 +- .github/workflows/validate-data.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-code.yml b/.github/workflows/validate-code.yml index a21c49284..f41ca2127 100644 --- a/.github/workflows/validate-code.yml +++ b/.github/workflows/validate-code.yml @@ -10,7 +10,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: 3.9.15 + python-version: 3.12.13 - name: Install packages run: | sudo apt-get update diff --git a/.github/workflows/validate-data.yml b/.github/workflows/validate-data.yml index 23b23afda..d32799741 100644 --- a/.github/workflows/validate-data.yml +++ b/.github/workflows/validate-data.yml @@ -11,7 +11,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: 3.9.15 + python-version: 3.12.13 - name: Install packages run: | sudo apt-get update From cc1c18b415950a349e77d0b9e0507b90d6aa60d1 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 15 Jun 2026 17:11:41 -0500 Subject: [PATCH 5/5] Use python3.12 -m pip ... to call pip In theory more robust than the 'pip3.12' alias Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b9d00106e..f42c8f259 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,7 @@ WORKDIR /app # Install application dependencies COPY requirements-apache.txt requirements-rootless.txt ./ -RUN pip3.12 install --no-cache-dir -r requirements-apache.txt +RUN python3.12 -m pip install --no-cache-dir -r requirements-apache.txt # Create data directory, and gather SSH keys for git RUN mkdir /data && \