Skip to content

Commit

Permalink
Move certbot installation to requirements.txt
Browse files Browse the repository at this point in the history
We have not really tracked which version of certbot that is installed
in the container, but I think we should. Adding it to the
requirements.txt file helps us get notified by dependabot when a new
version is available, and we can then trigger a rebuild to always keep
us up to date.

I also think we should try to bump at least our own patch version when
certbot moves. That way we allow users to also not have it change from
under their feet.
  • Loading branch information
JonasAlfredsson committed Feb 18, 2024
1 parent 5112379 commit 40ff6cd
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 8 deletions.
6 changes: 6 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ updates:
interval: "daily"
time: "04:00"
open-pull-requests-limit: 10
# Maintain dependencies for pip packages.
- package-ecosystem: "pip"
directory: "/src"
schedule:
interval: "daily"
open-pull-requests-limit: 10
# Maintain dependencies for GitHub Actions.
- package-ecosystem: "github-actions"
directory: "/"
Expand Down
11 changes: 7 additions & 4 deletions src/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ ENV CERTBOT_DNS_AUTHENTICATORS \
# any real need to cater to other programs/environments.
ARG PIP_BREAK_SYSTEM_PACKAGES=1

# Through this we gain the ability to handle certbot upgrades through
# dependabot pull requests.
COPY requirements.txt /requirements.txt

# Do a single run command to make the intermediary containers smaller.
RUN set -ex && \
# Install packages necessary during the build phase (for all architectures).
Expand All @@ -44,10 +48,9 @@ RUN set -ex && \
# Install the latest version of PIP, Setuptools and Wheel.
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 && \
# Install certbot.
pip3 install -U cffi certbot \
# And the supported extra authenticators
$(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') \
&& \
pip3 install -r /requirements.txt && \
# And the supported extra authenticators.
pip3 install $(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') && \
# Remove everything that is no longer necessary.
apt-get remove --purge -y \
build-essential \
Expand Down
11 changes: 7 additions & 4 deletions src/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ ENV CERTBOT_DNS_AUTHENTICATORS \
ionos \
bunny

# Through this we gain the ability to handle certbot upgrades through
# dependabot pull requests.
COPY requirements.txt /requirements.txt

# Do a single run command to make the intermediary containers smaller.
RUN set -ex && \
# Install packages necessary during the build phase (for all architectures).
Expand All @@ -40,10 +44,9 @@ RUN set -ex && \
# Install the latest version of PIP, Setuptools and Wheel.
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 && \
# Install certbot.
pip3 install -U cffi certbot \
# And the supported extra authenticators
$(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') \
&& \
pip3 install -r /requirements.txt && \
# And the supported extra authenticators.
pip3 install $(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') && \
# Remove everything that is no longer necessary.
apk del \
cargo \
Expand Down
1 change: 1 addition & 0 deletions src/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
certbot==2.9.0

0 comments on commit 40ff6cd

Please sign in to comment.