Feat: Update base image to fix Konflux RPM signature scan

eranco74 · eranco74 · commit a6b657cb89af · 2025-07-22T14:02:59.000+03:00
This commit update the Containerfile, switching the base image to the ubi9/python-312 image.
This eliminates manual Python installations, resulting in a cleaner and more efficient build.
This change resolves issues with the Konflux RPM signature scan by mitigating the risk of unverified artifact injection.

Signed-off-by: Eran Cohen &lt;eranco@redhat.com&gt;
diff --git a/Containerfile b/Containerfile
@@ -1,12 +1,8 @@
 # vim: set filetype=dockerfile
-FROM registry.access.redhat.com/ubi9/ubi-minimal AS builder
+FROM registry.redhat.io/ubi9/python-312:9.6 AS builder
 
 ARG APP_ROOT=/app-root
 
-# Install Python
-RUN microdnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs \
-    python3.12 python3.12-devel python3.12-pip
-
 # UV_PYTHON_DOWNLOADS=0 : Disable Python interpreter downloads and use the system interpreter.
 ENV UV_COMPILE_BYTECODE=0 \
     UV_LINK_MODE=copy \
@@ -26,9 +22,8 @@ RUN uv sync --locked --no-install-project --no-dev
 
 
 # Final image without uv package manager
-FROM registry.access.redhat.com/ubi9/ubi-minimal
+FROM registry.redhat.io/ubi9/python-312:9.6
 ARG APP_ROOT=/app-root
-RUN microdnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs python3.12 python3.12-pip
 WORKDIR /app-root
 
 # PYTHONDONTWRITEBYTECODE 1 : disable the generation of .pyc
