diff --git a/.github/workflows/build-notebooks-pr-aipcc.yaml b/.github/workflows/build-notebooks-pr-aipcc.yaml index f718bb67a7..9c3d885231 100644 --- a/.github/workflows/build-notebooks-pr-aipcc.yaml +++ b/.github/workflows/build-notebooks-pr-aipcc.yaml @@ -89,5 +89,6 @@ jobs: python: "${{ matrix.python }}" github: "${{ toJSON(github) }}" platform: "${{ matrix.platform }}" - subscription: "${{ matrix.subscription }}" + # rhds/notebooks builds from AIPCC base images that are RHEL-based + subscription: "true" secrets: inherit diff --git a/.github/workflows/build-notebooks-push.yaml b/.github/workflows/build-notebooks-push.yaml index c3c712c79c..25e60c43c3 100644 --- a/.github/workflows/build-notebooks-push.yaml +++ b/.github/workflows/build-notebooks-push.yaml @@ -53,5 +53,6 @@ jobs: python: "${{ matrix.python }}" github: "${{ toJSON(github) }}" platform: "${{ matrix.platform }}" - subscription: "${{ matrix.subscription }}" + # rhds/notebooks builds from AIPCC base images that are RHEL-based + subscription: "${{ matrix.subscription || (github.repository == 'red-hat-data-services/notebooks') }}" secrets: inherit diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu index bc6ea645ea..a75f9b5609 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu @@ -1,3 +1,5 @@ +#poke + ######################### # configuration args # ######################### diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 9c3871fa36..b8a1f55e8e 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -1,3 +1,5 @@ +#poke + ######################### # configuration args # ######################### diff --git a/rstudio/rhel9-python-3.12/Dockerfile.cpu b/rstudio/rhel9-python-3.12/Dockerfile.cpu index 48a3c33742..dd57a7b6a1 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.cpu +++ b/rstudio/rhel9-python-3.12/Dockerfile.cpu @@ -24,6 +24,13 @@ USER root COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo COPY --from=ubi-repos /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +RUN /bin/bash <<'EOF' +set -Eeuxo pipefail +if command -v subscription-manager &> /dev/null; then + subscription-manager identity &>/dev/null && subscription-manager refresh || echo "Not registered, skipping refresh." +fi +EOF + # upgrade first to avoid fixable vulnerabilities begin # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) @@ -151,6 +158,8 @@ mkdir -p /usr/share/doc/R # package installation # install necessary texlive-framed package to make Knit R markup to PDF rendering possible dnf install -y libgit2-devel.x86_64 libcurl-devel harfbuzz-devel.x86_64 fribidi-devel.x86_64 cmake "flexiblas-*" texlive-framed +# install npm to run cve_remediation script +dnf install -y npm dnf clean all rm -rf /var/cache/yum (cd /tmp/utils && ./cve_remediation.sh) diff --git a/rstudio/rhel9-python-3.12/Dockerfile.cuda b/rstudio/rhel9-python-3.12/Dockerfile.cuda index fcd672931e..92c02bb69b 100644 --- a/rstudio/rhel9-python-3.12/Dockerfile.cuda +++ b/rstudio/rhel9-python-3.12/Dockerfile.cuda @@ -24,6 +24,13 @@ USER root COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo COPY --from=ubi-repos /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +RUN /bin/bash <<'EOF' +set -Eeuxo pipefail +if command -v subscription-manager &> /dev/null; then + subscription-manager identity &>/dev/null && subscription-manager refresh || echo "Not registered, skipping refresh." +fi +EOF + # upgrade first to avoid fixable vulnerabilities begin # Problem: The operation would result in removing the following protected packages: systemd # (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) @@ -165,6 +172,8 @@ mkdir -p /usr/share/doc/R # package installation # install necessary texlive-framed package to make Knit R markup to PDF rendering possible dnf install -y libgit2-devel.x86_64 libcurl-devel harfbuzz-devel.x86_64 fribidi-devel.x86_64 cmake "flexiblas-*" texlive-framed +# install npm to run cve_remediation script +dnf install -y npm dnf clean all rm -rf /var/cache/yum (cd /tmp/utils && ./cve_remediation.sh) diff --git a/rstudio/rhel9-python-3.12/build-args/cpu.conf b/rstudio/rhel9-python-3.12/build-args/cpu.conf index 2dec27f449..4af0b8d1a9 100644 --- a/rstudio/rhel9-python-3.12/build-args/cpu.conf +++ b/rstudio/rhel9-python-3.12/build-args/cpu.conf @@ -1,3 +1,4 @@ -# Base Image : CentOS Stream 9 with Python 3.12 -# Architectures: linux/arm64, linux/x86_64 -BASE_IMAGE=quay.io/opendatahub/odh-base-image-cpu-py312-c9s:latest +# Base Image : RHEL 9.6 with Python 3.12 +# Architectures: linux/arm64, linux/ppc64le, linux/x86_64, linux/s360x +# Source : https://quay.io/repository/aipcc/base-images/cpu +BASE_IMAGE=quay.io/aipcc/base-images/cpu:3.1-1762903336 diff --git a/rstudio/rhel9-python-3.12/build-args/cuda.conf b/rstudio/rhel9-python-3.12/build-args/cuda.conf index d6c3287261..065bc1be6a 100644 --- a/rstudio/rhel9-python-3.12/build-args/cuda.conf +++ b/rstudio/rhel9-python-3.12/build-args/cuda.conf @@ -1,4 +1,5 @@ -# Base Image : CentOS Stream 9 with Python 3.12 +# Base Image : RHEL 9.6 with Python 3.12 # CUDA Version : 12.8.1 # Architectures: linux/arm64, linux/x86_64 -BASE_IMAGE=quay.io/opendatahub/odh-base-image-cuda-py312-c9s:v12.8 +# Source : https://quay.io/repository/aipcc/base-images/cuda +BASE_IMAGE=quay.io/aipcc/base-images/cuda:3.1-1762903318