Temporary container for 3.9 python
IMPORTANT NOTE
You can use this container by replacing the image name in your configuration yml
gemnasium-python-dependency_scanning:
image:
name: registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python:2-python-3.9However this is a temporary work around, we will announce deprecation - and removal will be swiftly after (as short as 1 release)
YOU MUST KEEP A WATCH ON THE DEPRECATION ISSUE OR THE IMAGE MAY GO AWAY WITHOUT YOU BEING PREPARED
Problem to solve
There are users of python 3.7 and 3.9 who can not use dependency scanning today - and can not wait for the long term solution.
User experience goal
Follow instructions and then be able to use dependency scanning temporarily
Proposal
Create a one off image using 3.9 (and have a 3.7 user test if it resolves their issue) clearly indicate it is a temporary fix and have it named and tagged as such. All people using it should be collected in an issue (a private one?) to be informed when the correct feature is released.
Implementation plan
-
change the Dockerfile so that the version referenced in the base image becomes a Docker build argument named
PYTHON_VERSIONSee WIP: Build separate Python 3.9 image for PoC
-
Duplicate existing tests, changing the target image to check
python-3.9- Fix broken python-3.9-ds-excluded-paths-qa test
- Fix broken python-3.9-pip-qa test
-
Add build job similar to
build tmp image, and that sets PYTHON_VERSION (Docker build argument) and TMP_IMAGE (to avoid collision)See Add build tmp python image job for details
-
Add "tag jobs" to publish the temporary images
-
Test new
python-3.9image with:- a customer who uses python 3.9
- a customer who uses python 3.7
Documentation
no as it's a temp fix
Availability & Testing
yes test it, but no long term testing?