CPBR-3030 | Upgrade python to 3.14#1280
Conversation
| <ubi8-minimal.wget.version>1.19.5-12.el8_10</ubi8-minimal.wget.version> | ||
| <ubi8-minimal.nmap-ncat.version>7.92-2.el8_10</ubi8-minimal.nmap-ncat.version> | ||
| <ubi8-minimal.python39.version>3.9.25-2.module+el8.10.0+23718+1842ae33</ubi8-minimal.python39.version> | ||
| <python314.version>3.14.3</python314.version> |
There was a problem hiding this comment.
Can we rename it to python.python314.version . Whenever we add docker dependencies updation task, it requires properties in a similar format.
There was a problem hiding this comment.
fixed
There was a problem hiding this comment.
Do we still need these python installations?
There was a problem hiding this comment.
Thanks for pointing it out. Its removed
| && python3 -m pip install --upgrade "setuptools${PYTHON_SETUPTOOLS_VERSION}" \ | ||
| && python3 -m pip install --prefer-binary --prefix=/usr/local --upgrade "${PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC}" \ | ||
| && yum remove -y git \ | ||
| && yum remove -y git gcc gcc-c++ make perl-IPC-Cmd openssl-devel bzip2-devel findutils libffi-devel zlib-devel sqlite-devel \ |
There was a problem hiding this comment.
Abhishek Krishna (@abh1sh5k) is there any way for us to be sure that these are only needed to compile python and not at runtime? Will things break if we remove these packages?
There was a problem hiding this comment.
These packages are added for building python in the PR itself. It wont break if these are removed
- Fix build failure: Correct property reference from ${python314.version} to ${python.python314.version}
This addresses the reviewer's comment about following the python.*.version naming convention
- Reorganize Dockerfile into 4 clean layers with Python installed BEFORE Java:
1. Setup package manager and repositories
2. Install Python 3.14 from source (now before Java/system packages)
3. Install system packages and Java
4. Install Python packages and user setup
- Fix pip installation concerns:
- Remove unused PYTHON_PIP_VERSION ARG (pip now installed via --with-ensurepip)
- Add pip verification steps to ensure pip3 and python3 -m pip work correctly
- Add explanatory comment about pip installation method
- Remove debug scripts (check-pip-versions.sh, check-python-versions.sh)
This addresses all reviewer comments and ensures compatibility with downstream
Confluent Platform components (kafka, schema-registry, connect, etc.)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
airlock-confluentinc
Bot
force-pushed
the
python-upgrade
branch
from
bc73e52 to
7327b0b
Compare
There was a problem hiding this comment.
Can we remove this ARG: PYTHON_PIP_VERSION ?
| - sem-version python 3.14 | ||
| - . vault-setup | ||
| - . cache-maven restore | ||
| - pip install tox==3.28.0 |
There was a problem hiding this comment.
Can we also upgrade this to tox 4.x which is the latest version? Wdyt?
There was a problem hiding this comment.
Tested with upgrading tox version to 4.0.0. The build is failing with tox 4.0.0. The error shows it's a compatibility issue with tox 4.x and the existing setup.py configuration:
AttributeError: 'NoneType' object has no attribute 'metadata'
Tox 4.x has breaking changes and requires updates to the build configuration (pyproject.toml or modern setup.py). We can pick this up as a new task to avoid expanding the scope
| zlib-devel \ | ||
| sqlite-devel \ | ||
| findutils \ | ||
| && curl -O https://www.python.org/ftp/python/${PYTHON314_VERSION}/Python-${PYTHON314_VERSION}.tgz \ |
There was a problem hiding this comment.
nit: Our jmxterm dockerfile uses curl with -s -L so I asked AI, and it mentioned that we should use -fSLO so that we error out immediately if the url we are trying to get doesnt return the tar.gz .
There was a problem hiding this comment.
Also, does it make sense to add a small sha verficiation step since we are installing something from an external repo?
Krish Vora (KrishVora01)
dismissed
their stale review
Oops, had to select Comments instead of approve, sorry!
| gcc \ | ||
| gcc-c++ \ | ||
| make \ | ||
| perl-IPC-Cmd \ | ||
| openssl-devel \ | ||
| openssl-libs \ | ||
| ca-certificates \ | ||
| bzip2-devel \ | ||
| libffi-devel \ | ||
| zlib-devel \ | ||
| sqlite-devel \ | ||
| findutils \ |
There was a problem hiding this comment.
Let's install and remove packages required for installing python from source in a single docker image layer. This way they will not conflict with other dependencies getting installed.
There was a problem hiding this comment.
Fixed
| <ubi8-minimal.wget.version>1.19.5-12.el8_10</ubi8-minimal.wget.version> | ||
| <ubi8-minimal.nmap-ncat.version>7.92-2.el8_10</ubi8-minimal.nmap-ncat.version> | ||
| <ubi8-minimal.python39.version>3.9.25-2.module+el8.10.0+23718+1842ae33</ubi8-minimal.python39.version> | ||
| <python.python314.version>3.14.3</python.python314.version> |
There was a problem hiding this comment.
please move it after ubi8 minimal properties, similar properties should be clubbed together
| && make altinstall \ | ||
| && cd .. \ | ||
| && rm -rf Python-${PYTHON314_VERSION}* \ | ||
| && ln -sf /usr/local/bin/python3.14 /usr/bin/python3 \ |
There was a problem hiding this comment.
Abhishek Krishna (@abh1sh5k) can we remove these ln -sf commands as we are using alternatives.
There was a problem hiding this comment.
Python 3.14 works functionally (via symlinks) AND is properly registered with RHEL (via alternatives).
Without symlinks, /usr/bin/python3 wouldn't exist and alternatives commands would fail. Both are needed.
3 participants
Summary
This PR migrates the base image from Python 3.9 to Python 3.14 and changes confluent-docker-utils to use the replace-docker-compose-with-sdk branch instead of a tagged release.
Changes
Property names updated:
ubi8-minimal.python39.version → ubi8-minimal.python314.version
ubi8-minimal.python39-pip.version → ubi8-minimal.python314-pip.version
Dockerfile updated (base/Dockerfile.ubi8):
Package names: python39 → python3.14
Package names: python39-pip → python3.14-pip
POM references updated in base/pom.xml (both spotify and fabric8 plugins)
Changed git-repo.confluent-docker-utils.tag from v0.0.162 to replace-docker-compose-with-sdk
Updated base/requirements.txt to reference the branch instead of the tag
Files Modified
pom.xml - Updated property definitions
base/pom.xml - Updated build arguments
base/Dockerfile.ubi8 - Updated Python package names
base/requirements.txt - Updated confluent-docker-utils reference
Testing details
More thorough testing will be done with dockerrake once the PR is merged and dockerrake test will be triggered on the latest nightly: https://semaphore.ci.confluent.io/projects/dockerrake/schedulers