Skip to content

fix: upgrade setuptools to 79.0.1 in python-samples-testing-docker #13468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

fix: upgrade setuptools to 79.0.1 in python-samples-testing-docker #13468

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4bab95e
fix: upgrade setuptools to 79.0.1 in python-samples-testing-docker
parthea Jun 29, 2025
ab5e525
add comment
parthea Jun 29, 2025
9ceff81
address feedback from gemini-code-assist
parthea Jun 29, 2025
5c4e1bb
address feedback from gemini-code-assist
parthea Jun 29, 2025
a89d6f3
address feedback from gemini-code-assist
parthea Jun 29, 2025
ee8b176
add license header
parthea Jun 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 31 additions & 8 deletions .kokoro/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ RUN apt-get update \
uuid-dev \
wget \
zlib1g-dev \
&& apt remove -y python3-setuptools \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider using apt-get instead of apt for package management. apt-get is more script-friendly and its behavior is more predictable in automated environments like Dockerfiles.

  && apt-get remove -y python3-setuptools \

&& apt-get clean autoclean \
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/* \
Expand Down Expand Up @@ -116,7 +117,7 @@ RUN set -ex \
&& export GNUPGHOME="$(mktemp -d)" \
&& echo "disable-ipv6" >> "${GNUPGHOME}/dirmngr.conf" \
&& /tmp/fetch_gpg_keys.sh \
&& for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.20 3.10.15 3.11.10 3.12.7 3.13.0; do \
&& for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.23 3.10.18 3.11.13 3.12.11 3.13.5; do \
wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
&& wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \
&& gpg --batch --verify python-${PYTHON_VERSION}.tar.xz.asc python-${PYTHON_VERSION}.tar.xz \
Expand Down Expand Up @@ -144,7 +145,7 @@ RUN set -ex \
# Install pip on Python 3.10 only.
# If the environment variable is called "PIP_VERSION", pip explodes with
# "ValueError: invalid truth value '<VERSION>'"
ENV PYTHON_PIP_VERSION 21.3.1
ENV PYTHON_PIP_VERSION 23.1.2
RUN wget --no-check-certificate -O /tmp/get-pip-3-7.py 'https://bootstrap.pypa.io/pip/3.7/get-pip.py' \
&& wget --no-check-certificate -O /tmp/get-pip-3-8.py 'https://bootstrap.pypa.io/pip/3.8/get-pip.py' \
&& wget --no-check-certificate -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \
Expand All @@ -165,6 +166,8 @@ RUN python3.9 /tmp/get-pip.py
RUN python3.8 /tmp/get-pip-3-8.py
RUN python3.7 /tmp/get-pip-3-7.py
RUN rm /tmp/get-pip.py
RUN rm /tmp/get-pip-3-8.py
RUN rm /tmp/get-pip-3-7.py
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Combine these rm commands into a single RUN instruction to reduce the number of layers in the Docker image, optimizing its size.

RUN rm /tmp/get-pip.py /tmp/get-pip-3-8.py /tmp/get-pip-3-7.py


# Test Pip
RUN python3 -m pip
Expand All @@ -176,17 +179,37 @@ RUN python3.11 -m pip
RUN python3.12 -m pip
RUN python3.13 -m pip

# Install "setuptools" for Python 3.12+ (see https://docs.python.org/3/whatsnew/3.12.html#distutils)
RUN python3.12 -m pip install --no-cache-dir setuptools
RUN python3.13 -m pip install --no-cache-dir setuptools
# Remove setuptools installations for Python 2.7, 3.7, 3.8
# since there is no fix for CVE-2025-47273/CVE-2025-47273.
# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124
RUN for PYTHON_VERSION in 2.7 3.7 3.8; do \
/usr/local/bin/python${PYTHON_VERSION} -m pip \
uninstall -y \
setuptools \
; done

# Install/upgrade setuptools installations for Python 3.9, 3.10 and 3.11
# for CVE-2025-47273/CVE-2025-47273.
# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124
# Also install "setuptools" for Python 3.12+ since it's not included automatically
# (see https://docs.python.org/3/whatsnew/3.12.html#distutils)
COPY requirements.txt /requirements.txt

RUN for PYTHON_VERSION in 3.9 3.10 3.11 3.12 3.13; do \
/usr/local/bin/python${PYTHON_VERSION} -m pip \
install \
--no-cache-dir \
--require-hashes \
-r /requirements.txt \
; done
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Remove the temporary file /requirements.txt in the same RUN layer where it's used to avoid creating an extra layer and reduce the image size.

  ; done && rm /requirements.txt


# Install "virtualenv", since the vast majority of users of this image will want it.
RUN pip install --no-cache-dir virtualenv

# Setup Cloud SDK
ENV CLOUD_SDK_VERSION 502.0.0
# Use system python for cloud sdk.
ENV CLOUDSDK_PYTHON python3.10
ENV CLOUD_SDK_VERSION 528.0.0
# Use python 3.12 for cloud sdk.
ENV CLOUDSDK_PYTHON python3.12
RUN wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz
RUN tar xzf google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz
RUN /google-cloud-sdk/install.sh
Expand Down
3 changes: 3 additions & 0 deletions .kokoro/docker/requirements.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124
# for the reason that setuptools 79.0.1 is used for Python 3.9, 3.10 and 3.11
setuptools==79.0.1
12 changes: 12 additions & 0 deletions .kokoro/docker/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes requirements.in
#

# The following packages are considered to be unsafe in a requirements file:
setuptools==79.0.1 \
--hash=sha256:128ce7b8f33c3079fd1b067ecbb4051a66e8526e7b65f6cec075dfc650ddfa88 \
--hash=sha256:e147c0549f27767ba362f9da434eab9c5dc0045d5304feb602a0af001089fc51
# via -r requirements.in