feat: sumac release

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
     - name: Python Semantic Release
       uses: actions/setup-python@v5
       with:
-        python-version: 3.11
+        python-version: 3.12
 
     - name: Install dependencies
       run: |

drydock_backups/templates/drydock_backups/build/backups/Dockerfile

@@ -1,42 +1,54 @@
 FROM debian:bookworm-slim AS base
 
-RUN apt-get update && apt-get install -y wget gnupg2 curl && rm -rf /var/lib/apt/lists/*
-
-RUN set -eux; \
-# pub   rsa4096 2023-10-23 [SC] [expires: 2025-10-22]
-#       BCA4 3417 C3B4 85DD 128E  C6D4 B7B3 B788 A8D3 785C
-# uid           [ unknown] MySQL Release Engineering <[email protected]>
-# sub   rsa4096 2023-10-23 [E] [expires: 2025-10-22]
-	key='BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C'; \
-	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
-	mkdir -p /etc/apt/keyrings; \
-	gpg --batch --export "$key" > /etc/apt/keyrings/mysql.gpg; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME"
-
-RUN echo 'deb [ signed-by=/etc/apt/keyrings/mysql.gpg ] http://repo.mysql.com/apt/debian/ bookworm mysql-8.4-lts' > /etc/apt/sources.list.d/mysql.list
-
-# The following command is required to prevent the following error:
-# GPG error: http://repo.mysql.com/apt/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B7B3B788A8D3785C
-# The solution was found here: https://askubuntu.com/questions/1497140/how-to-fix-apt-update-after-to-upgrade-the-mysql-list-file#comment2623210_1497141
-# RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B7B3B788A8D3785C && rm /etc/apt/keyrings/mysql.gpg && gpg  --output /etc/apt/keyrings/mysql.gpg --export B7B3B788A8D3785C
-
-RUN curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
-
-RUN echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] http://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
-
-RUN apt-get update && apt-get install -y \
-    mysql-community-client \
-    mongodb-org \
-    awscli \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN wget -O /tmp/azcopy.tar.gz https://aka.ms/downloadazcopy-v10-linux \
-    && tar -xvf /tmp/azcopy.tar.gz -C /tmp \
-    && cp /tmp/azcopy_linux_amd64*/azcopy /usr/bin/ \
-    && chmod +x /usr/bin/azcopy \
-    && rm -rf /tmp/azcopy*
+RUN <<EOF
+    set -eux
+    apt-get update
+    apt-get install -y \
+        curl \
+        gnupg2
+    rm -rf /var/lib/apt/lists/*
+EOF
+
+RUN <<EOF
+    set -eux
+    # pub   rsa4096 2023-10-23 [SC] [expires: 2025-10-22]
+    #       BCA4 3417 C3B4 85DD 128E  C6D4 B7B3 B788 A8D3 785C
+    # uid           [ unknown] MySQL Release Engineering <[email protected]>
+    # sub   rsa4096 2023-10-23 [E] [expires: 2025-10-22]
+    key='BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C'
+    export GNUPGHOME="$(mktemp -d)"
+    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"
+    mkdir -p /etc/apt/keyrings; \
+    gpg --batch --export "$key" > /etc/apt/keyrings/mysql.gpg
+    gpgconf --kill all
+    rm -rf "$GNUPGHOME"
+    echo 'deb [ signed-by=/etc/apt/keyrings/mysql.gpg ] http://repo.mysql.com/apt/debian/ bookworm mysql-8.4-lts' > /etc/apt/sources.list.d/mysql.list
+EOF
+
+RUN <<EOF
+    set -eux
+    curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
+    echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] http://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
+EOF
+
+RUN <<EOF
+    set -eux
+    apt-get update
+    apt-get install -y \
+        awscli \
+        mongodb-org \
+        mysql-community-client
+    rm -rf /var/lib/apt/lists/*
+EOF
+
+RUN <<EOF
+    set -eux
+    AZCOPY_TMP="$(mktemp -d)"
+    curl -sL https://aka.ms/downloadazcopy-v10-linux |  \
+        tar -xz -C "${AZCOPY_TMP}"
+    mv ${AZCOPY_TMP}/azcopy_linux_amd64*/azcopy "/usr/local/bin"
+    rm -rf $AZCOPY_TMP
+EOF
 
 RUN useradd -m backupuser
 RUN echo "backupuser ALL=(ALL) NOPASSWD: /usr/bin/mysql, /usr/bin/mongodump" >> /etc/sudoers
@@ -45,6 +57,6 @@ USER backupuser
 
 WORKDIR /data
 
-COPY docker-entrypoint.sh /usr/local/bin/
+COPY --chown=backupuser:backupuser --chmod=744 docker-entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["docker-entrypoint.sh"]

pyproject.toml

@@ -27,7 +27,7 @@ classifiers = [
 requires-python = ">=3.8"
 
 dependencies = [
-    "tutor>=18.0.0,<19.0.0"
+    "tutor>=19.0.0,<20.0.0"
 ]
 
 [project.optional-dependencies]