{"id":50376943,"url":"https://github.com/oioki/python-base-image","last_synced_at":"2026-05-30T10:01:45.834Z","repository":{"id":359443386,"uuid":"1245905423","full_name":"oioki/python-base-image","owner":"oioki","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-21T23:37:30.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T07:42:27.331Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oioki.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-21T17:13:58.000Z","updated_at":"2026-05-21T23:37:33.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/oioki/python-base-image","commit_stats":null,"previous_names":["oioki/python-base-image"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/oioki/python-base-image","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oioki%2Fpython-base-image","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oioki%2Fpython-base-image/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oioki%2Fpython-base-image/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oioki%2Fpython-base-image/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oioki","download_url":"https://codeload.github.com/oioki/python-base-image/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oioki%2Fpython-base-image/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33687722,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-30T10:01:44.503Z","updated_at":"2026-05-30T10:01:45.827Z","avatar_url":"https://github.com/oioki.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# python-base-image\n\nA distroless Python 3.13 base image built from scratch on Debian 13 (trixie).\nDrop-in analog of `ghcr.io/getsentry/dhi/python:3.13-debian13`, designed as the\nruntime base for Sentry services such as [snuba](https://github.com/getsentry/snuba).\n\n## Images\n\n| Tag | Description |\n| --- | --- |\n| `ghcr.io/oioki/python-base-image/python:3.13-debian13`     | `FROM scratch` + Python 3.13 + glibc/openssl/sqlite/lz4/... — no shell, no apt. |\n| `ghcr.io/oioki/python-base-image/python:3.13-debian13-dev` | Same as above plus busybox-static (`sh`, `ls`, `cat`, `wget`, …) for debugging. |\n\nBoth images:\n\n- Layout: `/opt/python/bin/python3`, `/opt/python/lib/python3.13/...`\n- User: `nonroot` (UID/GID 65532, the conventional distroless UID), `HOME=/home/nonroot`\n- `LD_LIBRARY_PATH=/opt/python/lib` so the loader finds libpython without needing `RPATH`\n- CA bundle: `/etc/ssl/certs/ca-certificates.crt` (also exposed via `SSL_CERT_FILE`)\n- Timezone DB: `/usr/share/zoneinfo`\n- `ENTRYPOINT` is `python3` — override as needed\n- `dbm.gnu` is unavailable (libgdbm is not shipped) — use `sqlite3` if you need a stdlib KV store\n\nBuilt for `linux/amd64` and `linux/arm64`.\n\n## Usage in snuba's Dockerfile\n\nReplace the DHI references at the bottom of `Dockerfile`:\n\n```dockerfile\nFROM ghcr.io/oioki/python-base-image/python:3.13-debian13     AS application-distroless\n# ...\nFROM ghcr.io/oioki/python-base-image/python:3.13-debian13-dev AS application-distroless-debug\n```\n\nThe rest of the snuba Dockerfile works unchanged — `distroless_prep` already\nre-symlinks the venv's `python` to `/opt/python/bin/python3` and copies its own\n`/etc/passwd`/`/etc/group` over the base image's.\n\n## Local development\n\n```sh\nmake build         # builds both variants for the native architecture\nmake test          # runs Python smoke tests inside each variant\nmake clean\n```\n\nBuild args:\n\n```sh\nmake build PYTHON_VERSION=3.13.12 DEBIAN_RELEASE=trixie TAG_BASE=3.13-debian13\n```\n\n## How it's built\n\n`Dockerfile` is a multi-stage build:\n\n1. `python-source` — pulls the official `python:${PYTHON_VERSION}-slim-${DEBIAN_RELEASE}`.\n2. `rootfs-prod` — `debian:trixie-slim` with the runtime shared libs apt-installed;\n   relocates Python to `/opt/python`, runs `ldconfig`, creates the `nonroot` user,\n   sanity-tests the interpreter, then stages a curated `/rootfs` tree.\n3. `rootfs-dev` — extends `rootfs-prod` with busybox-static and its applet symlinks.\n4. `application-distroless` / `application-distroless-dev` — `FROM scratch`, with the\n   staged rootfs copied wholesale.\n\nThe `rootfs` approach keeps the final image free of apt, /var, /sbin, and anything\nelse not explicitly listed.\n\n## CI\n\n`.github/workflows/build.yml` builds both variants for amd64 and arm64 on native\nrunners and assembles multi-arch manifests on push to `main`. Published tags:\n\n- `:3.13-debian13` and `:3.13-debian13-dev` (floating)\n- `:\u003csha\u003e` and `:\u003csha\u003e-dev` (immutable, traceable to a commit)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foioki%2Fpython-base-image","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foioki%2Fpython-base-image","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foioki%2Fpython-base-image/lists"}