MAIN-1682 Upgrade branch (#1466)

* working version

* two stage build to remove setup tools

* working dockerfile

* added comment

* added gcc back for pip installs

* remove duplicated build

* no dev deprecated

* Update poetry.lock

* added test for debugging

* pytest fix

* reverting to module

Dockerfile

@@ -1,33 +1,69 @@
-# see https://pythonspeed.com/articles/alpine-docker-python/ for the reason we don't use alpine
-FROM python:3.9-slim
+# Build stage
+FROM python:3.11-slim as builder
+ENV PATH="/root/.local/bin/:$PATH"
+
 RUN apt-get update \
     && dpkg --add-architecture arm64 \
-    && apt-get install -y --no-install-recommends git ssh socat wget curl libcairo2 python3-dev libffi-dev \
+    && apt-get install -y --no-install-recommends curl gcc \
     && pip3 install --no-cache-dir --upgrade pip \
     && rm -rf /var/lib/apt/lists/*
 
 ENV ENV_TYPE=DEV
 
 RUN mkdir /app
-RUN curl -sSL https://install.python-poetry.org | python3 -
-RUN /root/.local/bin/poetry config virtualenvs.create false
 WORKDIR /app
 
-# Install gcc to compile rumal.yaml.clib, wheel is missing.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends gcc \
-    && pip3 install --no-cache-dir ruamel.yaml.clib==0.2.8 \
-    && apt-get purge -y --auto-remove gcc \
-    && rm -rf /var/lib/apt/lists/*
+# Create and activate virtual environment
+RUN python -m venv /app/venv --upgrade-deps && \
+    . /app/venv/bin/activate
+
+ENV VIRTUAL_ENV=/app/venv
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-# we install the project requirements and install the app in separate stages to optimize docker layer caching
+# Install Poetry
+RUN curl -sSL https://install.python-poetry.org | python3 -
+RUN poetry config virtualenvs.create false
+
+# Install gcc to compile ruamel.yaml.clib, wheel is missing.
+RUN pip3 install --no-cache-dir ruamel.yaml.clib==0.2.8
+
+# Install project dependencies
 COPY pyproject.toml poetry.lock /app/
-RUN /root/.local/bin/poetry install --no-root --no-dev --extras "all"
+RUN poetry install --no-root --without dev --extras "all"
+
+# Copy project source code
 COPY src/ /app/src
-RUN /root/.local/bin/poetry install --no-dev --extras "all"
+RUN poetry install --without dev --extras "all"
 
+# Install playbooks
 COPY playbooks/ /etc/robusta/playbooks/defaults
-RUN python3 -m pip install --no-cache-dir /etc/robusta/playbooks/defaults
+RUN pip install --no-cache-dir /etc/robusta/playbooks/defaults
+
+# Final stage
+FROM python:3.11-slim
+
+ENV ENV_TYPE=DEV
+ENV PYTHONUNBUFFERED=1
+ENV VIRTUAL_ENV=/app/venv
+ENV PATH="/venv/bin:$PATH"
+ENV PYTHONPATH=$PYTHONPATH:.:/app/src
+
+WORKDIR /app
+COPY --from=builder /app/venv /venv
+COPY --from=builder /etc/robusta/playbooks/defaults /etc/robusta/playbooks/defaults
+# Copy virtual environment and application files from the build stage
+COPY --from=builder /app /app
+
+# Install necessary packages for the runtime environment
+RUN apt-get update \
+    && dpkg --add-architecture arm64 \
+    && pip3 install --no-cache-dir --upgrade pip \
+    && apt-get install -y --no-install-recommends git ssh curl libcairo2 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Patching CVE-2024-32002
+RUN git config --global core.symlinks false
 
+# Run the application
 # -u disables stdout buffering https://stackoverflow.com/questions/107705/disable-output-buffering
 CMD [ "python3", "-u", "-m", "robusta.runner.main"]