RHOAIENG-22962: add code-server python 3.12 image (opendatahub-io#1269)

* copypasta from 3.11
* replace 3.11 to 3.12
* add to Makefile

* Update Pipfile.lock files by piplock-renewal.yaml action

---------

Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>

Author: jiridanek

Makefile

@@ -416,10 +416,10 @@ else ifeq ($(PYTHON_VERSION), 3.12)
 		jupyter/datascience/ubi9-python-$(PYTHON_VERSION) \
 		jupyter/pytorch/ubi9-python-$(PYTHON_VERSION) \
 		jupyter/tensorflow/ubi9-python-$(PYTHON_VERSION) \
-		jupyter/rocm/pytorch/ubi9-python-$(PYTHON_VERSION)
+		jupyter/rocm/pytorch/ubi9-python-$(PYTHON_VERSION) \
+		codeserver/ubi9-python-$(PYTHON_VERSION)
 		# jupyter/trustyai/ubi9-python-$(PYTHON_VERSION)
 		# jupyter/rocm/tensorflow/ubi9-python-$(PYTHON_VERSION)
-		# codeserver/ubi9-python-$(PYTHON_VERSION)
 		# runtimes/minimal/ubi9-python-$(PYTHON_VERSION)
 		# runtimes/datascience/ubi9-python-$(PYTHON_VERSION)
 		# runtimes/pytorch/ubi9-python-$(PYTHON_VERSION)
@@ -504,13 +504,13 @@ all-images: \
 	cuda-jupyter-minimal-ubi9-python-$(RELEASE_PYTHON_VERSION) \
 	cuda-jupyter-tensorflow-ubi9-python-$(RELEASE_PYTHON_VERSION) \
 	cuda-jupyter-pytorch-ubi9-python-$(RELEASE_PYTHON_VERSION) \
- 	rocm-jupyter-pytorch-ubi9-python-$(RELEASE_PYTHON_VERSION)
+ 	rocm-jupyter-pytorch-ubi9-python-$(RELEASE_PYTHON_VERSION) \
+ 	codeserver-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # jupyter-trustyai-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # runtime-minimal-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # runtime-datascience-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # runtime-cuda-pytorch-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # runtime-cuda-tensorflow-ubi9-python-$(RELEASE_PYTHON_VERSION)
-# codeserver-ubi9-python-$(RELEASE_PYTHON_VERSION)
 # rstudio-c9s-python-$(RELEASE_PYTHON_VERSION)
 # cuda-rstudio-c9s-python-$(RELEASE_PYTHON_VERSION)
 # rstudio-rhel9-python-$(RELEASE_PYTHON_VERSION)

codeserver/ubi9-python-3.12/Dockerfile.cpu

@@ -0,0 +1,147 @@
+####################
+# base             #
+####################
+FROM registry.access.redhat.com/ubi9/python-312:latest AS base
+
+WORKDIR /opt/app-root/bin
+
+# OS Packages needs to be installed as root
+USER 0
+
+# Install useful OS packages
+RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
+
+# Other apps and tools installed as default user
+USER 1001
+
+# Install micropipenv to deploy packages from Pipfile.lock
+RUN pip install --no-cache-dir -U "micropipenv[toml]"
+
+# Install the oc client
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
+        -o /tmp/openshift-client-linux.tar.gz && \
+    tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
+    rm -f /tmp/openshift-client-linux.tar.gz
+
+
+####################
+# codeserver       #
+####################
+FROM base AS codeserver
+
+ARG CODESERVER_SOURCE_CODE=codeserver/ubi9-python-3.12
+ARG CODESERVER_VERSION=v4.98.0
+
+LABEL name="odh-notebook-code-server-ubi9-python-3.12" \
+      summary="code-server image with python 3.12 based on UBI 9" \
+      description="code-server image with python 3.12 based on UBI9" \
+      io.k8s.display-name="code-server image with python 3.12 based on UBI9" \
+      io.k8s.description="code-server image with python 3.12 based on UBI9" \
+      authoritative-source-url="https://github.com/opendatahub-io/notebooks" \
+      io.openshift.build.commit.ref="main" \
+      io.openshift.build.source-location="https://github.com/opendatahub-io/notebooks/tree/main/codeserver/ubi9-python-3.12" \
+      io.openshift.build.image="quay.io/opendatahub/workbench-images:codeserver-ubi9-python-3.12"
+
+USER 0
+
+WORKDIR /opt/app-root/bin
+
+# Install usefull OS packages
+RUN dnf install -y jq git-lfs libsndfile && dnf clean all && rm -rf /var/cache/yum
+
+# Install code-server
+RUN yum install -y "https://github.com/coder/code-server/releases/download/${CODESERVER_VERSION}/code-server-${CODESERVER_VERSION/v/}-amd64.rpm" && \
+    yum -y clean all --enablerepo='*'
+
+COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/utils utils/
+
+# Create and intall the extensions though build-time on a temporary directory. Later this directory will copied on the `/opt/app-root/src/.local/share/code-server/extensions` via run-code-server.sh file when it starts up.
+RUN mkdir -p /opt/app-root/extensions-temp && \
+    code-server --install-extension /opt/app-root/bin/utils/ms-python.python-2025.2.0.vsix --extensions-dir /opt/app-root/extensions-temp && \
+    code-server --install-extension /opt/app-root/bin/utils/ms-toolsai.jupyter-2025.2.0.vsix --extensions-dir /opt/app-root/extensions-temp
+
+# Install NGINX to proxy code-server and pass probes check
+ENV NGINX_VERSION=1.24 \
+    NGINX_SHORT_VER=124 \
+    NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \
+    NGINX_CONF_PATH=/etc/nginx/nginx.conf \
+    NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \
+    NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \
+    NGINX_APP_ROOT=${APP_ROOT} \
+    NGINX_LOG_PATH=/var/log/nginx \
+    NGINX_PERL_MODULE_PATH=${APP_ROOT}/etc/perl
+
+# Modules does not exist
+RUN yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    INSTALL_PKGS="bind-utils nginx nginx-mod-stream nginx-mod-http-perl fcgiwrap initscripts chkconfig supervisor" && \
+    yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum -y clean all --enablerepo='*'
+
+COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Copy extra files to the image.
+COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/nginx/root/ /
+
+# Changing ownership and user rights to support following use-cases:
+# 1) running container on OpenShift, whose default security model
+#    is to run the container under random UID, but GID=0
+# 2) for working root-less container with UID=1001, which does not have
+#    to have GID=0
+# 3) for default use-case, that is running container directly on operating system,
+#    with default UID and GID (1001:0)
+# Supported combinations of UID:GID are thus following:
+# UID=1001 && GID=0
+# UID=<any>&& GID=0
+# UID=1001 && GID=<any>
+RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \
+    mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \
+    mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \
+    mkdir -p ${NGINX_APP_ROOT}/api/ && \
+    mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
+    mkdir -p ${NGINX_LOG_PATH} && \
+    mkdir -p ${NGINX_PERL_MODULE_PATH} && \
+    chown -R 1001:0 ${NGINX_CONF_PATH} && \
+    chown -R 1001:0 ${NGINX_APP_ROOT}/etc && \
+    chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
+    chown -R 1001:0 /var/lib/nginx /var/log/nginx /run && \
+    chmod    ug+rw  ${NGINX_CONF_PATH} && \
+    chmod -R ug+rwX ${NGINX_APP_ROOT}/etc && \
+    chmod -R ug+rwX ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
+    chmod -R ug+rwX /var/lib/nginx /var/log/nginx /run && \
+    rpm-file-permissions && \
+    # Ensure the temporary directory and target directory have the correct permissions
+    mkdir -p /opt/app-root/src/.local/share/code-server/extensions && \
+    mkdir -p /opt/app-root/src/.local/share/code-server/coder-logs && \
+    chown -R 1001:0 /opt/app-root/src/.local/share/code-server && \
+    chown -R 1001:0 /opt/app-root/extensions-temp && \
+    chown -R 1001:0 /opt/app-root/src/.config/code-server
+
+## Configure nginx
+COPY ${CODESERVER_SOURCE_CODE}/nginx/serverconf/ /opt/app-root/etc/nginx.default.d/
+COPY ${CODESERVER_SOURCE_CODE}/nginx/httpconf/ /opt/app-root/etc/nginx.d/
+COPY ${CODESERVER_SOURCE_CODE}/nginx/api/ /opt/app-root/api/
+
+# Launcher
+COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/run-code-server.sh ${CODESERVER_SOURCE_CODE}/run-nginx.sh ./
+
+ENV SHELL=/bin/bash
+
+ENV PYTHONPATH=/opt/app-root/bin/python3
+
+USER 1001
+
+# Install usefull packages from Pipfile.lock
+COPY ${CODESERVER_SOURCE_CODE}/Pipfile.lock ./
+
+# Install packages and cleanup
+RUN echo "Installing softwares and packages" && \
+    micropipenv install && \
+    rm -f ./Pipfile.lock && \
+    # Fix permissions to support pip in Openshift environments \
+    chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
+    fix-permissions /opt/app-root -P
+
+WORKDIR /opt/app-root/src
+
+CMD ["/opt/app-root/bin/run-code-server.sh"]

codeserver/ubi9-python-3.12/Pipfile

@@ -0,0 +1,39 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[[source]]
+name = "pytorch"
+url = "https://download.pytorch.org/whl/cu118"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+# Base packages
+wheel = "~=0.45.1"
+setuptools = "~=78.1.1"
+
+# Datascience packages
+boto3 = "~=1.37.8"
+kafka-python-ng = "~=2.2.3"
+matplotlib = "~=3.10.1"
+numpy = "~=2.2.3"
+pandas = "~=2.2.3"
+plotly = "~=6.0.0"
+scikit-learn = "~=1.6.1"
+scipy = "~=1.15.2"
+skl2onnx = "~=1.18.0"
+ipykernel = "~=6.29.5"
+kubeflow-training = "==1.9.2"
+
+# Some extra useful packages
+opencensus = "~=0.11.4"
+smart-open = "~=7.0.1"
+virtualenv = "~=20.29.3"
+py-spy = "~=0.4.0"
+prometheus-client = "~=0.21.1"
+
+[requires]
+python_version = "3.12"