From 0a17290fd5c0027aa579d49202119398cdf51386 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 07:35:06 +0000
Subject: [PATCH 1/8] Initial plan


From e670bc02d19db3fbb5e06145f0bf81316cba66dc Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 07:39:35 +0000
Subject: [PATCH 2/8] feat: use miniforge base image and remove installer step

Agent-Logs-Url: https://github.com/precimed/container_template/sessions/a8f9b07a-df41-455d-94de-14694901f414

Co-authored-by: espenhgn <2492641+espenhgn@users.noreply.github.com>
---
 docker/dockerfiles/container_template/Dockerfile |  4 +---
 tests/test_container_template.py                 | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/docker/dockerfiles/container_template/Dockerfile b/docker/dockerfiles/container_template/Dockerfile
index 6686d67..599457d 100644
--- a/docker/dockerfiles/container_template/Dockerfile
+++ b/docker/dockerfiles/container_template/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:24.04
+FROM quay.io/condaforge/miniforge3:26.1.1-3
 
 ENV TZ=Europe
 ENV DEBIAN_FRONTEND=noninteractive
@@ -10,8 +10,6 @@ RUN bash apt_get_essential.sh && \
 
 
 WORKDIR /tmp
-COPY /scripts/install_miniforge3.sh .
-RUN bash install_miniforge3.sh
 COPY /scripts/environment.yml .
 RUN mamba env update --name base --file environment.yml && \
     conda clean --all --yes && \
diff --git a/tests/test_container_template.py b/tests/test_container_template.py
index 1e50208..6071f2e 100644
--- a/tests/test_container_template.py
+++ b/tests/test_container_template.py
@@ -77,6 +77,20 @@ def test_container_template_python_script():
     assert out.returncode == 0
 
 
+def test_container_template_dockerfile_base_image_and_env_install():
+    """test that Dockerfile uses miniforge base image and environment.yml"""
+    dockerfile = os.path.join(
+        cwd, 'docker', 'dockerfiles', 'container_template', 'Dockerfile'
+    )
+    with open(dockerfile, 'r', encoding='utf-8') as f:
+        content = f.read()
+
+    assert 'FROM quay.io/condaforge/miniforge3:26.1.1-3' in content
+    assert 'COPY /scripts/install_miniforge3.sh .' not in content
+    assert 'RUN bash install_miniforge3.sh' not in content
+    assert 'mamba env update --name base --file environment.yml' in content
+
+
 def test_container_template_python_script_from_tempdir():
     '''test that the tempdir is working'''
     with tempfile.TemporaryDirectory() as d:

From 3ac8795cf597980696345f75f64d7c3fc25343bb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 07:40:56 +0000
Subject: [PATCH 3/8] test: centralize expected miniforge base image string

Agent-Logs-Url: https://github.com/precimed/container_template/sessions/a8f9b07a-df41-455d-94de-14694901f414

Co-authored-by: espenhgn <2492641+espenhgn@users.noreply.github.com>
---
 tests/test_container_template.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/test_container_template.py b/tests/test_container_template.py
index 6071f2e..38bc3d2 100644
--- a/tests/test_container_template.py
+++ b/tests/test_container_template.py
@@ -19,6 +19,7 @@
 # This may be useful for testing on a local machine, but should
 # be revised for the particular usecase.
 cwd = os.getcwd()
+EXPECTED_CONTAINER_BASE_IMAGE = 'quay.io/condaforge/miniforge3:26.1.1-3'
 try:
     pth = os.path.join('containers', 'container_template.sif')
     try:
@@ -85,7 +86,7 @@ def test_container_template_dockerfile_base_image_and_env_install():
     with open(dockerfile, 'r', encoding='utf-8') as f:
         content = f.read()
 
-    assert 'FROM quay.io/condaforge/miniforge3:26.1.1-3' in content
+    assert f'FROM {EXPECTED_CONTAINER_BASE_IMAGE}' in content
     assert 'COPY /scripts/install_miniforge3.sh .' not in content
     assert 'RUN bash install_miniforge3.sh' not in content
     assert 'mamba env update --name base --file environment.yml' in content

From 38fb62217d67eef7b187c79a7bff334da4741317 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 07:41:44 +0000
Subject: [PATCH 4/8] test: focus Dockerfile check on desired configuration

Agent-Logs-Url: https://github.com/precimed/container_template/sessions/a8f9b07a-df41-455d-94de-14694901f414

Co-authored-by: espenhgn <2492641+espenhgn@users.noreply.github.com>
---
 tests/test_container_template.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/test_container_template.py b/tests/test_container_template.py
index 38bc3d2..c2dc0d1 100644
--- a/tests/test_container_template.py
+++ b/tests/test_container_template.py
@@ -87,8 +87,6 @@ def test_container_template_dockerfile_base_image_and_env_install():
         content = f.read()
 
     assert f'FROM {EXPECTED_CONTAINER_BASE_IMAGE}' in content
-    assert 'COPY /scripts/install_miniforge3.sh .' not in content
-    assert 'RUN bash install_miniforge3.sh' not in content
     assert 'mamba env update --name base --file environment.yml' in content
 
 

From 729242a23123116f878b7bbeafb9461dfa3d9ded Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 07:49:20 +0000
Subject: [PATCH 5/8] refactor: remove apt_get_essential bootstrap step

Agent-Logs-Url: https://github.com/precimed/container_template/sessions/6b8a27f7-09f0-4e12-b862-6b4b58825868

Co-authored-by: espenhgn <2492641+espenhgn@users.noreply.github.com>
---
 docker/dockerfiles/container_template/Dockerfile |  6 ------
 docker/scripts/apt_get_essential.sh              | 11 -----------
 2 files changed, 17 deletions(-)
 delete mode 100644 docker/scripts/apt_get_essential.sh

diff --git a/docker/dockerfiles/container_template/Dockerfile b/docker/dockerfiles/container_template/Dockerfile
index 599457d..30fdd89 100644
--- a/docker/dockerfiles/container_template/Dockerfile
+++ b/docker/dockerfiles/container_template/Dockerfile
@@ -3,12 +3,6 @@ FROM quay.io/condaforge/miniforge3:26.1.1-3
 ENV TZ=Europe
 ENV DEBIAN_FRONTEND=noninteractive
 
-WORKDIR /tmp
-COPY /scripts/apt_get_essential.sh .
-RUN bash apt_get_essential.sh && \
-    rm apt_get_essential.sh
-
-
 WORKDIR /tmp
 COPY /scripts/environment.yml .
 RUN mamba env update --name base --file environment.yml && \
diff --git a/docker/scripts/apt_get_essential.sh b/docker/scripts/apt_get_essential.sh
deleted file mode 100644
index 515cebc..0000000
--- a/docker/scripts/apt_get_essential.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -eou pipefail
-
-apt-get update && apt-get install -y  --no-install-recommends \
-    apt-utils=2.7.14build2 \
-    ca-certificates=20240203 \
-    curl=8.5.0-2ubuntu10.6 \
-    && \
-    update-ca-certificates && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*

From 690563714e7eacea9ad8473eb5f08faac36b6e0c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 21 Apr 2026 08:02:34 +0000
Subject: [PATCH 6/8] fix: bump pandas pin for python 3.13 compatibility

Agent-Logs-Url: https://github.com/precimed/container_template/sessions/c2b57215-4cee-4cde-8b21-82ab3f8b0d7d

Co-authored-by: espenhgn <2492641+espenhgn@users.noreply.github.com>
---
 docker/scripts/environment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/scripts/environment.yml b/docker/scripts/environment.yml
index 9975938..d3f915a 100644
--- a/docker/scripts/environment.yml
+++ b/docker/scripts/environment.yml
@@ -4,7 +4,7 @@ dependencies:
   - jupyterlab=4.2.5
   - matplotlib=3.9.2
   - numpy=2.1.1
-  - pandas=2.2.2
+  - pandas=2.2.3
   - scikit-learn=1.5.2
   - scipy=1.14.1
   - seaborn=0.13.2

From 9150d389a11847a5996f36653dbbae20ead2d9d1 Mon Sep 17 00:00:00 2001
From: Espen Hagen <2492641+espenhgn@users.noreply.github.com>
Date: Tue, 21 Apr 2026 10:26:53 +0200
Subject: [PATCH 7/8] Update Anchore scan action to version 7

---
 .github/workflows/container_build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/container_build.yml b/.github/workflows/container_build.yml
index af76314..8eb1661 100644
--- a/.github/workflows/container_build.yml
+++ b/.github/workflows/container_build.yml
@@ -66,7 +66,7 @@ jobs:
 
       - name: Scan image
         id: anchor_scan
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v7
         with:
           image: ${{ env.LATEST_TAG }}
           fail-build: true

From 84a5f976cc62e720f5835538c4b44031c09e4474 Mon Sep 17 00:00:00 2001
From: Espen Hagen <2492641+espenhgn@users.noreply.github.com>
Date: Tue, 21 Apr 2026 10:34:28 +0200
Subject: [PATCH 8/8] Change Anchore scan settings to not fail build

---
 .github/workflows/container_build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container_build.yml b/.github/workflows/container_build.yml
index 8eb1661..6378487 100644
--- a/.github/workflows/container_build.yml
+++ b/.github/workflows/container_build.yml
@@ -69,9 +69,9 @@ jobs:
         uses: anchore/scan-action@v7
         with:
           image: ${{ env.LATEST_TAG }}
-          fail-build: true
+          fail-build: false
           output-format: table
-          severity-cutoff: high
+          severity-cutoff: critical
 
       # - name: Inspect scan action table report
       #   run: cat ${{ steps.anchor_scan.outputs.sarif }}