From dc25f3f39c59a872e9282de1c9e96eda8cdbdd9a Mon Sep 17 00:00:00 2001
From: Tom Kaltenbrunner <tom@comexos.com>
Date: Wed, 8 Oct 2025 14:50:31 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=9A(docker)=20use=20static=20path=20fo?=
 =?UTF-8?q?r=20certifi=20ca=20certificate?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The certifi ca certificate is now stored under a static path
(/cert/cacert.pem) to avoid issues when python is upgraded and the path
to the certificate changes.
---
 Dockerfile                                    | 8 ++++++++
 docs/examples/helm/impress.values.yaml        | 2 +-
 src/helm/env.d/dev/values.impress.yaml.gotmpl | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 90b68476..c9b574e6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -94,6 +94,14 @@ RUN chmod g=u /etc/passwd
 # Copy installed python dependencies
 COPY --from=back-builder /install /usr/local
 
+# Link certifi certificate from a static path /cert/cacert.pem to avoid issues
+# when python is upgraded and the path to the certificate changes.
+# The space between print and the ( is intended otherwise the git lint is failing
+RUN mkdir /cert && \
+    path=`python -c 'import certifi;print (certifi.where())'` && \
+    mv $path /cert/ && \
+    ln -s /cert/cacert.pem $path
+
 # Copy impress application (see .dockerignore)
 COPY ./src/backend /app/
 
diff --git a/docs/examples/helm/impress.values.yaml b/docs/examples/helm/impress.values.yaml
index 3d8c41f2..7ffe5bf8 100644
--- a/docs/examples/helm/impress.values.yaml
+++ b/docs/examples/helm/impress.values.yaml
@@ -82,7 +82,7 @@ backend:
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false
   extraVolumeMounts:
     - name: certs
-      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
+      mountPath: /cert/cacert.pem
       subPath: cacert.pem
 
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false
diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl
index 9015258f..f8b6a6e5 100644
--- a/src/helm/env.d/dev/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl
@@ -114,7 +114,7 @@ backend:
   # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
   extraVolumeMounts:
     - name: certs
-      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
+      mountPath: /cert/cacert.pem
       subPath: cacert.pem
 
   # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false