/usr/lib64/python3.12/tarfile.py:2253: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details.
  warnings.warn(

# cat Dockerfile
from redhat/ubi8:latest

ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \
    python39 python39-pip python39-setuptools \
    python3.11 python3.11-pip python3.11-setuptools \
    python3.12 python3.12-pip python3.12-setuptools \
    readline \
    libffi-devel libyaml-devel openssl-devel make bzip2 autoconf curl sqlite-devel xz"
ENV INSTALL_CENTOS_PKGS="readline-devel bison automake libtool"

RUN sh -c "rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm || true"

COPY python_requirements /tmp/requirements.txt

RUN dnf -y install $INSTALL_PKGS

# Upgrade pip
RUN pip3.9 install virtualenv pycodestyle \
    && pip3.11 install virtualenv pycodestyle \
    && pip3.12 install virtualenv pycodestyle \
    && alternatives --set python /usr/bin/python3.12 \
    && alternatives --set python3 /usr/bin/python3.12

# Upgrade pip
RUN pip3 install --upgrade pip \
    && pip3 -V \
    && pip3 install virtualenv pycodestyle \
    && pip3.9 install virtualenv pycodestyle \
    && pip3.11 install virtualenv pycodestyle \
    && pip3.12 install virtualenv pycodestyle \
    && alternatives --set python /usr/bin/python3.12 \
    && alternatives --set python3 /usr/bin/python3.12

# Install python requirements
RUN python3.9 -m pip install -r /tmp/requirements.txt \
    && python3.11 -m pip install -r /tmp/requirements.txt \
    && python3.12 -m pip install -r /tmp/requirements.txt

pre-commit~=3.8.0

---
fail_fast: true

repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.4
    hooks:
      - id: gitleaks