Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(ci): remove unused PYTHON_VERSION ARG from Dockerfile#2153

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/ci-dockerfile-remove-unused-python-arg
May 12, 2026
Merged

chore(ci): remove unused PYTHON_VERSION ARG from Dockerfile#2153
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/ci-dockerfile-remove-unused-python-arg

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

Dockerfile:3 declares ARG PYTHON_VERSION=3.11 but the FROM line on the next row hardcodes python:3.11-slim@sha256:9358... directly. The ARG is never referenced — it is dead syntax that misleads readers into thinking the Python version is parameterized when it is not.

Change

Replace the dangling ARG PYTHON_VERSION with a comment explaining why the version is pinned at the FROM line. The image tag + digest is the single source of truth for reproducibility; an ARG without a corresponding FROM python:${PYTHON_VERSION} interpolation contributes nothing.

No build-time behavior change — the resulting image is byte-identical.

Verification

  • Diff is a comment swap; no FROM/RUN/ENV lines touched.
  • docker build against the resulting Dockerfile produces the same image (same FROM digest pin, same build stages).

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Infrastructure/CI].

The top-level `ARG PYTHON_VERSION=3.11` was never referenced. The FROM
line hardcodes `python:3.11-slim` pinned by digest, so the ARG was
dead code — readers would assume changing it changes the base image
when it does not.

Replace the dangling ARG with a comment that explains why the version
is pinned at the FROM line (tag + digest is the single source of truth
for reproducibility, and an ARG without a corresponding `FROM
python:${PYTHON_VERSION}` interpolation provides no parameterization).

No build-time behavior change — the resulting image is identical.
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

Documentation is in sync.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: No blockers, 0 warnings. Clean change.

# Sev Issue Where
1 LOW Removed unused ARG for clarity Dockerfile

No action items needed.

Warnings: None. Fine as follow-up PRs.

@github-actions github-actions Bot added the size/XS Extra small PR (< 10 lines) label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — View details

Test coverage looks good. No gaps identified.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — View details

No breaking changes detected.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ✅ Passed No issues found
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Passed No issues found
📝 Docs Sync ✅ Passed No issues found
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ✅ Ready for human review

@imran-siddique imran-siddique merged commit b200ca2 into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…t#2153)

The top-level `ARG PYTHON_VERSION=3.11` was never referenced. The FROM
line hardcodes `python:3.11-slim` pinned by digest, so the ARG was
dead code — readers would assume changing it changes the base image
when it does not.

Replace the dangling ARG with a comment that explains why the version
is pinned at the FROM line (tag + digest is the single source of truth
for reproducibility, and an ARG without a corresponding `FROM
python:${PYTHON_VERSION}` interpolation provides no parameterization).

No build-time behavior change — the resulting image is identical.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk size/XS Extra small PR (< 10 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants