remove entrypoint in the container

[ypriverol]

PR Type

Enhancement, Documentation

---

Description

• Removed ENTRYPOINT and CMD directives for flexibility

• Restructured Dockerfile with organized sections

• Enhanced metadata labels following best practices

• Changed working directory from /app to /data/

• Disabled numba caching to prevent containerization issues

• Improved code comments and documentation

---

Diagram Walkthrough

flowchart LR
  A["Original Dockerfile"] -->|Remove ENTRYPOINT/CMD| B["Flexible Container"]
  A -->|Add Metadata Labels| C["Enhanced Documentation"]
  A -->|Restructure Sections| D["Better Organization"]
  A -->|Disable Numba Cache| E["Fix Container Issues"]
  A -->|Change WORKDIR| F["/data/ Directory"]

Loading

File Walkthrough

Relevant files

Enhancement

Dockerfile Restructure Dockerfile with metadata and remove entrypoint Dockerfile Removed ENTRYPOINT and CMD directives to allow flexible command execution Added comprehensive metadata labels following container best practices (base_image, version, software, license, tags) Reorganized file into logical sections with clear comments (BASE IMAGE, METADATA, MAINTAINER, INSTALLATION) Changed WORKDIR from /app to /data/ Replaced NUMBA_CACHE_DIR with NUMBA_DISABLE_CACHING=1 to prevent caching issues in containers Added DEBIAN_FRONTEND=noninteractive environment variable Improved inline comments explaining rationale for configuration choices +32/-20

---

Summary by CodeRabbit

• Chores

  • Updated Docker container configuration with reorganized metadata labels, environment variable settings, modified working directory location, and streamlined installation steps.

• Style

  • Added trailing newlines and formatting adjustments to test and configuration files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request performs cleanup and restructuring: whitespace normalization across test files and workflow configuration, combined with significant Dockerfile reorganization including metadata labels, environment variables, working directory change, and removal of default container entrypoints.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/tests.yml	Added trailing newline for consistency.
Container Configuration Dockerfile	Reorganized into metadata, maintainer, and installation sections. Added multiple LABELs (base_image, version, software, software.version, about.*). Changed WORKDIR from /app to /data/. Introduced environment variables (DEBIAN_FRONTEND=noninteractive, NUMBA_DISABLE_CACHING=1). Split apt-get installation steps with explicit frontend setting. Adjusted copy/install sequence for requirements.txt, pyproject.toml, and pyspectrafuse/. Removed ENTRYPOINT and CMD directives.
Test Documentation & Initialization tests/README.md, tests/__init__.py	Added trailing newlines; formatting only.
Test Files tests/test_msp_utils.py, tests/test_parquet_utils.py, tests/test_sdrf_utils.py	Added trailing newlines; formatting only.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• PR #5: Modifies Dockerfile with NUMBA caching settings and entrypoint/CMD adjustments alongside test/workflow file edits.
• PR #4: Restructures Dockerfile metadata, labels, working directory, and entrypoint/CMD configuration.

Suggested labels

Review effort 3/5

Poem

🐰 Hopping through whitespace, with care and delight,
Files now aligned, all tidy and right!
Labels and paths in the Dockerfile bloom,
A cozy new structure in /data/ room!
No more default commands—let users decide,
Fresh configuration, with NUMBA as guide! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'remove entrypoint in the container' directly describes one of the main changes in the Dockerfile, but the PR involves significantly more modifications including metadata restructuring, WORKDIR changes, environment variable additions, and documentation updates to the Dockerfile, plus formatting changes across multiple test files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Unpinned dependencies Description: The container build relies on mutable/unpinned dependencies (e.g., FROM python:3.10-slim and apt-get install without version pinning, plus pip install -r requirements.txt with unknown pinning), which can lead to supply-chain risk and non-reproducible builds if upstream packages/images change or are compromised. Dockerfile [2-41] Referred Code FROM python:3.10-slim ################## METADATA ###################### LABEL base_image="python:3.10-slim" LABEL version="1" LABEL software="pyspectrafuse" LABEL software.version="0.0.2" LABEL about.summary="pyspectrafuse - Command-line utilities for spectrum clustering and conversion" LABEL about.home="https://github.com/bigbio/pyspectrafuse" LABEL about.documentation="https://github.com/bigbio/pyspectrafuse" LABEL about.license_file="https://github.com/bigbio/pyspectrafuse/blob/master/LICENSE" LABEL about.license="SPDX:Apache-2.0" LABEL about.tags="Proteomics,Multiomics,QuantMS" ################## MAINTAINER ###################### MAINTAINER Yasset Perez-Riverol <ypriverol@gmail.com> ################## INSTALLATION ###################### ENV DEBIAN_FRONTEND=noninteractive ... (clipped 19 lines)
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Do not use /data as WORKDIR The suggestion advises against setting the WORKDIR to /data/. This directory is conventionally used for mounting user data, and doing so would cause the application code to be overwritten when a data volume is mounted, breaking the container. Examples: Dockerfile [34-45] WORKDIR /data/ ## Copy requirements first for better caching COPY requirements.txt . ## Install Python dependencies RUN pip install --no-cache-dir --upgrade pip && \ pip install --no-cache-dir -r requirements.txt ## Copy project files ... (clipped 2 lines) Solution Walkthrough: Before: ... ## Update and install packages RUN apt-get update -y && \ apt-get install -y --no-install-recommends \ build-essential \ && rm -rf /var/lib/apt/lists/* ## Set working directory WORKDIR /data/ ## Copy requirements first for better caching COPY requirements.txt . ... ## Copy project files COPY pyproject.toml . COPY pyspectrafuse/ ./pyspectrafuse/ ... After: ... ## Update and install packages RUN apt-get update -y && \ apt-get install -y --no-install-recommends \ build-essential \ && rm -rf /var/lib/apt/lists/* ## Set working directory WORKDIR /app ## Copy requirements first for better caching COPY requirements.txt . ... ## Copy project files COPY pyproject.toml . COPY pyspectrafuse/ ./pyspectrafuse/ ... Suggestion importance[1-10]: 10 __ Why: This suggestion correctly identifies a critical design flaw; using /data as the WORKDIR breaks the standard containerization practice of mounting data volumes, which would overwrite the application code and render the container unusable.	High
Security	Add non-root user Enhance container security by adding and switching to a non-root user to avoid running the application with root privileges. Dockerfile [34] WORKDIR /data/ +RUN useradd --system --user-group appuser && \ + chown -R appuser:appuser /data +USER appuser Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion addresses a critical security best practice by proposing to create and switch to a non-root user, significantly reducing the container's attack surface.	Medium
General	Use standard instead of editable install Replace the editable package installation (pip install -e .) with a standard installation (pip install .) for a production-ready Docker image. Dockerfile [47-48] ## Install the package -RUN pip install --no-cache-dir -e . +RUN pip install --no-cache-dir . Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out that using an editable install (-e) is not a best practice for production Docker images, and a standard install is more appropriate for a cleaner build.	Medium
	Replace deprecated MAINTAINER Replace the deprecated MAINTAINER instruction with the recommended LABEL syntax for specifying maintainer information. Dockerfile [17] -MAINTAINER Yasset Perez-Riverol <ypriverol@gmail.com> +LABEL maintainer="Yasset Perez-Riverol <ypriverol@gmail.com>" Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies the use of the deprecated MAINTAINER instruction and proposes replacing it with the modern LABEL syntax, which aligns with current Docker best practices.	Low
More

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @Dockerfile:
- Around line 16-17: Replace the deprecated MAINTAINER instruction by removing
the MAINTAINER Yasset Perez-Riverol <ypriverol@gmail.com> line and add an
equivalent LABEL maintainer="Yasset Perez-Riverol <ypriverol@gmail.com>" entry
instead; ensure the LABEL uses the maintainer key and includes the same name and
email so metadata is preserved.

🧹 Nitpick comments (3)

Dockerfile (3)

4-14: LGTM! Comprehensive container metadata.

The metadata labels follow best practices and provide comprehensive information about the container. The SPDX license identifier and structured about.* fields are particularly well done.

Optional: Combine LABELs for layer optimization

You could combine all LABEL directives into a single multi-line directive to reduce the number of layers:

-LABEL base_image="python:3.10-slim"
-LABEL version="1"
-LABEL software="pyspectrafuse"
-LABEL software.version="0.0.2"
-LABEL about.summary="pyspectrafuse - Command-line utilities for spectrum clustering and conversion"
-LABEL about.home="https://github.com/bigbio/pyspectrafuse"
-LABEL about.documentation="https://github.com/bigbio/pyspectrafuse"
-LABEL about.license_file="https://github.com/bigbio/pyspectrafuse/blob/master/LICENSE"
-LABEL about.license="SPDX:Apache-2.0"
-LABEL about.tags="Proteomics,Multiomics,QuantMS"
+LABEL base_image="python:3.10-slim" \
+      version="1" \
+      software="pyspectrafuse" \
+      software.version="0.0.2" \
+      about.summary="pyspectrafuse - Command-line utilities for spectrum clustering and conversion" \
+      about.home="https://github.com/bigbio/pyspectrafuse" \
+      about.documentation="https://github.com/bigbio/pyspectrafuse" \
+      about.license_file="https://github.com/bigbio/pyspectrafuse/blob/master/LICENSE" \
+      about.license="SPDX:Apache-2.0" \
+      about.tags="Proteomics,Multiomics,QuantMS"

This is a minor optimization and the current format is perfectly acceptable.

---

44-49: Consider non-editable install for production containers.

The editable install (-e) is typically used for development where source code changes should be reflected immediately. For production containers, a regular install is more appropriate since the source code is baked into the image.

📦 Recommended change for production

 ## Install the package
-RUN pip install --no-cache-dir -e .
+RUN pip install --no-cache-dir .

If this container is intended for development purposes, the editable install is fine. Otherwise, consider switching to a non-editable install.

---

1-50: Consider adding a non-root USER directive.

The container currently runs as root, which is a security concern for production deployments. Consider adding a non-root user for running the application.

🔒 Recommended security enhancement

Add these lines before the final installation steps:

## Create non-root user
RUN useradd -m -u 1000 pyspectrafuse && \
    chown -R pyspectrafuse:pyspectrafuse /data/

USER pyspectrafuse

Then adjust the installation steps if needed to ensure the user has appropriate permissions.

Additionally, since the ENTRYPOINT and CMD directives were removed (per PR objectives), please ensure the container usage documentation clearly explains how to run the container and execute pyspectrafuse commands.

Please confirm that documentation has been updated to show users how to run the container without default entrypoints, for example:

docker run pyspectrafuse <command>

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ecad6c and 069eb0a.

📒 Files selected for processing (7)

• .github/workflows/tests.yml
• Dockerfile
• tests/README.md
• tests/__init__.py
• tests/test_msp_utils.py
• tests/test_parquet_utils.py
• tests/test_sdrf_utils.py

🧰 Additional context used

🪛 Hadolint (2.14.0)

Dockerfile

[error] 17-17: MAINTAINER is deprecated

(DL4000)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test (ubuntu-latest, 3.9)
• GitHub Check: test (ubuntu-latest, 3.10)
• GitHub Check: test (ubuntu-latest, 3.11)
• GitHub Check: test (ubuntu-latest, 3.8)

🔇 Additional comments (5)

Dockerfile (5)

1-2: LGTM! Clear section organization.

The section header improves readability and the slim Python image is an appropriate choice for minimizing container size.

---

19-25: LGTM! Proper container environment configuration.

Both environment variables are correctly configured for containerized environments:

• DEBIAN_FRONTEND=noninteractive prevents interactive prompts during package installation
• NUMBA_DISABLE_CACHING=1 avoids caching issues specific to containers

The explanatory comment for NUMBA is particularly helpful for future maintainers.

---

27-32: LGTM! Follows Docker best practices.

The apt-get installation follows Docker best practices:

• Combined into a single RUN command to minimize layers
• Uses --no-install-recommends to reduce image size
• Cleans up apt lists to further reduce image size

The procps package (which provides ps, top, etc.) was added. Please verify this is required for your use case, as it adds to the image size. If it's only needed for debugging, you might consider removing it from production images.

---

34-35: Document the WORKDIR change.

The working directory change from /app to /data/ is a breaking change for users who:

• Mount volumes at /app
• Reference /app in their container orchestration
• Have scripts that assume /app as the working directory

Please ensure this change is clearly documented in:

• Release notes or CHANGELOG
• README or container usage documentation
• Any migration guides

This will help users update their container configurations accordingly.

---

37-42: LGTM! Excellent layer caching strategy.

Copying requirements.txt first and installing dependencies before copying application code is a best practice that optimizes Docker's layer caching. The --no-cache-dir flags appropriately reduce the image size.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Replace deprecated MAINTAINER directive.

The MAINTAINER instruction has been deprecated in favor of using LABEL maintainer. While it still works, using the modern syntax aligns with current Docker best practices.

📦 Proposed fix

-################## MAINTAINER ######################
-MAINTAINER Yasset Perez-Riverol <ypriverol@gmail.com>
+################## MAINTAINER ######################
+LABEL maintainer="Yasset Perez-Riverol <ypriverol@gmail.com>"

Based on static analysis hints.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	################## MAINTAINER ######################
	MAINTAINER Yasset Perez-Riverol <ypriverol@gmail.com>
	################## MAINTAINER ######################
	LABEL maintainer="Yasset Perez-Riverol <ypriverol@gmail.com>"

🧰 Tools

🪛 Hadolint (2.14.0)

[error] 17-17: MAINTAINER is deprecated

(DL4000)

🤖 Prompt for AI Agents

In @Dockerfile around lines 16 - 17, Replace the deprecated MAINTAINER
instruction by removing the MAINTAINER Yasset Perez-Riverol
<ypriverol@gmail.com> line and add an equivalent LABEL maintainer="Yasset
Perez-Riverol <ypriverol@gmail.com>" entry instead; ensure the LABEL uses the
maintainer key and includes the same name and email so metadata is preserved.