python-container
Create Python Dockerfiles using Optum golden images and the standard multi-stage build pattern. Use when asked to author or update Dockerfiles for Python services that must comply with Optum golden image standards.
Python Container (Optum Golden Images)
Use this skill when the user wants a Dockerfile for a Python app that must follow Optum golden image standards.
Workflow
- Confirm the app entrypoint, port, and dependency file (usually
requirements.txt). - Determine the current supported Python image tags before choosing a build and runtime base image.
- Start from the Optum golden images:
- Default floating tags:
- Build stage:
edgeinternal1uhg.optum.com:443/glb-docker-uhg-loc/uhg-goldenimages/python:3.14-latest-dev - Runtime stage:
edgeinternal1uhg.optum.com:443/glb-docker-uhg-loc/uhg-goldenimages/python:3.14-latest
- Build stage:
- When you need to pin to the current supported Python major.minor, use the discovery steps below and prefer versioned tags such as
python:3.14-latest-devandpython:3.14-latest.
- Default floating tags:
- Use multi-stage build, install deps with
pip --userin builder, and copy/home/nonroot/.localinto runtime. - Set
WORKDIR /app, copy app code, and setENV PATH=/home/nonroot/.local/bin:$PATH. - Run as the default non-root user in the golden image (avoid
USER root). - Add
EXPOSEandENTRYPOINT/CMDbased on the app’s server. - Optional: add a healthcheck if the service exposes a simple HTTP endpoint.
Find Latest Python Image Version
Use the scripts in scripts/ to inspect the Golden Image Navigator API directly.
- Run
scripts/01-python-product.shto list supported Python versions. - Choose the highest supported concrete version instead of relying on
search=python. - Use the matching concrete image scripts to verify the exact runtime and build tags:
scripts/02-python-image-3.14-latest.shscripts/03-python-image-3.14-latest-dev.shscripts/08-python-image-3.13-latest.shscripts/09-python-image-3.13-latest-dev.sh
- Use the floating tag scripts only when you explicitly want the tracked aliases:
scripts/04-python-image-latest.shscripts/05-python-image-latest-dev.sh
- Run
scripts/06-python-image-3.14-slim-latest.shonly as a support check. The current API response shows that tag as unsupported, so it should not be used as a runtime base. - Run
scripts/07-python-image-search.shonly for exploration. It is useful for discovering the current tag set, but the product endpoint is the authoritative source for picking the latest supported concrete version.
Current API behavior discovered from these scripts:
/api/products/pythonreturns supported versions3.14,3.13,3.12,3.11,3.10, andlatest.- The highest supported concrete Python version is currently
3.14. - The concrete tags currently verified are
3.14-latestand3.14-latest-dev. - The floating aliases
latestandlatest-devare tracked tags, but they are separate API entries from3.14-latestand3.14-latest-dev. - The current
python:3.14-slim-latestendpoint responds, but it is markedis_supported: falsewithimage_status: UNKNOWN, so do not select it.
Recommended selection flow:
- Query
/api/products/python. - Pick the highest supported non-
latestversion. - Use
<version>-latestfor runtime and<version>-latest-devfor the build stage. - Treat slim variants as opt-in only after confirming they are supported for the selected version.
Template
Use templates/Dockerfile.template as the starting point and adjust:
- files copied into
/app - port and entrypoint
- dependency install command if not using
pip install --user -r requirements.txt - healthcheck (include only if the user asks or if a clear endpoint exists)
References
../../instructions/docker.instructions.md ../../instructions/optum-golden-containers.instructions.md
Related Assets
golden-container
Create Dockerfiles for any technology using Optum golden images. Covers the Golden Image Navigator API, multi-stage build pattern, tag conventions, and version discovery for every product in the golden image catalog. Use when asked to containerize an application regardless of language or runtime.
Owner: pcorazao
node-container
Create Node.js Dockerfiles using Optum golden images and the standard multi-stage build pattern. Use when asked to author or update Dockerfiles for Node.js services that must comply with Optum golden image standards.
Owner: pcorazao

