From 99a166ac7d63d7f10059de9f24a8bd60b0cb93b8 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 19:01:50 +0000 Subject: [PATCH 1/7] feat: create synthtool/synthtool only image --- Dockerfile | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..583e60645 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM python:3.10.6-buster + +COPY . /synthtool/ + +WORKDIR /synthtool +# remove postprocessor images +RUN rm -rdf /synthtool/docker + +RUN python3 -m pip install --no-deps -e . +ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" +CMD [ "python", "/workspace/owlbot.py" ] From d1fdafe100d6ea1c31731d1c046e6ea2fc4989b5 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 19:21:49 +0000 Subject: [PATCH 2/7] use python 3 --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 583e60645..41fc01983 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,5 +21,8 @@ WORKDIR /synthtool RUN rm -rdf /synthtool/docker RUN python3 -m pip install --no-deps -e . + +WORKDIR /workspace + ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" -CMD [ "python", "/workspace/owlbot.py" ] +CMD [ "python3", "/workspace/owlbot.py" ] From 13d5821c3d9dbf5cc654cf3d3616230b11b32391 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 19:29:52 +0000 Subject: [PATCH 3/7] fix python lib build --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 41fc01983..2c1ec5cc3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,8 @@ WORKDIR /synthtool # remove postprocessor images RUN rm -rdf /synthtool/docker -RUN python3 -m pip install --no-deps -e . +RUN python3 -m pip install -e . +RUN python3 -m pip install -r requirements.in WORKDIR /workspace From abc9ecfb6c9574b3d44fe9b7ada8a99dad9b713b Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 20:14:48 +0000 Subject: [PATCH 4/7] allow nonroot to use py package? --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 2c1ec5cc3..4ef478bf6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,9 @@ RUN rm -rdf /synthtool/docker RUN python3 -m pip install -e . RUN python3 -m pip install -r requirements.in +# Allow non-root users to run python +RUN chmod +rx /root/ + WORKDIR /workspace ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" From 133caf2c140572c018c742ef0d08ea2e1d82b5e5 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 20:15:43 +0000 Subject: [PATCH 5/7] simplify entrypoint --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ef478bf6..511caa2fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,4 +29,4 @@ RUN chmod +rx /root/ WORKDIR /workspace ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" -CMD [ "python3", "/workspace/owlbot.py" ] +CMD [ "python3" ] From 82b496b77eec1149955e793dc11b67e1e86ed459 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 20:23:08 +0000 Subject: [PATCH 6/7] specify python path to detect synthtool --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 511caa2fa..af4c57689 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,4 +29,7 @@ RUN chmod +rx /root/ WORKDIR /workspace ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" +# Put synthtool in the PYTHONPATH so owlbot.py scripts will find it. +ENV PYTHONPATH="/synthtool" + CMD [ "python3" ] From c072ce696e3382500e6bb362700ef862fa761dde Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Fri, 17 Nov 2023 20:26:23 +0000 Subject: [PATCH 7/7] update non-root permissions --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index af4c57689..a91d1f36a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,4 +32,9 @@ ENV SYNTHTOOL_TEMPLATES="/synthtool/synthtool/gcp/templates" # Put synthtool in the PYTHONPATH so owlbot.py scripts will find it. ENV PYTHONPATH="/synthtool" +# Update permissions so non-root users won't see errors. +RUN find /synthtool -exec chmod a+r {} \; +RUN find /synthtool -type d -exec chmod a+x {} \; + + CMD [ "python3" ]