From 61bcda0869532e4b409becea742a7b3382f87ef6 Mon Sep 17 00:00:00 2001 From: CC007 Date: Wed, 18 May 2022 13:56:41 +0200 Subject: [PATCH 1/2] Add support for git tokens These tokens can be used for python dependencies for private git repos. These changes are made in the main python template. Signed-off-by: CC007 --- template/python3/Dockerfile | 76 ++++++++++++++++++++++++++----------- 1 file changed, 54 insertions(+), 22 deletions(-) diff --git a/template/python3/Dockerfile b/template/python3/Dockerfile index b6c9272a..bdcdec0f 100644 --- a/template/python3/Dockerfile +++ b/template/python3/Dockerfile @@ -1,56 +1,88 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.2.0 as watchdog -FROM --platform=${TARGETPLATFORM:-linux/amd64} python:3-alpine - -ARG TARGETPLATFORM -ARG BUILDPLATFORM +# Builder stage that allows you to use git modules from private repos +FROM --platform=${TARGETPLATFORM:-linux/amd64} python:3-alpine as builder -# Allows you to add additional packages via build-arg +# Basic user, python and certificate setup ARG ADDITIONAL_PACKAGE - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog RUN apk --no-cache add ca-certificates ${ADDITIONAL_PACKAGE} +RUN addgroup -S app && adduser app -S -G app +WORKDIR /home/app/ +RUN chown -R app /home/app && \ + mkdir -p /home/app/python && chown -R app /home/app +USER app +ENV PATH=$PATH:/home/app/.local/bin:/home/app/python/bin/ +ENV PYTHONPATH=$PYTHONPATH:/home/app/python +# Token to be provided as argument +ARG GIT_TOKEN=no_token_set -# Add non root user -RUN addgroup -S app && adduser app -S -G app +# Install git and make the git token available as environment variable +USER root +RUN apk --no-cache add git +ENV GIT_TOKEN=${GIT_TOKEN} +# Install template requirements +USER app WORKDIR /home/app/ - -COPY index.py . COPY requirements.txt . +RUN pip install -r requirements.txt --target=/home/app/python + +# Install function specific requirements +RUN mkdir -p function +WORKDIR /home/app/function/ +COPY function/requirements.txt . +RUN pip install -r requirements.txt --target=/home/app/python +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.2.0 as watchdog + +# Actual image +FROM --platform=${TARGETPLATFORM:-linux/amd64} python:3-alpine + +# Basic user, python and certificate setup +ARG ADDITIONAL_PACKAGE +RUN apk --no-cache add ca-certificates ${ADDITIONAL_PACKAGE} +RUN addgroup -S app && adduser app -S -G app +WORKDIR /home/app/ RUN chown -R app /home/app && \ - mkdir -p /home/app/python && chown -R app /home/app + mkdir -p /home/app/python && chown -R app /home/app USER app ENV PATH=$PATH:/home/app/.local/bin:/home/app/python/bin/ ENV PYTHONPATH=$PYTHONPATH:/home/app/python -RUN pip install -r requirements.txt --target=/home/app/python +# Copy over watchdog +USER root +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog +# Copy over template files +USER app +WORKDIR /home/app/ +COPY index.py . +COPY requirements.txt . + +# Mark the function dir as a module RUN mkdir -p function RUN touch ./function/__init__.py +# Copy over the function specific requirements file WORKDIR /home/app/function/ COPY function/requirements.txt . -RUN pip install -r requirements.txt --target=/home/app/python - +# Copy over resolved dependencies from builder stage WORKDIR /home/app/ +COPY --from=builder /home/app/.cache /home/app/.cache +COPY --from=builder /home/app/python /home/app/python +# Copy over the specific function code USER root - COPY function function # Allow any user-id for OpenShift users. RUN chown -R app:app ./ && \ - chmod -R 777 /home/app/python + chmod -R 777 /home/app/python +# Prepare and run the watchdog USER app - ENV fprocess="python3 index.py" EXPOSE 8080 - HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1 - CMD ["fwatchdog"] From 65b6c21e7cb1be7147b50d1e797c055aac2127ed Mon Sep 17 00:00:00 2001 From: CC007 Date: Mon, 30 May 2022 18:57:36 +0200 Subject: [PATCH 2/2] Use inline variables for GITHUB_TOKEN, instead of setting the environment variable for the whole builder stage Signed-off-by: CC007 --- template/python3/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/template/python3/Dockerfile b/template/python3/Dockerfile index bdcdec0f..f7ce6227 100644 --- a/template/python3/Dockerfile +++ b/template/python3/Dockerfile @@ -18,19 +18,18 @@ ARG GIT_TOKEN=no_token_set # Install git and make the git token available as environment variable USER root RUN apk --no-cache add git -ENV GIT_TOKEN=${GIT_TOKEN} # Install template requirements USER app WORKDIR /home/app/ COPY requirements.txt . -RUN pip install -r requirements.txt --target=/home/app/python +RUN GIT_TOKEN=${GIT_TOKEN} pip install -r requirements.txt --target=/home/app/python # Install function specific requirements RUN mkdir -p function WORKDIR /home/app/function/ COPY function/requirements.txt . -RUN pip install -r requirements.txt --target=/home/app/python +RUN GIT_TOKEN=${GIT_TOKEN} pip install -r requirements.txt --target=/home/app/python FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.2.0 as watchdog