provide cli containerfile #329
Conversation
Signed-off-by: Janine Olear <[email protected]>
Containerfile
Outdated
| COPY pyproject.toml ./ | ||
| COPY src ./src | ||
|
|
||
| RUN pip install typing-extensions sigstore-protobuf-specs protobuf in-toto-attestation cryptography certifi pyOpenSSL sigstore |
There was a problem hiding this comment.
Is there a better way to resolve the python dependencies? I've not much exp. with python and didn't see a poetry file or requirements.txt.
There was a problem hiding this comment.
The sub-dependencies are defined here: https://github.com/sigstore/model-transparency/blob/main/pyproject.toml#L29-L34
It might be better to just install https://pypi.org/project/model-signing/ instead? Or does this need to always be built from the source repo?
Running pip install . from the projects root directory should also install the project w/ these dependencies.
There was a problem hiding this comment.
+1 to just installing the library.
Alternatively, since we use hatch, hatch shell gives you an environment with all the dependencies installed. You just need to have hatch installed in the image.
I was actually thinking of making hatch scripts that would wrap around signing and verification CLI so a user would just run the script directly and that would manage the dependencies.
There was a problem hiding this comment.
Hmm, seems like just installing the library is not going to be enough: #330.
Alternatively, since we use hatch, hatch shell gives you an environment with all the dependencies installed. You just need to have hatch installed in the image.
I was actually thinking of making hatch scripts that would wrap around signing and verification CLI so a user would just run the script directly and that would manage the dependencies.
I think it's probably fine to require hatch for development, but we shouldn't expect end users to need to use hatch just to have a CLI.
There was a problem hiding this comment.
Sounds good. I think we didn't add the CLI scripts to the library, but we'll do once we rewrite them to use the higher level API.
There was a problem hiding this comment.
Running pip install . from the projects root directory should also install the project w/ these dependencies.
Hi @di, I tried this. But it fails. So I changed it to python -m pip install model_signing. 🙈
Processing /
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing metadata (pyproject.toml): started
Preparing metadata (pyproject.toml): finished with status 'error'
error: subprocess-exited-with-error
× Preparing metadata (pyproject.toml) did not run successfully.
│ exit code: 1
╰─> [24 lines of output]
Traceback (most recent call last):
File "/usr/local/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 353, in <module>
main()
~~~~^^
File "/usr/local/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 335, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 152, in prepare_metadata_for_build_wheel
whl_basename = backend.build_wheel(metadata_directory, config_settings)
File "/tmp/pip-build-env-glunuzhs/overlay/lib/python3.13/site-packages/hatchling/build.py", line 58, in build_wheel
return os.path.basename(next(builder.build(directory=wheel_directory, versions=['standard'])))
~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/pip-build-env-glunuzhs/overlay/lib/python3.13/site-packages/hatchling/builders/plugin/interface.py", line 90, in build
self.metadata.validate_fields()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/tmp/pip-build-env-glunuzhs/overlay/lib/python3.13/site-packages/hatchling/metadata/core.py", line 266, in validate_fields
self.core.validate_fields()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/tmp/pip-build-env-glunuzhs/overlay/lib/python3.13/site-packages/hatchling/metadata/core.py", line 1366, in validate_fields
getattr(self, attribute)
~~~~~~~^^^^^^^^^^^^^^^^^
File "/tmp/pip-build-env-glunuzhs/overlay/lib/python3.13/site-packages/hatchling/metadata/core.py", line 700, in license
raise OSError(message)
OSError: License file does not exist: LICENSE
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed
× Encountered error while generating package metadata.
╰─> See above for output.
note: This is an issue with the package mentioned above, not pip.
hint: See above for details.
There was a problem hiding this comment.
This is interesting. I'll try to debug this on Monday.
Signed-off-by: Janine Olear <[email protected]>
There was a problem hiding this comment.
Should it be named Dockerfile?
Also, can you add the standard license header please? (the one with sigstore authors, see https://github.com/sigstore/model-transparency/blob/main/src/model_signing/__init__.py)
Summary
This PR provides a Containerfile to wrap sign.py and verify.py in a container, simplifying execution in containerized environments like kubernetes.
Part of:
Release Note
N/A
Documentation
N/A