-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix docker build #955
Fix docker build #955
Conversation
This should allow the correct version tag to be found even when the pip install command is run from a different directory.
c913cdf
to
4321d78
Compare
af5b613
to
3e850b8
Compare
3e850b8
to
62e4773
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you need to create the user earlier (or use an id) and chown on copy. This is an example from a quarkus skeleton app:
FROM registry.access.redhat.com/ubi8/openjdk-17:1.14
ENV LANGUAGE='en_US:en'
# We make four distinct layers so if there are application changes the library layers can be re-used
COPY --chown=185 build/quarkus-app/lib/ /deployments/lib/
COPY --chown=185 build/quarkus-app/*.jar /deployments/
COPY --chown=185 build/quarkus-app/app/ /deployments/app/
COPY --chown=185 build/quarkus-app/quarkus/ /deployments/quarkus/
EXPOSE 8080
USER 185
ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
I don’t think so. The python files are just installed to the system anyway. The user isn’t needed at all during the build process, it just exists for the container to use at run time. |
So "other" users have read/execute permissions on the code directory? |
Yes, the code is installed as a python package with pip. Just like if you were to system install any other dependency with pip. |
Tested on the test server and it still works with the existing configuration. |
768e448
to
2254ed8
Compare
Seems like some change in setuptools broke our docker build, however, this really just exposed a bug in our build where the
.git
directory was not being copied to the docker context and therefore the git version tag couldn't be found from thesetup.py
file. I went ahead and rewrote the dockerfile to use a multi-stage approach so we should no longer have build tools likegit
andpipenv
installed in the final container.Closes #953