Skip to content

Commit

Permalink
Exclude yarn.lock from built Python wheel file (apache#16577)
Browse files Browse the repository at this point in the history
Same as apache#16494 - However that PR had to be reverted in apache#16518 as it failed building of PROD image, this PR/commit will fix it.

PROBLEM: Currently the airflow wheel is built with the yarn.lock which is not actually used by the airflow itself. Having this file in the docker image causes the clair and trivy scanners to fail

FIX: The fix is to exclude the yarn.lock by specifying it in the manifest.in
(cherry picked from commit aa79bfe)
(cherry picked from commit 8fcc68d)
  • Loading branch information
kaxil committed Jun 23, 2021
1 parent d338a16 commit 99d5ebd
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
12 changes: 7 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -286,23 +286,25 @@ ARG CONTINUE_ON_PIP_CHECK_FAILURE="false"
# Copy all install scripts here
COPY scripts/docker/install*.sh /scripts/docker/

# Copy compile_www_assets.sh install scripts here
COPY scripts/docker/compile_www_assets.sh /scripts/docker/compile_www_assets.sh

# hadolint ignore=SC2086, SC2010
RUN if [[ ${INSTALL_FROM_DOCKER_CONTEXT_FILES} == "true" ]]; then \
bash /scripts/docker/install_from_docker_context_files.sh; \
elif [[ ${INSTALL_FROM_PYPI} == "true" ]]; then \
bash /scripts/docker/install_airflow.sh; \
else \
# only compile assets if the prod image is build from sources
# otherwise they are already compiled-in
bash /scripts/docker/compile_www_assets.sh; \
fi; \
if [[ -n "${ADDITIONAL_PYTHON_DEPS}" ]]; then \
bash /scripts/docker/install_additional_dependencies.sh; \
fi; \
find /root/.local/ -name '*.pyc' -print0 | xargs -0 rm -r || true ; \
find /root/.local/ -type d -name '__pycache__' -print0 | xargs -0 rm -r || true

# Copy compile_www_assets.sh install scripts here
COPY scripts/docker/compile_www_assets.sh /scripts/docker/compile_www_assets.sh

RUN bash /scripts/docker/compile_www_assets.sh

# make sure that all directories and files in .local are also group accessible
RUN find /root/.local -executable -print0 | xargs --null chmod g+x && \
find /root/.local -print0 | xargs --null chmod g+rw
Expand Down
1 change: 1 addition & 0 deletions MANIFEST.in
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ graft scripts/upstart
graft airflow/config_templates
recursive-exclude airflow/www/node_modules *
global-exclude __pycache__ *.pyc
exclude airflow/www/yarn.lock
include airflow/alembic.ini
include airflow/api_connexion/openapi/v1.yaml
include airflow/git_version
Expand Down

0 comments on commit 99d5ebd

Please sign in to comment.