-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrate Python runtime builds to GitHub Actions (#1432)
* Builds are now performed on GitHub Actions (which supports IP allowlisting), and can be triggered via the dispatch job workflow. * The build process no longer uses the legacy bob-builder tool. * The identical and thus redundant per-version scripts have been removed. * The per-stack Dockerfiles have been consolidated. GUS-W-12964868.
- Loading branch information
Showing
36 changed files
with
144 additions
and
356 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
name: Build and upload Python runtime | ||
run-name: "Build and upload Python ${{ inputs.python_version }}${{ inputs.dry_run && ' (dry run)' || '' }}" | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
python_version: | ||
description: "The Python version to build, specified as X.Y.Z" | ||
type: string | ||
required: true | ||
dry_run: | ||
description: "Skip deploying to S3 (e.g. for testing)" | ||
type: boolean | ||
default: false | ||
required: false | ||
|
||
permissions: | ||
contents: read | ||
|
||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
AWS_DEFAULT_REGION: "us-west-2" | ||
S3_BUCKET: "heroku-buildpack-python" | ||
|
||
# Unfortunately these jobs cannot be easily written as a matrix since `matrix.exclude` does not | ||
# support expression syntax, and the `inputs` context is not available inside the job `if` key. | ||
jobs: | ||
build-and-upload-heroku-18: | ||
runs-on: pub-hk-ubuntu-22.04-xlarge | ||
env: | ||
STACK_VERSION: "18" | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Build Docker image | ||
run: docker build --pull --tag buildenv --build-arg=STACK_VERSION builds/ | ||
- name: Build and package Python runtime | ||
run: docker run --rm --platform="linux/amd64" --volume="${PWD}/upload:/tmp/upload" buildenv ./build_python_runtime.sh "${{ inputs.python_version }}" | ||
- name: Upload Python runtime archive to S3 | ||
if: (!inputs.dry_run) | ||
run: aws s3 sync ./upload "s3://${S3_BUCKET}" | ||
|
||
build-and-upload-heroku-20: | ||
runs-on: pub-hk-ubuntu-22.04-xlarge | ||
env: | ||
STACK_VERSION: "20" | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Build Docker image | ||
run: docker build --pull --tag buildenv --build-arg=STACK_VERSION builds/ | ||
- name: Build and package Python runtime | ||
run: docker run --rm --platform="linux/amd64" --volume="${PWD}/upload:/tmp/upload" buildenv ./build_python_runtime.sh "${{ inputs.python_version }}" | ||
- name: Upload Python runtime archive to S3 | ||
if: (!inputs.dry_run) | ||
run: aws s3 sync ./upload "s3://${S3_BUCKET}" | ||
|
||
build-and-upload-heroku-22: | ||
# We only support Python 3.9+ on Heroku-22. | ||
if: (!startsWith(inputs.python_version, '3.7.') && !startsWith(inputs.python_version,'3.8.')) | ||
runs-on: pub-hk-ubuntu-22.04-xlarge | ||
env: | ||
STACK_VERSION: "22" | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Build Docker image | ||
run: docker build --pull --tag buildenv --build-arg=STACK_VERSION builds/ | ||
- name: Build and package Python runtime | ||
run: docker run --rm --platform="linux/amd64" --volume="${PWD}/upload:/tmp/upload" buildenv ./build_python_runtime.sh "${{ inputs.python_version }}" | ||
- name: Upload Python runtime archive to S3 | ||
if: (!inputs.dry_run) | ||
run: aws s3 sync ./upload "s3://${S3_BUCKET}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,4 @@ | ||
*.pyc | ||
site | ||
.DS_Store | ||
|
||
/.envrc | ||
__pycache__/ | ||
.hatchet/repos/ | ||
|
||
#Venv | ||
buildpack/* | ||
|
||
builds/dockerenv.staging* | ||
builds/dockerenv.production | ||
|
||
.DS_Store | ||
.rspec_status |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
ARG STACK_VERSION="22" | ||
FROM --platform=linux/amd64 heroku/heroku:${STACK_VERSION}-build | ||
|
||
ARG STACK_VERSION | ||
ENV STACK="heroku-${STACK_VERSION}" | ||
|
||
RUN apt-get update \ | ||
&& apt-get install --no-install-recommends -y \ | ||
libsqlite3-dev \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR /tmp | ||
COPY build_python_runtime.sh . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,80 +1,11 @@ | ||
# Python Buildpack Binaries | ||
|
||
The binaries for this buildpack are built in Docker containers based on the Heroku stack image. | ||
The binaries for this buildpack are built on GitHub Actions, inside Docker containers based on the Heroku stack image. | ||
|
||
## Configuration | ||
Users with suitable repository access can trigger builds by: | ||
|
||
In order to publish binaries AWS credentials must be passed to the build container. | ||
If you are testing only the build (ie: `bob build`), these are optional. | ||
|
||
In addition, unless you are building the official binaries for Heroku (which use the defaults | ||
specified in each `Dockerfile`), you will need to override `S3_BUCKET` and `S3_PREFIX` to | ||
match your own S3 bucket/use case. | ||
|
||
If you only need to set AWS credentials, you can do so by setting the environment variables | ||
`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` before calling the make commands. | ||
|
||
For example: | ||
|
||
```bash | ||
set +o history # Disable bash history | ||
export AWS_ACCESS_KEY_ID=... | ||
export AWS_SECRET_ACCESS_KEY=... | ||
set -o history # Re-enable bash history | ||
make ... | ||
``` | ||
|
||
If you need to override the default S3 bucket, or would prefer not to use credentials via | ||
environment variables, then you need to instead use a Docker env file like so: | ||
|
||
1. Copy the `builds/dockerenv.default` env file to a location outside the buildpack repository. | ||
2. Edit the new file, adding at a minimum the values for the variables | ||
`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` (see Docker | ||
[env-file documentation](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file)). | ||
3. Pass the path of the file to the make commands using `ENV_FILE`. For example: | ||
|
||
```bash | ||
make ... ENV_FILE=~/.dockerenv.python-buildpack | ||
``` | ||
|
||
## Launching an interactive build environment | ||
|
||
To start an interactive version of the build environment (ideal for development) use the | ||
`buildenv` make target, passing in the desired `STACK` name. For example: | ||
|
||
```bash | ||
make buildenv STACK=heroku-18 | ||
``` | ||
|
||
This will create the builder docker image based on the latest image for that stack, and | ||
then start a bash shell where you can run `bob build`, `bob deploy`, and so forth. | ||
|
||
The `builds/` directory is bind-mounted into the running container, so local build formula | ||
changes will appear there immediately without the need to rebuild the image. | ||
|
||
## Bulk deploying runtimes | ||
|
||
When a new Python version is released, binaries have to be generated for multiple stacks. | ||
To automate this, use the `deploy-runtimes` make target, which will ensure the builder | ||
image is up to date, and then run `bob deploy` for each runtime-stack combination. | ||
|
||
The build formula name(s) are passed using `RUNTIMES`, like so: | ||
|
||
```bash | ||
make deploy-runtimes RUNTIMES='python-X.Y.Z' | ||
``` | ||
|
||
By default this will deploy to all supported stacks (see `STACKS` in `Makefile`), | ||
but this can be overridden using `STACKS`: | ||
|
||
```bash | ||
make deploy-runtimes RUNTIMES='python-X.Y.Z' STACKS='heroku-18' | ||
``` | ||
|
||
Multiple runtimes can also be specified (useful for when adding a new stack), like so: | ||
|
||
```bash | ||
make deploy-runtimes RUNTIMES='python-A.B.C python-X.Y.Z' STACKS='heroku-22' | ||
``` | ||
|
||
Note: Both `RUNTIMES` and `STACKS` are space delimited. | ||
1. Navigating to the [Build and upload Python runtime](https://github.com/heroku/heroku-buildpack-python/actions/workflows/build_python_runtime.yml) workflow. | ||
2. Opening the "Run workflow" prompt. | ||
3. Entering the desired Python version. | ||
4. Optionally checking the "Skip deploying" checkbox (if testing) | ||
5. Clicking "Run workflow". |
Oops, something went wrong.