Distroless python sdk #32960
Distroless python sdk #32960
Conversation
|
Assigning reviewers. If you would like to opt out of this review, comment R: @liferoad for label python. Available commands:
The PR bot will only process comments in the main thread (not review comments). |
There was a problem hiding this comment.
Thanks, this is a good start. Note that the current change does not enter new automatically ran workflows. Could consider add a "beam_PostCommit_Python_ValidatesContainer_Dataflow_Distroless.yml" GitHub Action workflow, or just create another job running distroless containers in the existing "beam_PostCommit_Python_ValidatesContainer_Dataflow.yml" workflow
| def repository = "us.gcr.io/apache-beam-testing/${System.getenv('USER')}" | ||
| def tag = java.time.Instant.now().getEpochSecond() | ||
| def imageURL = "${repository}/beam_python${project.ext.pythonVersion}_sdk_${buildTarget}:${tag}" | ||
| project.rootProject.ext['docker-repository-root'] = repository |
There was a problem hiding this comment.
overwriting root properties may have surprising effect, saying if one creates another task that produces container sequentially,
- py39
- py39-distroless
- py310
- py310-distroless
Could it happen that py39-distroless invocation affects the configurations for the py310 target? If so is there a way to avoid it?
There was a problem hiding this comment.
@Abacn , thank you for meeting with me a couple days back. I realized that having separate py<version>-distroless gradle projects could be avoided with the logic introduced in container/common.gradle by querying the container-build-target property. Thus, there is no py<version>-distroless. The description has a screenshot in the collapsed markdown of the Dataflow Job that succeeded with the validatesDistrolessContainer task. I don't have the means while currently on vacation to test again but I (mostly) remember that the tag is needed to be set on the rootProject level to work. validatesDistrolessContainer should not interfere with other tasks and these properties should only be set when the task executes, not when it is configured.
Thank @Abacn , the GitHub Action workflow will be addressed in #33003. The goal of this PR is to make backward compatible changes to existing Python container-related Dockerfile and related gradle tasks. Could you let me know if adding the workflow is important to your review of this PR and I can do so when I return from vacation in a couple weeks? |
Addresses #32817 adding Python SDK (non-ML) distroless variants.
Latest vulnerability report
Expand for more details:
Testing
Prior to submitting this PR, ran:
Expand for more detail:
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, commentfixes #<ISSUE NUMBER>instead.CHANGES.mdwith noteworthy changes.See the Contributor Guide for more tips on how to make review process smoother.
To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md
GitHub Actions Tests Status (on master branch)
See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.