-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Distroless python sdk #32960
Distroless python sdk #32960
Conversation
Assigning reviewers. If you would like to opt out of this review, comment R: @liferoad for label python. Available commands:
The PR bot will only process comments in the main thread (not review comments). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, this is a good start. Note that the current change does not enter new automatically ran workflows. Could consider add a "beam_PostCommit_Python_ValidatesContainer_Dataflow_Distroless.yml" GitHub Action workflow, or just create another job running distroless containers in the existing "beam_PostCommit_Python_ValidatesContainer_Dataflow.yml" workflow
def repository = "us.gcr.io/apache-beam-testing/${System.getenv('USER')}" | ||
def tag = java.time.Instant.now().getEpochSecond() | ||
def imageURL = "${repository}/beam_python${project.ext.pythonVersion}_sdk_${buildTarget}:${tag}" | ||
project.rootProject.ext['docker-repository-root'] = repository |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
overwriting root properties may have surprising effect, saying if one creates another task that produces container sequentially,
- py39
- py39-distroless
- py310
- py310-distroless
Could it happen that py39-distroless invocation affects the configurations for the py310 target? If so is there a way to avoid it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Abacn , thank you for meeting with me a couple days back. I realized that having separate py<version>-distroless
gradle projects could be avoided with the logic introduced in container/common.gradle by querying the container-build-target
property. Thus, there is no py<version>-distroless
. The description has a screenshot in the collapsed markdown of the Dataflow Job that succeeded with the validatesDistrolessContainer
task. I don't have the means while currently on vacation to test again but I (mostly) remember that the tag is needed to be set on the rootProject level to work. validatesDistrolessContainer
should not interfere with other tasks and these properties should only be set when the task executes, not when it is configured.
Thank @Abacn , the GitHub Action workflow will be addressed in #33003. The goal of this PR is to make backward compatible changes to existing Python container-related Dockerfile and related gradle tasks. Could you let me know if adding the workflow is important to your review of this PR and I can do so when I return from vacation in a couple weeks? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the clarifications. This looks good to me. I understand this is currently an no-op to workflow as both test workflow and push docker image to dockerhub are pending. Defer to you for the timeline to merge
This reverts commit 81f35ab.
Addresses #32817 adding Python SDK (non-ML) distroless variants.
Latest vulnerability report
Expand for more details:
Testing
Prior to submitting this PR, ran:
Expand for more detail:
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
addresses #123
), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, commentfixes #<ISSUE NUMBER>
instead.CHANGES.md
with noteworthy changes.See the Contributor Guide for more tips on how to make review process smoother.
To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md
GitHub Actions Tests Status (on master branch)
See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.