Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pyapp permission error in 0.23.0 #155

Open
sandangel opened this issue Aug 7, 2024 · 3 comments
Open

pyapp permission error in 0.23.0 #155

sandangel opened this issue Aug 7, 2024 · 3 comments

Comments

@sandangel
Copy link

sandangel commented Aug 7, 2024

Hi, just updated to 0.23.0 and set PYAPP_PYTHON_VERSION=3.11 does not work anymore in the command below:

PYAPP_PYTHON_VERSION=3.11 cargo build --release 

/binary self python --version
# Giving 3.12

Other configs:

ENV \
  PYAPP_UV_ENABLED=1 \
  PYAPP_SKIP_INSTALL=1 \
  PYAPP_EXPOSE_ALL_COMMANDS=1 \
  PYAPP_PIP_EXTRA_ARGS="--no-cache-dir" \

Both python distribution embed/non-embed have same issue

@ofek
Copy link
Owner

ofek commented Aug 7, 2024

It's working for me, please show your exact commands

@sandangel
Copy link
Author

Okay, it seems like a bug in hatch because I use hatch build --target binary instead of cargo install/build.

@sandangel sandangel reopened this Aug 7, 2024
@sandangel
Copy link
Author

sandangel commented Aug 7, 2024

Hi, I think I found the issue:

#### Build Base ####

FROM rust:1-buster as pyapp-base

WORKDIR /app

ENV RYE_TOOLCHAIN_VERSION="3.11" RYE_INSTALL_OPTION="--yes"
ENV PATH=/root/.rye/shims:$PATH
RUN curl -sSf https://raw.githubusercontent.com/astral-sh/rye/main/scripts/install.sh | bash

#### PYAPP CONFIG ####
ENV PYAPP_PYTHON_VERSION=3.11
# Copy python distribution to installation instead of sharing in venv. This is important otherwise python will have permission error
ENV PYAPP_FULL_ISOLATION=1
# Predownload python distribution
ENV PYAPP_DISTRIBUTION_EMBED=1
# Enable astral-sh/uv for fast resolution
ENV PYAPP_UV_ENABLED=1
# Skip installing the project to distribution
# will install manually to avoid internal dependencies resolution not found on registry
ENV PYAPP_SKIP_INSTALL=1
# Expose python commands from the binary
ENV PYAPP_EXPOSE_METADATA=1
ENV PYAPP_EXPOSE_PYTHON=1
ENV PYAPP_EXPOSE_PYTHON_PATH=1
ENV PYAPP_EXPOSE_UV=1
# The PYTHONDONTWRITEBYTECODE=1 env var and --no-cache-dir parameters when invoking Pip both make the image smaller by not writing any temporary files. Both Bytecode and Pip caches are speeding things up when running Pip multiple times, but since we are working in a container, we can be pretty sure that we'll never invoke pip again.
ENV PYAPP_PIP_EXTRA_ARGS="--extra-index-url ${ARTIFACTORY_INDEX_URL} --no-cache-dir"
ENV PYTHONDONTWRITEBYTECODE=1
# Set target dir so cargo can reuse build artifacts
ENV CARGO_TARGET_DIR=/tmp/target
# When building wheel that use C, `-march` is set to x86-64-v3, which is not correct, because of PYAPP_DISTRIBUTION_VARIANT
# https://github.com/ofek/pyapp/issues/105
# ENV CFLAGS="-march=x86-64"
# Use GCC as C compiler for building the wheel
# This is to avoid installing clang. Ideally pip should detect gcc automatically
# https://github.com/ofek/pyapp/issues/105
ENV CC=gcc

#### Build ####

FROM pyapp-base as pyapp-build

ENV PYAPP_PROJECT_NAME=cowsay
ENV PYAPP_PROJECT_VERSION=6.0.1

# Build single binary python app. Skip installing the project to install using self pip. That will resolve errors internal packages not found on registry.
RUN --mount=type=cache,target=/tmp/target cargo install pyapp@0.22.0 --force --root $(pwd) && \
  mv $(pwd)/bin/pyapp /app/cowsay

RUN /app/cowsay self pip install cowsay

#### Runtime Base ####

FROM debian:12-slim as pyapp-runtime

USER 1001:1001

WORKDIR /app

ENV HOME=/app

#### Runtime ####

FROM pyapp-runtime as runtime

# Copy binary and code for internal deps to run.
COPY --from=pyapp-build /root/.local/share/pyapp /app/.local/share/pyapp
COPY --from=pyapp-build /app /app

ENTRYPOINT ["/app/cowsay"]

Now run docker build -t cowsay --target runtime .

And run docker run -it --rm --user 1001:1001 --read-only --cap-drop=ALL --mount type=tmpfs,dst=/app/.cache --mount type=tmpfs,dst=/tmp cowsay:latest

This will work but if I change the command to cargo install pyapp@0.23.0 from the above docker file then the docker run will fail.

@sandangel sandangel changed the title pyapp does not respect PYAPP_PYTHON_VERSION in 0.23.0 pyapp permission error in 0.23.0 Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants