Docker implementation#1219
Conversation
conda-bot
added
the
cla-signed
Jrice1317
force-pushed
the
docker-implementation
branch
from
9fa7db8 to
9f20cbe
Compare
| """ | ||
| Base image to use for docker builds when `installer_type` includes `docker` or `docker_build` is True. | ||
| Should be a specific image reference. For reproducibility, please specify a SHA256 digest. | ||
| For example: `debian:13.4-slim@sha256:abc123...`. If the digest is not provided, a warning will be shown. |
There was a problem hiding this comment.
The example is great, but reproducibility is not the primary concern here either, it's supply chain security. I would overall do don't think it's constructor's responsibility to decide or advise on the user's security model though, even if it's just a warning. Warnings show up in GitHub Action summaries and can introduce unwanted noise.
| """ | ||
| If `True`, builds a docker image using the Dockerfile generated by constructor and saves it as a portable tarball. | ||
| ``<name>-<version>-<platform>.tar`` will be created in the output docker directory. | ||
| Requires `docker_base_image` to be specified. |
There was a problem hiding this comment.
The base image should be a mandatory parameter in any case.
| The labels `org.opencontainers.image.title` and `org.opencontainers.image.version` are | ||
| set automatically from `name` and `version`. | ||
| """ | ||
| docker_build: bool = False |
There was a problem hiding this comment.
Given that Docker provides several output formats, I would rather choose something that is extendable. It's okay if we don't support all formats right now, we can disclose that.
| message: "This base environment is frozen and cannot be modified." | ||
| ``` | ||
| """ | ||
| docker_base_image: Annotated[str, Field(min_length=1)] | None = None |
There was a problem hiding this comment.
Instead of prefixing all fields with docker_*, would it make more sense to make docker its own key with all other properties being a subkey? I know that's not our current convention, so I'm not 100% sure about that.
| docker_tag: NonEmptyStr | None = None | ||
| """ | ||
| Tag to use for the docker image. | ||
| If not provided, it will default to `<name>:<version>`. |
There was a problem hiding this comment.
Do we need to provide a default here? docker build runs with a tag, too.
Will this require docker_build (or whatever successor you choose) to be set?
|
|
||
| LABEL org.opencontainers.image.title="{{ name }}" | ||
| LABEL org.opencontainers.image.version="{{ version }}" | ||
| {%- if labels %} |
There was a problem hiding this comment.
I don't think the if is needed. If labels is empty, the loop just won't run.
| if docker_build and osname == "win": | ||
| sys.exit( | ||
| "Error: 'docker_build' is not supported on Windows. " | ||
| "Run the build on Linux or macOS instead." | ||
| ) | ||
| if docker_build and itype in ("pkg", "exe"): | ||
| sys.exit( | ||
| "Error: 'docker_build' is not compatible with installer_type 'pkg' or 'exe'. " | ||
| "Use installer_type: 'sh', 'docker', or omit installer_type." | ||
| ) |
There was a problem hiding this comment.
Instead of erroring out, we should just ignore those.
| info["_outpath"] = abspath(join(output_dir, get_output_filename(info))).replace( | ||
| ".docker", ".sh" | ||
| ) |
There was a problem hiding this comment.
Aren't you already doing this in the build function?
|
|
||
| @pytest.mark.skipif(sys.platform.startswith("win"), reason="Unix only") | ||
| @pytest.mark.skipif(not shutil.which("docker"), reason="Docker not available") | ||
| def test_docker_build(tmp_path): |
There was a problem hiding this comment.
This test doesn't test the labels.
| ), | ||
| "win": ("exe",), | ||
| } | ||
| all_allowed = set(sum(os_allowed.values(), ("all", "docker"))) |
There was a problem hiding this comment.
We only allow Docker for Linux platforms and can only build them on Linux and macOS.
3 participants
Description
This PR adds Docker output support to constructor, generating a ready-to-use Dockerfile and optionally building the resulting image via
installer_type: dockeranddocker_build: truein the construct.yaml.Changes
New:
constructor/docker_build.py: Handles Docker output by rendering template and optionally building portable imageconstructor/dockerfile_template.tmpl: Template used to generate Dockerfileexamples/docker_build/construct.yaml: Example construct.yaml used for testingUpdated:
constructor/_schema.py: Addsdockertoinstaller_typeand addsdocker_base_image,docker_tag,docker_labelsconstructor/main.py: Addsdockerto installer typestests/test_examples.py: Addstest_docker_buildto cover Dockerfile generation, image build and smoke testNotes:
docker_buildisTrue, the user can start using the resulting portable image by running the commanddocker load -i <image_name>RuntimeErroris raised whenbase_imageis not providedChecklist - did you ...
newsdirectory (using the template) for the next release's release notes?