From fe8e2b8701074199dcf3ecb549ff2a40f7611d8c Mon Sep 17 00:00:00 2001 From: Henry Nash Date: Tue, 16 Jun 2020 13:12:10 +0100 Subject: [PATCH] python-flask: Avoid permission errors when building dependencies (#834) * Avoid clashing UIDs * increment stack version * Add additional debug * Ensure permission settings work on Linux & macOS * fix typo in comment --- incubator/python-flask/image/Dockerfile-stack | 6 ++++-- incubator/python-flask/image/project/Dockerfile | 8 ++++++-- incubator/python-flask/stack.yaml | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/incubator/python-flask/image/Dockerfile-stack b/incubator/python-flask/image/Dockerfile-stack index 7a1f942c6..df200b108 100644 --- a/incubator/python-flask/image/Dockerfile-stack +++ b/incubator/python-flask/image/Dockerfile-stack @@ -13,12 +13,14 @@ ENV PATH=/home/worker/.local/bin:$PATH ENV APPSODY_MOUNTS=/:/project/userapp ENV APPSODY_DEPS=/project/deps -ENV APPSODY_USER_RUN_AS_LOCAL=true +# This (and the project) Dockerfile already ensure we run as worker, rather than root - so don't enable running as the local +# user, since this would cause a clash of two different UIDs +ENV APPSODY_USER_RUN_AS_LOCAL=false ENV APPSODY_WATCH_DIR=/project/userapp ENV APPSODY_WATCH_REGEX="^.*.py$" -ENV APPSODY_PREP="cd /project/userapp;pipenv lock -r > requirements.txt;python -m pip install -r requirements.txt -t /project/deps" +ENV APPSODY_PREP="cd /project/userapp;pipenv lock -r > ../requirements-additional.txt;python -m pip install -r ../requirements-additional.txt -t /project/deps" ENV APPSODY_RUN="python -m flask run --host=0.0.0.0 --port=8080" ENV APPSODY_RUN_ON_CHANGE=$APPSODY_RUN diff --git a/incubator/python-flask/image/project/Dockerfile b/incubator/python-flask/image/project/Dockerfile index 178a62f98..49f65d5dc 100644 --- a/incubator/python-flask/image/project/Dockerfile +++ b/incubator/python-flask/image/project/Dockerfile @@ -3,23 +3,27 @@ FROM python:3.7 RUN pip install --upgrade pip RUN useradd -m worker -USER worker WORKDIR /project +# It is a real shame that WORKDIR doesn't honor the current user (or even take a chown option), so..... +RUN chown worker:worker /project +USER worker RUN pip install --upgrade --user pipenv ENV PATH=/home/worker/.local/bin:$PATH COPY --chown=worker:worker . ./ + # First we get the dependencies for the stack itself RUN pipenv lock -r > requirements.txt # Now add in any for the app, that the developer has added (there seems to be # no easy way of specifying a different location for the Pipfile, so have to # change the working directory!) WORKDIR /project/userapp -RUN pipenv lock -r > ../requirements.txt +RUN pipenv lock -r > ../requirements-additional.txt # Now process the combined requirements WORKDIR /project RUN python -m pip install -r requirements.txt -t /project/deps +RUN python -m pip install -r requirements-additional.txt -t /project/deps ENV PYTHONPATH=/project/deps ENV FLASK_APP=server/__init__.py diff --git a/incubator/python-flask/stack.yaml b/incubator/python-flask/stack.yaml index f594305e6..8a337426d 100644 --- a/incubator/python-flask/stack.yaml +++ b/incubator/python-flask/stack.yaml @@ -1,5 +1,5 @@ name: Python Flask -version: 0.2.3 +version: 0.2.4 description: Flask web Framework for Python language: python maintainers: