almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-17 10:41:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Do not use poetry.lock when building the container image

Browse source 
Remove all the scaffolding in our `build-image.py` script for using the
`poetry.lock` file, now that we install PyMuPDF from the Debian repos.
This commit is contained in:
Alex Pyrgiotis 2025-01-13 17:37:19 +02:00
parent 42646877d7
commit 460b7a178b
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
7 changed files with 44 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View file

@ -85,7 +85,7 @@ jobs:
id: cache-container-image id: cache-container-image
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py', 'poetry.lock') }} key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: | path: |
share/container.tar.gz share/container.tar.gz
share/image-id.txt share/image-id.txt

9
.github/workflows/ci.yml vendored
View file

@ -59,7 +59,7 @@ jobs:
id: cache-container-image id: cache-container-image
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py', 'poetry.lock') }} key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: |- path: |-
share/container.tar.gz share/container.tar.gz
share/image-id.txt share/image-id.txt
@ -67,7 +67,6 @@ jobs:
- name: Build Dangerzone container image - name: Build Dangerzone container image
if: ${{ steps.cache-container-image.outputs.cache-hit != 'true' }} if: ${{ steps.cache-container-image.outputs.cache-hit != 'true' }}
run: | run: |
sudo apt-get install -y python3-poetry
python3 ./install/common/build-image.py python3 ./install/common/build-image.py
- name: Upload container image - name: Upload container image
@ -227,7 +226,7 @@ jobs:
- name: Restore container cache - name: Restore container cache
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py', 'poetry.lock') }} key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: |- path: |-
share/container.tar.gz share/container.tar.gz
share/image-id.txt share/image-id.txt
@ -334,7 +333,7 @@ jobs:
- name: Restore container image - name: Restore container image
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py', 'poetry.lock') }} key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: |- path: |-
share/container.tar.gz share/container.tar.gz
share/image-id.txt share/image-id.txt
@ -429,7 +428,7 @@ jobs:
- name: Restore container image - name: Restore container image
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py', 'poetry.lock') }} key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: |- path: |-
share/container.tar.gz share/container.tar.gz
share/image-id.txt share/image-id.txt

1
dodo.py
View file

@ -63,7 +63,6 @@ TESSDATA_TARGETS = list_language_data()
IMAGE_DEPS = [ IMAGE_DEPS = [
"Dockerfile", "Dockerfile",
"poetry.lock",
*list_files("dangerzone/conversion"), *list_files("dangerzone/conversion"),
*list_files("dangerzone/container"), *list_files("dangerzone/container"),
"install/common/build-image.py", "install/common/build-image.py",

117
install/common/build-image.py
View file

@ -1,6 +1,5 @@
import argparse import argparse
import gzip import gzip
import os
import platform import platform
import secrets import secrets
import subprocess import subprocess
@ -9,7 +8,6 @@ from pathlib import Path
BUILD_CONTEXT = "dangerzone/" BUILD_CONTEXT = "dangerzone/"
IMAGE_NAME = "dangerzone.rocks/dangerzone" IMAGE_NAME = "dangerzone.rocks/dangerzone"
REQUIREMENTS_TXT = "container-pip-requirements.txt"
if platform.system() in ["Darwin", "Windows"]: if platform.system() in ["Darwin", "Windows"]:
CONTAINER_RUNTIME = "docker" CONTAINER_RUNTIME = "docker"
elif platform.system() == "Linux": elif platform.system() == "Linux":
@ -84,91 +82,48 @@ def main():
with open(image_id_path, "w") as f: with open(image_id_path, "w") as f:
f.write(tag) f.write(tag)
print("Exporting container pip dependencies") # Build the container image, and tag it with the calculated tag
with ContainerPipDependencies(): print("Building container image")
if not args.use_cache: cache_args = [] if args.use_cache else ["--no-cache"]
print("Pulling base image") subprocess.run(
subprocess.run( [
[ args.runtime,
args.runtime, "build",
"pull", BUILD_CONTEXT,
"alpine:latest", *cache_args,
], "-f",
check=True, "Dockerfile",
) "--tag",
image_name_tagged,
],
check=True,
)
# Build the container image, and tag it with the calculated tag if not args.no_save:
print("Building container image") print("Saving container image")
cache_args = [] if args.use_cache else ["--no-cache"] cmd = subprocess.Popen(
subprocess.run(
[ [
args.runtime, CONTAINER_RUNTIME,
"build", "save",
BUILD_CONTEXT,
*cache_args,
"--build-arg",
f"REQUIREMENTS_TXT={REQUIREMENTS_TXT}",
"--build-arg",
f"ARCH={ARCH}",
"-f",
"Dockerfile",
"--tag",
image_name_tagged, image_name_tagged,
], ],
check=True, stdout=subprocess.PIPE,
) )
if not args.no_save: print("Compressing container image")
print("Saving container image") chunk_size = 4 << 20
cmd = subprocess.Popen( with gzip.open(
[ tarball_path,
CONTAINER_RUNTIME, "wb",
"save", compresslevel=args.compress_level,
image_name_tagged, ) as gzip_f:
], while True:
stdout=subprocess.PIPE, chunk = cmd.stdout.read(chunk_size)
) if len(chunk) > 0:
gzip_f.write(chunk)
print("Compressing container image") else:
chunk_size = 4 << 20 break
with gzip.open( cmd.wait(5)
tarball_path,
"wb",
compresslevel=args.compress_level,
) as gzip_f:
while True:
chunk = cmd.stdout.read(chunk_size)
if len(chunk) > 0:
gzip_f.write(chunk)
else:
break
cmd.wait(5)
class ContainerPipDependencies:
"""Generates PIP dependencies within container"""
def __enter__(self):
try:
container_requirements_txt = subprocess.check_output(
["poetry", "export", "--only", "container"], universal_newlines=True
)
except subprocess.CalledProcessError as e:
print("FAILURE", e.returncode, e.output)
print(f"REQUIREMENTS: {container_requirements_txt}")
# XXX Export container dependencies and exclude pymupdfb since it is not needed in container
req_txt_pymupdfb_stripped = container_requirements_txt.split("pymupdfb")[0]
with open(Path(BUILD_CONTEXT) / REQUIREMENTS_TXT, "w") as f:
if ARCH == "arm64":
# PyMuPDF needs to be built on ARM64 machines
# But is already provided as a prebuilt-wheel on other architectures
f.write(req_txt_pymupdfb_stripped)
else:
f.write(container_requirements_txt)
def __exit__(self, exc_type, exc_value, exc_tb):
print("Leaving the context...")
os.remove(Path(BUILD_CONTEXT) / REQUIREMENTS_TXT)
if __name__ == "__main__": if __name__ == "__main__":

2
install/linux/vendor-pymupdf.py
View file

@ -28,7 +28,7 @@ def main():
) )
logger.info("Getting PyMuPDF deps as requirements.txt") logger.info("Getting PyMuPDF deps as requirements.txt")
cmd = ["poetry", "export", "--only", "container"] cmd = ["poetry", "export", "--only", "debian"]
container_requirements_txt = subprocess.check_output(cmd) container_requirements_txt = subprocess.check_output(cmd)
# XXX: Hack for Ubuntu Focal. # XXX: Hack for Ubuntu Focal.

2
poetry.lock generated
View file

@ -1244,4 +1244,4 @@ type = ["pytest-mypy"]
[metadata] [metadata]
lock-version = "2.0" lock-version = "2.0"
python-versions = ">=3.9,<3.13" python-versions = ">=3.9,<3.13"
content-hash = "68663ce40ba8a7c7f7cc7868e5f771472555773ff2ef04dad7e0150218ca3eb0" content-hash = "2d7753fa7ee1056d871fe67d718cfa2ea9acdfada1c6c3b1e41f98d5220d3879"

2
pyproject.toml
View file

@ -57,7 +57,7 @@ strip-ansi = "*"
pytest-subprocess = "^1.5.2" pytest-subprocess = "^1.5.2"
pytest-rerunfailures = "^14.0" pytest-rerunfailures = "^14.0"
[tool.poetry.group.container.dependencies] [tool.poetry.group.debian.dependencies]
pymupdf = "1.24.11" # Last version to support python 3.8 (needed for Ubuntu Focal support) pymupdf = "1.24.11" # Last version to support python 3.8 (needed for Ubuntu Focal support)
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]