feat(byon): Create task and pipeline resource for image validation #24
Conversation
sesheta
added
the
do-not-merge/work-in-progress
sesheta
added
the
needs-ok-to-test
|
Hi @mimotej. Thanks for your PR. I'm waiting for a thoth-station member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
sesheta
added
the
size/M
charts/meteor-pipelines/templates/validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
charts/meteor-pipelines/templates/validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
| PACKAGES=$(pip list --disable-pip-version-check --format json) | ||
|
|
||
| if [[ $? != 0 ]]; then |
There was a problem hiding this comment.
Same as above - let's do command -v pip first, instead of checking exit status.
There was a problem hiding this comment.
Actually, let's rather ask than reinvent stuff....
@fridex, @codificat, @pacospace do you know about any simple and native way to fetch the explicitly installed in Python packages only? Something that would skip all the nested dependencies so we can get a clean list. E.g. do not show Werkzeug if flask is installed.
I would like to avoid installing additional dependencies here if possible, so we don't compromise/modify the analyzed stack (pip-chill comes to mind). Also we need to be sure it would work with any possible python version since we should be able to analyze any imaginable stack.
There was a problem hiding this comment.
I was thinking that --not-required option in pip list might do the trick. According to documentation https://pip.pypa.io/en/stable/cli/pip_list/ it is used to list packages that are not dependencies of installed packages. And from my testing (picture below) it seems to do exactly what we want unless there is some catch that I didn't notice. Also I am not sure when was this option added and if it is available in older versions of pip. WDYT @tumido
There was a problem hiding this comment.
The problem with this solution is that we cannot identify the index from where the package has been installed (just something to consider, even though we are not worrying about index yet for this first iteration). Moreover it seems you basically want to discard the transitive dependencies right? Should we ask today? maybe the UI can hide the transitive ones unless the admin wants to see them? wdyt?
There was a problem hiding this comment.
@pacospace We should definitely discuss this. I don't think you wan't to display transitive deps at all. The same for indexes. Mind this list is used by users on the spawner. I think they are interested in explicit deps only. The argument is - do you want to see this:
Or full pip list from the same package:
It's a very different story if you want to show user list of 159 packages compared to 2 important ones currently displayed for the same image in the UI.
The --not-required flag looks like a great find @mimotej 👍 That way the list of 159 packages shrinks to 10. Which I think is a good starting point:
There was a problem hiding this comment.
@mimotej
--not-requiredis inpipsince v9.0.0 (released Nov 2016) https://pip.pypa.io/en/stable/news/#v9-0-0, I think this should be safe to use slightly_smiling_face
we can do a diff between base command and this command maybe? so we don't use other packages?
There was a problem hiding this comment.
@pacospace not sure if pipenv or thamos is the right answer. We can't assume either is installed and our validation should not fail due to them being unavailable. 🙁 Is there a binary/python version independent version of either libs that we can simply mount to the image or something?
There was a problem hiding this comment.
@pacospace not sure if
pipenvorthamosis the right answer. We can't assume either is installed and our validation should not fail due to them being unavailable. slightly_frowning_face Is there a binary/python version independent version of either libs that we can simply mount to the image or something?
we will need to think about indexes also as pip list won't tell you from where the package came from.
cc @fridex for more info
There was a problem hiding this comment.
We have this thread https://discuss.python.org/t/pip-installation-reports/12316 and thoth-station/micropipenv#206 I think this will be sooner-or-later implemented upstream. I hadn't time to push any implementation, but it looks like a feature that is desperately lacking in the Python community.
There was a problem hiding this comment.
E.g. do not show
Werkzeugifflaskis installed.
Are these images built by AICoE-CI? AICoE-CI puts information about direct dependencies to /opt, you can eventually read that file. When it comes to pip, I don't know about any option that could be helpful in this case (if I understand your case correctly).
|
|
||
| # Save existing Python packages | ||
| echo "Checking for existing Python packages" | ||
| PACKAGES=$(pip list --disable-pip-version-check --format json) |
There was a problem hiding this comment.
I'm not sure we want to list all the packages here.. is there a way to recognize which packages are explicitly installed and which are dependency packages?
charts/meteor-pipelines/templates/validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
charts/meteor-pipelines/templates/validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
mimotej
force-pushed
the
task-image-validation
branch
from
7d34af5 to
15d7e30
Compare
mimotej
force-pushed
the
task-image-validation
branch
2 times, most recently
from
ab8f8d3 to
c22d65c
Compare
sesheta
removed
the
do-not-merge/work-in-progress
|
/ok-to-test |
sesheta
added
ok-to-test
and removed
needs-ok-to-test
mimotej
force-pushed
the
task-image-validation
branch
from
c22d65c to
624e025
Compare
charts/meteor-pipelines/templates/byon-validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
I think nested echo $(echo) is not required.
Also recommendation messages should be provided in format:
{"severity":"X","message":"Y"}
{"severity":"X","message":"Y"}Instead of the current (in PR):
[{"severity":"X","message":"Y"}]
[{"severity":"X","message":"Y"}]
charts/meteor-pipelines/templates/byon-validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
charts/meteor-pipelines/templates/byon-validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
charts/meteor-pipelines/templates/byon-validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
charts/meteor-pipelines/templates/byon-validate-jupyterhub-image.yaml
Outdated
Show resolved
Hide resolved
Signed-off-by: Michal Drla <[email protected]>
mimotej
force-pushed
the
task-image-validation
branch
from
624e025 to
3c7f095
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tumido The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
sesheta
added
the
approved
Resolves: #21
Tekton task, which runs script inside an image given as parameter. Script checks if there is a installed Python and checks if there are any additional pip packages. If either of these are invalid script prints message and exits with exit code 1. Otherwise Python version and pip packages can be found in results in JSON format.