Fixes for issues 12, 13, 14 #15
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There are two main reasons why we don't want to run as root inside the containers: 1. Running as root is bad practice and a security risk. 2. All files generated within the container (eg `__pycache__` and artifacts etc) are owned by the root user on the host, resulting in file ownership issues in the user's project directory. My approach in this commit is to create Docker images that execute commands as the user running `hatch`. In the vast majority of cases the user will be the only user on the system, but on shared machines we need to handle this gracefully. My solution is to treat every UID:GID combination as a unique identity and create a Docker image with a name that looks like this: python_3.11-alpine_1000_1000 In this case the UID and GID are both `1000`. Every time this particular user executes `hatch run` for this environment, `hatch-containers` will select this container (if it already exists). This fixes: - ofek#12 - ofek#13
|
Ah, sorry, tests were passing locally but I didn't run them again after re-preparing the commits for the PR. |
|
The last commit is to fix this lint error. The other three commits before that fix some differences between my local environment (where tests were passing) and the GitHub runner environment (where tests were failing). Everything passes now: https://github.com/jamielinux/hatch-containers/actions/runs/4488195949 In hindsight, I should have tested in the GitHub runner environment from the beginning! |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Run containers as the uid and gid of the user
There are two main reasons why we don't want to run as root inside the containers:
__pycache__and artifacts etc) are owned by the root user on the host, resulting in file ownership issues in the user's project directory.My approach in this commit is to create Docker images that execute commands as the user running
hatch.In the vast majority of cases the user will be the only user on the system, but on shared machines we need to handle this gracefully. My solution is to treat every UID:GID combination as a unique identity and create a Docker image with a name that looks like this:
In this case the UID and GID are both
1000. Every time this particular user executeshatch runfor this environment,hatch-containerswill select this container (if it already exists).This fixes:
image = python:{version}has no effect if the containers already exist #13Use shtuil.move() instead of os.replace()
Fixes:
Discussion
Let me know what you think about my approach. Happy to rework the PR as needed.
What operating systems does
hatch-containerscurrently support? If it's not just Unix then I've got some rethinking to do as I've paid no attention to Windows (and have no idea how Docker and file permissions work there).