You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/10/09 17:23:03 UTC

[GitHub] [airflow] potiuk opened a new pull request #11382: Constraints and PIP packages can be installed from local sources

potiuk opened a new pull request #11382:
URL: https://github.com/apache/airflow/pull/11382


   This is the final part of implementing #11171 based on feedback
   from enterprise customers we worked with. They want to have
   a capability of building the image using binary wheel packages
   that are locally available and the official Dockerfile. This means
   that besides the official APT sources the Dockerfile build should
   not needd GitHub, nor any other external files pulled from outside
   including PIP repository.
   
   This change also includes documentation on how to prepare set of
   such binaries ready for inspection and review by security teams
   in Enterprise environment. Such sets of "known-working-binary-whl"
   files can then be separately committed, tracked and scrutinized
   in an artifact repository of such an Enterprise.
   
   Fixes: #11171
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] github-actions[bot] commented on pull request #11382: Constraints and PIP packages can be installed from local sources

Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #11382:
URL: https://github.com/apache/airflow/pull/11382#issuecomment-706333547


   [The Workflow run](https://github.com/apache/airflow/actions/runs/298009022) is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks$,^Build docs$,^Spell check docs$,^Backport packages$,^Checks: Helm tests$,^Test OpenAPI*.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #11382: Constraints and PIP packages can be installed from local sources

Posted by GitBox <gi...@apache.org>.
potiuk commented on pull request #11382:
URL: https://github.com/apache/airflow/pull/11382#issuecomment-706305935


   cc: @jaketf 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on a change in pull request #11382: Constraints and PIP packages can be installed from local sources

Posted by GitBox <gi...@apache.org>.
potiuk commented on a change in pull request #11382:
URL: https://github.com/apache/airflow/pull/11382#discussion_r502634303



##########
File path: docs/production-deployment.rst
##########
@@ -189,6 +189,71 @@ based on example in `this comment <https://github.com/apache/airflow/issues/8605
     --build-arg ADDITIONAL_RUNTIME_ENV_VARS="ACCEPT_EULA=Y" \
     --tag my-image
 
+Customizing images in high security restricted environments
+...........................................................
+
+You can also make sure your image is only build using local constraint file and locally downloaded
+wheel files. This is often useful in Enterprise environments where the binary files are verified and
+vetted by the security teams.
+
+This builds below builds the production image in version 3.7 with packages and constraints used from the local
+``docker-context-files`` rather than installed from PyPI or GitHub. It also disables MySQL client
+installation as it is using external installation method.
+
+Note that as a prerequisite - you need to have downloaded wheel files. In the example below we
+first download such constraint file locally and then use ``pip download`` to get the .whl files needed
+but in most likely scenario, those wheel files should be copied from an internal repository of such .whl
+files. Note that ``AIRFLOW_INSTALL_VERSION`` is only there for reference, the apache airflow .whl file
+in the right version is part of the .whl files downloaded.
+
+Note that 'pip download' will only works on linux host as some of the packages need to be compiled from

Review comment:
       ```suggestion
   Note that 'pip download' will only works on Linux host as some of the packages need to be compiled from
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk merged pull request #11382: Constraints and PIP packages can be installed from local sources

Posted by GitBox <gi...@apache.org>.
potiuk merged pull request #11382:
URL: https://github.com/apache/airflow/pull/11382


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org