|
29 | 29 | --mount=type=bind,target=uv.lock,src=uv.lock \ |
30 | 30 | --mount=type=bind,target=pyproject.toml,src=pyproject.toml \ |
31 | 31 | $PIP_SECRET_MOUNT \ |
32 | | - uv sync $PIP_INSTALL_ARGS |
| 32 | + uv sync $PIP_INSTALL_ARGS && \ |
| 33 | + chown -R flytekit /root/.venv |
33 | 34 | WORKDIR / |
34 | 35 |
|
35 | 36 | # Update PATH and UV_PYTHON to point to the venv created by uv sync |
|
54 | 55 | --mount=type=bind,target=poetry.lock,src=poetry.lock \ |
55 | 56 | --mount=type=bind,target=pyproject.toml,src=pyproject.toml \ |
56 | 57 | $PIP_SECRET_MOUNT \ |
57 | | - poetry install $PIP_INSTALL_ARGS |
58 | | -
|
| 58 | + poetry install $PIP_INSTALL_ARGS && \ |
| 59 | + chown -R flytekit /root/.venv |
59 | 60 | WORKDIR / |
60 | 61 |
|
61 | 62 | # Update PATH and UV_PYTHON to point to venv |
62 | | -ENV PATH="/root/.venv/bin:$$PATH" \ |
| 63 | +ENV PATH="/root/.venv/bin:$$PATH" \ |
63 | 64 | UV_PYTHON=/root/.venv/bin/python |
64 | 65 | """ |
65 | 66 | ) |
|
81 | 82 | $APT_PACKAGES |
82 | 83 | """) |
83 | 84 |
|
| 85 | +# make sure that micromamba python installation is owned by flytekit user |
84 | 86 | MICROMAMBA_INSTALL_COMMAND_TEMPLATE = Template("""\ |
85 | 87 | RUN --mount=type=cache,sharing=locked,mode=0777,target=/opt/micromamba/pkgs,\ |
86 | 88 | id=micromamba \ |
|
91 | 93 | python=$PYTHON_VERSION $CONDA_PACKAGES \ |
92 | 94 | || micromamba install -n runtime --root-prefix /opt/micromamba \ |
93 | 95 | -c conda-forge $CONDA_CHANNELS \ |
94 | | - python=$PYTHON_VERSION $CONDA_PACKAGES ) |
| 96 | + python=$PYTHON_VERSION $CONDA_PACKAGES ) && \ |
| 97 | + chown -R flytekit /opt/micromamba |
95 | 98 | """) |
96 | 99 |
|
97 | 100 | DOCKER_FILE_TEMPLATE = Template("""\ |
|
108 | 111 | [ -f /etc/ssl/certs/ca-certificates.crt ] || \ |
109 | 112 | mkdir -p /etc/ssl/certs/ && cp /tmp/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt |
110 | 113 |
|
| 114 | +RUN id -u flytekit || useradd --create-home --shell /bin/bash flytekit |
| 115 | +RUN chown -R flytekit /root && chown -R flytekit /home |
| 116 | +
|
111 | 117 | $INSTALL_PYTHON_TEMPLATE |
112 | 118 |
|
113 | 119 | # Configure user space |
|
119 | 125 | SSL_CERT_DIR=/etc/ssl/certs \ |
120 | 126 | $ENV |
121 | 127 |
|
122 | | -$UV_PYTHON_INSTALL_COMMAND |
| 128 | +$PYTHON_INSTALL_COMMAND |
123 | 129 |
|
124 | 130 | # Adds nvidia just in case it exists |
125 | 131 | ENV PATH="$$PATH:/usr/local/nvidia/bin:/usr/local/cuda/bin" \ |
|
134 | 140 | RUN --mount=type=cache,sharing=locked,mode=0777,target=/root/.cache/uv,id=uv \ |
135 | 141 | --mount=from=uv,source=/uv,target=/usr/bin/uv $RUN_COMMANDS |
136 | 142 |
|
137 | | -RUN id -u flytekit || useradd --create-home --shell /bin/bash flytekit |
138 | | -RUN chown -R flytekit /root && chown -R flytekit /home |
139 | | -
|
140 | 143 | WORKDIR /root |
141 | 144 | SHELL ["/bin/bash", "-c"] |
142 | 145 |
|
@@ -340,7 +343,7 @@ def create_docker_context(image_spec: ImageSpec, tmp_dir: Path): |
340 | 343 | ) |
341 | 344 | raise ValueError(msg) |
342 | 345 |
|
343 | | - uv_python_install_command = prepare_python_install(image_spec, tmp_dir) |
| 346 | + python_install_command = prepare_python_install(image_spec, tmp_dir) |
344 | 347 | env_dict = {"PYTHONPATH": "/root"} |
345 | 348 |
|
346 | 349 | if image_spec.env: |
@@ -426,11 +429,11 @@ def create_docker_context(image_spec: ImageSpec, tmp_dir: Path): |
426 | 429 | _f_img_id_env = f"{_F_IMG_ID}={image_spec.id}" |
427 | 430 |
|
428 | 431 | docker_content = DOCKER_FILE_TEMPLATE.substitute( |
429 | | - UV_PYTHON_INSTALL_COMMAND=uv_python_install_command, |
430 | | - APT_INSTALL_COMMAND=apt_install_command, |
431 | 432 | INSTALL_PYTHON_TEMPLATE=python_install_template.template, |
432 | 433 | EXTRA_PATH=python_install_template.extra_path, |
433 | 434 | PYTHON_EXEC=python_install_template.python_exec, |
| 435 | + APT_INSTALL_COMMAND=apt_install_command, |
| 436 | + PYTHON_INSTALL_COMMAND=python_install_command, |
434 | 437 | BASE_IMAGE=base_image, |
435 | 438 | ENV=env, |
436 | 439 | _F_IMG_ID_ENV=_f_img_id_env, |
|
0 commit comments