Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support mounting secrets by default builder. #3082

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

Support mounting secrets by default builder. #3082

wants to merge 18 commits into from

Conversation

amitani
Copy link
Contributor

@amitani amitani commented Jan 23, 2025
edited by flyte-bot
Loading

Tracking issue

Related to flyteorg/flyte#6119

Why are the changes needed?

Our dependencies tend to include libraries from our private GitHub repositories. The credential needs to be configured for the build process.

What changes were proposed in this pull request?

pip_secret_mounts is added to ImageSpec as an additional parameter. When this is set, the secret is added by the build command, and mounted at the specific RUN command to run pip/poetry/uv install.

This parameter is excluded when calculating ImageSpec.id, allowing to use a temporary path if needed. It is consistent with the behavior that the content of these files aren't taken into account for ImageSpec.id.

In the docstring, this parameter is explained as experimental. This allows more flexibility in the future, in case other mount type, e.g. to an environment variable, needs to be added.

How was this patch tested?

I tried locally with a poetry project that has private git dependency. Without this, the build (pyflyte build) fails installing these git dependencies. With this change, it succeeds.

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

Summary by Bito

Implements support for mounting secrets during image building in Flytekit by adding pip_secret_mounts parameter to ImageSpec. This feature allows specifying secret files and mount paths for Docker builds, particularly useful for handling private GitHub repository dependencies. The implementation includes validation checks for secret paths and comprehensive error handling, while ensuring these configurations don't affect ImageSpec ID calculation.

Unit tests added: True

Estimated effort to review (1-5, lower is better): 3

@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 23, 2025
edited
Loading

Code Review Agent Run #74b08d

Actionable Suggestions - 1
  • flytekit/image_spec/default_builder.py - 1
Review Details
  • Files reviewed - 2 · Commit Range: e9913d8..d79a179
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@amitani amitani changed the title GitHub token Support using GitHub token by default builder. Jan 23, 2025
@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 23, 2025
edited
Loading

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Feature Improvement - Secret Mount Support for Image Building

default_builder.py - Added support for mounting secrets during pip/poetry/uv install commands

image_spec.py - Added pip_secret_mounts parameter to ImageSpec with validation logic

test_default_builder.py - Added tests for secret mounting functionality in DefaultImageBuilder

test_image_spec.py - Added validation tests for pip_secret_mounts parameter

pydoclint-errors-baseline.txt - Updated documentation error baseline to include new pip_secret_mounts parameter

@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 23, 2025
edited
Loading

Code Review Agent Run #951024

Actionable Suggestions - 0
Review Details
  • Files reviewed - 1 · Commit Range: d79a179..f055a8f
    • flytekit/image_spec/default_builder.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 23, 2025
edited
Loading

Code Review Agent Run #53c8cb

Actionable Suggestions - 3
  • flytekit/image_spec/default_builder.py - 3
Review Details
  • Files reviewed - 2 · Commit Range: bc26d5b..bc26d5b
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@codecov Codecov
Copy link

codecov bot commented Jan 24, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.20%. Comparing base (f2db35a) to head (e2cf740).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master    #3082       +/-   ##
===========================================
+ Coverage   46.98%   76.20%   +29.21%     
===========================================
  Files         202      202               
  Lines       21470    21493       +23     
  Branches     2767     2773        +6     
===========================================
+ Hits        10088    16379     +6291     
+ Misses      10886     4301     -6585     
- Partials      496      813      +317

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@amitani
Fix typehint
fe301d9 
Signed-off-by: amitani <[email protected]>
@amitani
Ruff format
1c2f77a 
Signed-off-by: amitani <[email protected]>
@amitani
Add test
fd74fe4 
Signed-off-by: amitani <[email protected]>
@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 24, 2025
edited
Loading

Code Review Agent Run #9436c8

Actionable Suggestions - 4
  • flytekit/image_spec/default_builder.py - 3
    • Return type annotation mismatch with implementation · Line 188-188
    • Consider using List over list type · Line 206-206
    • Consider extracting GitHub credential URL construction · Line 224-230
  • flytekit/image_spec/image_spec.py - 1
    • Consider adding GitHub credentials validation · Line 51-52
Additional Suggestions - 1
  • tests/flytekit/unit/core/image_spec/test_default_builder.py - 1
    • Consider splitting ImageSpec initialization across lines · Line 334-334
Review Details
  • Files reviewed - 3 · Commit Range: 3ad2845..fd74fe4
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
    • tests/flytekit/unit/core/image_spec/test_default_builder.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@flyte-bot
Copy link
Contributor

flyte-bot commented Feb 1, 2025
edited
Loading

Code Review Agent Run #47705e

Actionable Suggestions - 3
  • flytekit/image_spec/image_spec.py - 1
    • Consider consolidating parameter validation logic · Line 134-143
  • tests/flytekit/unit/core/image_spec/test_image_spec.py - 2
Review Details
  • Files reviewed - 3 · Commit Range: 3c95a84..0e69ed3
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
    • tests/flytekit/unit/core/image_spec/test_image_spec.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@flyte-bot
Copy link
Contributor

flyte-bot commented Feb 1, 2025
edited
Loading

Code Review Agent Run #de6a86

Actionable Suggestions - 1
  • flytekit/image_spec/image_spec.py - 1
    • Consider class constant for excluded parameters · Line 183-184
Review Details
  • Files reviewed - 3 · Commit Range: 0e69ed3..229cff2
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
    • tests/flytekit/unit/core/image_spec/test_image_spec.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

thomasjpfan
thomasjpfan reviewed Feb 3, 2025
View reviewed changes
Copy link
Member

@thomasjpfan thomasjpfan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@amitani To fix the linting issue, can you try syncing with master so that it includes this fix:

#3090

@amitani amitani changed the title Support using GitHub token by default builder. Support mounting secrets by default builder. Feb 3, 2025
@flyte-bot
Copy link
Contributor

flyte-bot commented Feb 3, 2025
edited
Loading

Code Review Agent Run #d15bb5

Actionable Suggestions - 2
  • flytekit/image_spec/image_spec.py - 1
    • Consider adding path validation checks · Line 51-53
  • flytekit/image_spec/default_builder.py - 1
Additional Suggestions - 1
  • flytekit/image_spec/image_spec.py - 1
    • Consider more descriptive lambda parameter name · Line 163-163
Review Details
  • Files reviewed - 4 · Commit Range: 3ad2845..f9f49ba
    • flytekit/image_spec/default_builder.py
    • flytekit/image_spec/image_spec.py
    • tests/flytekit/unit/core/image_spec/test_default_builder.py
    • tests/flytekit/unit/core/image_spec/test_image_spec.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@amitani
Copy link
Contributor Author

amitani commented Feb 3, 2025

@amitani To fix the linting issue, can you try syncing with master so that it includes this fix:

#3090

Done. I ended up updating the baseline again to reflect the new change.

@amitani amitani requested a review from thomasjpfan February 3, 2025 20:20
@flyte-bot
Copy link
Contributor

flyte-bot commented Feb 3, 2025
edited
Loading

Code Review Agent Run #075b08

Actionable Suggestions - 0
Review Details
  • Files reviewed - 1 · Commit Range: f9f49ba..e4e7a61
    • pydoclint-errors-baseline.txt
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flyte-bot flyte-bot flyte-bot left review comments

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@eapolinario eapolinario Awaiting requested review from eapolinario eapolinario is a code owner

@pingsutw pingsutw Awaiting requested review from pingsutw pingsutw is a code owner

@cosmicBboy cosmicBboy Awaiting requested review from cosmicBboy cosmicBboy is a code owner

@samhita-alla samhita-alla Awaiting requested review from samhita-alla samhita-alla is a code owner

@Future-Outlier Future-Outlier Awaiting requested review from Future-Outlier Future-Outlier is a code owner

@wild-endeavor wild-endeavor Awaiting requested review from wild-endeavor wild-endeavor is a code owner

@thomasjpfan thomasjpfan Awaiting requested review from thomasjpfan thomasjpfan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amitani @flyte-bot @wild-endeavor @thomasjpfan