зеркало из https://github.com/mozilla/treeherder.git
Bug 1143350 - Use peep instead of pip locally, on Travis & in Docker
We want to start using peep in production, to alleviate security concerns with the idea of auto-updating packages from PyPI on deploy. As a first step, we switch to using peep in the Vagrant environment, on Travis and in the Docker build - so we can confirm the hashes are correct. Close bug 1143350.
This commit is contained in:
Родитель
f1aec89409
Коммит
8e67030a35
|
@ -27,8 +27,8 @@ services:
|
|||
- rabbitmq
|
||||
- memcached
|
||||
install:
|
||||
- pip install -r requirements/common.txt
|
||||
- pip install -r requirements/dev.txt
|
||||
- ./bin/peep.py install -r requirements/common.txt
|
||||
- ./bin/peep.py install -r requirements/dev.txt
|
||||
before_script:
|
||||
- flake8 --show-source
|
||||
- python setup.py build_ext --inplace
|
||||
|
|
|
@ -5,9 +5,8 @@ ENV PATH /venv/bin:$PATH
|
|||
WORKDIR /app
|
||||
RUN apt-get update && apt-get install -yq --force-yes mysql-client
|
||||
COPY ./requirements/common.txt /app/requirements.txt
|
||||
RUN pip install -r requirements.txt
|
||||
|
||||
COPY ./docker/etc/profile.d/treeherder.sh /etc/profile.d/treeherder.sh
|
||||
COPY . /app
|
||||
RUN bin/peep.py install -r requirements.txt
|
||||
RUN setup.py build_ext --inplace
|
||||
RUN mkdir -p /var/log/gunicorn && mkdir -p /var/log/treeherder/
|
||||
|
|
|
@ -34,13 +34,14 @@ def generate_vendor_lib():
|
|||
shutil.rmtree(target)
|
||||
os.mkdir(target)
|
||||
create_environment(venv, site_packages=False)
|
||||
pip = os.path.join(venv, "bin", "pip")
|
||||
venv_python = os.path.join(venv, "bin", "python")
|
||||
peep = os.path.join(base, "bin", "peep.py")
|
||||
|
||||
subprocess.check_call(
|
||||
"{0} install --no-deps -r {1} "
|
||||
'--install-option="--install-purelib={2}" '
|
||||
'--install-option="--install-data={2}"'.format(
|
||||
pip, reqs, target),
|
||||
"{0} {1} install --no-deps -r {2} "
|
||||
'--install-option="--install-purelib={3}" '
|
||||
'--install-option="--install-data={3}"'.format(
|
||||
venv_python, peep, reqs, target),
|
||||
shell=True,
|
||||
)
|
||||
finally:
|
||||
|
|
|
@ -3,10 +3,10 @@
|
|||
# file, you can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
class dev{
|
||||
exec{"pip-install-dev":
|
||||
exec{"peep-install-dev":
|
||||
user => "${APP_USER}",
|
||||
cwd => '/tmp',
|
||||
command => "${VENV_DIR}/bin/pip install -r ${PROJ_DIR}/requirements/dev.txt",
|
||||
command => "${VENV_DIR}/bin/python ${PROJ_DIR}/bin/peep.py install -r ${PROJ_DIR}/requirements/dev.txt",
|
||||
timeout => 1800,
|
||||
}
|
||||
|
||||
|
|
|
@ -64,11 +64,11 @@ class python {
|
|||
user => "${APP_USER}",
|
||||
}
|
||||
|
||||
exec{"pip-install-compiled":
|
||||
exec{"peep-install-compiled":
|
||||
require => Exec['create-virtualenv'],
|
||||
user => "${APP_USER}",
|
||||
cwd => '/tmp',
|
||||
command => "${VENV_DIR}/bin/pip install -r ${PROJ_DIR}/requirements/common.txt",
|
||||
command => "${VENV_DIR}/bin/python ${PROJ_DIR}/bin/peep.py install -r ${PROJ_DIR}/requirements/common.txt",
|
||||
timeout => 1800,
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче