在本地(非Azure)docker示例中使用Azure提要中的python包

dw1jzc5e  于 2023-06-21  发布在  Docker
关注(0)|答案(2)|浏览(115)

我已经创建了一个PoC Azure管道来在feed中创建一个包,如下所示:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.7'
    addToPath: true
    architecture: 'x64'
  displayName: 'Deploy Python 3.7'

- script: |
    python -m pip install --upgrade pip
    pip install twine
  displayName: 'Install dependencies'

- script: |
    python setup.py sdist
  displayName: 'Package creation'

- task: TwineAuthenticate@1
  inputs:
    artifactFeed: 'Project/Feed'
  displayName: 'Set Artifact Authentiation'

- script: 'twine upload -r Feed --config-file $(PYPIRC_PATH) dist/*'
  displayName: 'Publish Artifact'

我尝试在我的笔记本电脑(不是Azure)上的Docker示例中使用以下命令进行pip安装:

FROM python:3.7.9-buster

ADD . /package-consumer/

RUN wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && dpkg -i packages-microsoft-prod.deb

RUN apt-get update && apt-get install -y apt-transport-https && apt-get install -y dotnet-sdk-5.0

RUN pip install keyring artifacts-keyring

RUN  pip install --index-url=https://pkgs.dev.azure.com/Org/Project/_packaging/Feed/pypi/simple/ Package

CMD cd /package-consumer && python Consume/UsePackages.py

正如我所料

[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/causewayltd/Mobile/_packaging/Mobile/pypi/simple/
[Minimal] [CredentialProvider]ATTENTION: User interaction required. 

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code **** to authenticate.

    **********************************************************************

[Error] [CredentialProvider]Device flow authentication failed. User was presented with device flow, but didn't react within 90 seconds.

我尝试了各种设置,如ENV ARTIFACTS_KEYRING_NONINTERACTIVE_MODE true等。一切都无济于事。
是否可以在非Azure Docker容器中pip安装Azure包。如果是,如何进行?任何帮助感激不尽。
PS -我已经搜索了网络,但似乎不能得到一个明确的答案如何实现上述目标。谢谢

t3psigkw

t3psigkw1#

找到了一个解决方案(可能有点黑客)。在Azure https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page中生成令牌并复制令牌。
在Dockerfile中,确保pip install keyring artifacts-keyring不存在。
那就干脆

RUN  pip install --index-url=https://<azure_pat>@pkgs.dev.azure.com/Org/Project/_packaging/Feed/pypi/simple/ Package

复制<azure_pat>的令牌在哪里。

plicqrtu

plicqrtu2#

如果你已经使用artifacts-keyring在本地机器上安装了feed中的包,你可以在你的dockerfile中使用这个来共享本地存储的缓存凭证:

# install the artifacts-keyring which will be used to authenticate to the private feed
RUN pip install twine keyring artifacts-keyring
# create the directory where the session token cache will be stored
RUN mkdir -p /root/.local/share/MicrosoftCredentialProvider
# temporarily mount the session token cache from the build context to the container and use it to install the package
RUN --mount=type=secret,id=SessionTokenCache_dat,dst=/root/.local/share/MicrosoftCredentialProvider/SessionTokenCache.dat \
  pip install MyPrivatePackage --index-url=https://pkgs.dev.azure.com/<MyOrg>/_packaging/<MyRepo>/pypi/simple/  \

然后构建您的映像,将缓存的凭据作为机密提供:

DOCKER_BUILDKIT=1 docker build --secret id=SessionTokenCache_dat,src=$HOME/.local/share/MicrosoftCredentialProvider/SessionTokenCache.dat .

Windows用户需要适当地更改令牌缓存的位置。
这个答案改编自官方文档,用于使用工件凭证提供程序安全地安装nuget包

相关问题