worried-painter-31382
03/20/2023, 11:01 AMdocker_image
targets?worried-painter-31382
03/20/2023, 11:23 AMbitter-ability-32190
03/20/2023, 12:57 PMworried-painter-31382
03/20/2023, 1:05 PMThe more nuanced answer is that if we allowed sources it'd be difficult to make sure the sandbox has what youd expect for package dependencies, since we'd expose the package and all the input sources.How so? packages end up in
DistDir
afaict, there's no file-level ambiguity when collecting docker context, right? If a dockerfile contains a COPY
that matches an addresses filepath, I dont see how that could be misinterpreted?
To be fair you can do what I want by just `file`:ing everything.bitter-ability-32190
03/20/2023, 1:42 PMworried-painter-31382
03/20/2023, 1:50 PMPants internals doesn't package into dist for docker contexts thoughSo it does, bummer! Although, packaging has the convention of generating a dotted string as a containing directory, chances of collisions with sources ought to be slim, and detectable (warn or error), so I still don't see this as a showstopper, particularly?
Oh right and then there's the issue of file v resourceI understand that python wants to differentiate these, I dont know that docker_image has to care? Just copy the path if it matches something š¤·š»āāļø
worried-painter-31382
03/20/2023, 1:52 PMworried-painter-31382
03/20/2023, 1:55 PMworried-painter-31382
03/20/2023, 1:57 PMdocker build . -f <my-file>
working while pants package <my-file>
fails with filenotfound, and the solution being add boilerplate.bitter-ability-32190
03/20/2023, 2:09 PMworried-painter-31382
03/20/2023, 2:45 PMbut it hasn't been done yet. It's completely doable, yes, but it hasn't been done yet. And not in a way that is consistent with the rest of the pants ecosystem.I'm just prodding to wrack up ammo for an issue to open for this particular use case so I can get to it and make it so, because I like the idea. The codebase is malleable enough, I think, and letting
docker_image
depend on any target with a SourceField
doesn't really change anything fundamental in the API? There's no implicit behaviour added either really, because of docker features.
So I agree we should be able to do this. I've been complaining about this flavor of assumptions for half a year now š .I did find your design doc for file_deps. I think the paradigm shift is not necessary to make usage of this particular backend (docker) easier to work with.
bitter-ability-32190
03/20/2023, 3:35 PMworried-painter-31382
03/20/2023, 3:42 PMCOPY path/to/dir
is what you're thinking off?
Naive approach? Just hydrate the transitive dependencies under the directory?worried-painter-31382
03/20/2023, 3:43 PMbitter-ability-32190
03/20/2023, 3:45 PMCOPY
instructions might start getting more than expected šworried-painter-31382
03/20/2023, 3:56 PMIf you have a target with a source field that depends on another target, user expectation would be to copy both. There is a dependency, after all. So transitive targets are a must.Are we talking build context or docker container? The latter I disagree with, and the former I think is what I think just works?
We might've solved the OP case by just looking at direct deps, but now we're still not doing what the user expects in the "normal Pants case" šThere is no precedent what pants does in the normal case for docker_images, it doesn't support sources at all, currently. Conflating pex/python_distribution (search through an entry point) and docker_image copy instructions seem like an anti-pattern to me.
And just populating the sandbox with transitive deps isn't drop-in. Sandbox creation could take leagues more time due to the duplication of packageables and their deps, and like you point out existingYou're describing misuse though, I dont think that's a metric to optimize for? Potentially something to warn for though. And to theinstructions might start getting more than expected šCOPY
COPY
grabbing too much, sure that is not covered.
What I want:
#Dockerfile
COPY some.packaged.thing/app.pex
COPY a/file.txt
COPY standalone/python/thing.py
COPY some/dir/with/docs
When this gets hairy:
#Dockerfile
COPY some.packaged.thing/app.pex
COPY some/packaged/thing # <-- this is not great, then, but dont you think this is also kinda unintuitive considering the above line?
bitter-ability-32190
03/20/2023, 4:03 PMCOPY
line) or an explicit dep.
Instead of considering what Pants should do for inferred deps, we have to consider it in the very generic case of "the dependency exists", explicit or implicit.
And in that case, if a user has specified a target with a dependency, it's completely reasonable to expect the dependencies to exist in the context.worried-painter-31382
03/20/2023, 4:12 PMIf you have a target with a source field that depends on another target, user expectation would be to copy both. There is a dependency, after all. So transitive targets are a must.Can I not find transitive targets given COPY instructions and explicit deps, hydrate the "transitive_tgt.closure" sources in the sandbox, place build ctx at the root and let docker do its thing? What am I missing?
worried-painter-31382
03/20/2023, 4:14 PMbecause otherwise we don't have enough info to know how to consume transitive dependencies.I think I do?
bitter-ability-32190
03/20/2023, 4:21 PMCOPY
instructions, since inferred deps and explicit deps are the same to Pants: just direct dependencies.
For a docker image target, it depends on a file
which itself has a python_source
dependency.
In the build context we should populate the file and it's dependencies and their dependencies.
Therefore we just populated the transitive targets of all our direct dependencies, and if we aren't careful that has unexpected consequencesworried-painter-31382
03/20/2023, 4:29 PMFor the moment, forgetSure, I'm just making sure I'm not lost on the way. The goal should be to construct a correct build ctx given the docker instructions, after all. Okey, I think I need elaboration oninstructions, since inferred deps and explicit deps are the same to Pants: just direct dependencies.COPY
and if we aren't careful that has unexpected consequencesfor this to fall into place for me. I agree with what you said until this point. I don't see how that is any different from assembling a pex, except I let it use
SourceField
instead of PythonSourceField
?
Thank you for humouring me btw šbitter-ability-32190
03/20/2023, 4:37 PMbitter-ability-32190
03/20/2023, 4:46 PMI don't see how that is any different from assembling a pex, except I let it useSandbox creation is exactly 1:1 with "building a PEX" or any other process for that matter. The difference is a PEX gobbles up everything in the sandbox (-ish, but lets simplify). In Docker we can't really assume anything because the user caninstead ofSourceField
?PythonSourceField
COPY
wherever/whatever.
Consider a dockerfile with an explicit dependency on a pex_binary
whose instructions are just along the lines of COPY buildroot/
worried-painter-31382
03/20/2023, 5:54 PMConsider a dockerfile with an explicit dependency on aI think most users would find success bywhose instructions are just along the lines ofpex_binary
COPY buildroot/
COPY buildroot/
trying to find the targets in buildroot
and iterate dependencies and hydrate the full thing, so that their build ctx doesn't error out on them.
The issue you're describing is real, agree, but it isn't difficult for the user who knows enough pants-foo to add explicit targets in BUILD-files to also add an ignore pattern for everything else that might be inferred by the COPY buildroot/
, if it is a performance issue? My suspicion is that the current BuiltPackage
inference usage is more prevalent, but I have no data on this other than what my org does.bitter-ability-32190
03/20/2023, 5:58 PMworried-painter-31382
03/20/2023, 6:01 PMCOPY buildroot/
in your example, what are you illustrating?bitter-ability-32190
03/20/2023, 6:02 PMworried-painter-31382
03/20/2023, 6:03 PMAddressFamily
or w/e it's called at /build_root
, and just materialize/hydrate all the things?bitter-ability-32190
03/20/2023, 6:04 PMbitter-ability-32190
03/20/2023, 6:04 PMbitter-ability-32190
03/20/2023, 6:08 PMworried-painter-31382
03/20/2023, 6:14 PMPlugins and codegen can populate files anywhere in the sandbox, so inference alone doesn't solve the "what belong in the sandbox" question.True, but they could be explicit dependencies though, right?
bitter-ability-32190
03/20/2023, 6:14 PMbitter-ability-32190
03/20/2023, 6:15 PMworried-painter-31382
03/20/2023, 6:53 PMBut for two, that's assuming the user wants everything under a directory and not some subsetThat is mapped to a target, yes I think so? That's already better than what
docker build .
does, imo, because that exposes everything...
There's also .dockerignore
to guide this op.bitter-ability-32190
03/20/2023, 7:32 PMworried-painter-31382
03/20/2023, 7:37 PMI really don't think thats an assumption we can make for the user though. Especially since existing dockerfiles with pants already make assumptions about, well, not this šAn option and/or feature flag can flip that switch, I dont think that's an issue in general?
worried-painter-31382
03/20/2023, 7:42 PMI really don't think thats an assumption we can make for the user though.The current behaviour is also a decision, though. Authoring a docker_image target is the highest point of friction I encountered with devs in my org, and there's slack threads in #general asking what is going on
worried-painter-31382
03/20/2023, 7:44 PMbitter-ability-32190
03/20/2023, 7:45 PM