Updating Python in Bazel's Docker Image

[Josh Katz]

Hello everyone,

We've been using the `l.gcr.io/google/bazel` image in our CI at Caper. Recently we started porting over some Python projects and noticed that many libraries failed to install through the pip rules from rules_python. It seems like this has been caused by our direct or indirect dependencies requiring Python versions after 3.6+.

One such dependency that requires 3.6 or greater is Slack's API client: https://pypi.org/project/slackclient/

In the short term would it be possible to update the python version in the container? It looks like other parts of Google's OSS libraries provide cp3.8 (Tensorflow 2.3.0) so I'm assuming that version of Python is available.

In the long term would it be possible to make a document that instructs the Bazel community on how we could go about building this image? Maybe have it as a separate github repo with a CI that runs tests for all of the Bazel Federation projects so we know updates don't break backwards compatibility? 

Thanks,

- Josh Katz @ Caper.ai

[Tobias Werth]

+Nicolas Lopez 

--
You received this message because you are subscribed to the Google Groups "bazel-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bazel-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-dev/ab747fa7-e18c-4b89-ad8a-516e207baf95n%40googlegroups.com.

[Ulf Adams]

+philwo

I was under the impression that the Bazel docker images were created by Bazel team.

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-dev/CACJA90%2BWA%2BorOfPyEVBrj%2BDoatschZmSgEHW2_EmcX_AvBac-Q%40mail.gmail.com.

[Nicolas Lopez]

+Suvanjan Mukherjee +Oleksandr Mogilevskyi 

[Suvanjan Mukherjee]

+Foundry Core Infrastructure Team 

The Bazel docker image is built using github.com/bazelbuild/rules_docker + Bazel. The source code for the image is here. The image is built using Google Cloud Build (config).

The python 3 version is determined here which currently just installs the "python3-dev" package from the default package repo in the Ubuntu 16.04 image. I assume upgrading the python version will require switching to a different repository that includes python 3.8? Feel free to create PRs that try this. See here for how to change the default repo.

Another option might be to switch the Bazel image to Ubuntu 18.04. I assume Ubuntu 18.04 ships with a higher version of python 3 that might be sufficient here? I'll probably defer on what to do here to the Bazel team (philwo).

I'll defer the long term documentation plan to the Bazel team (philwo) as well.

[Josh Katz]

Thanks for the info Suvanjan Mukherjee,

It looks like Ubuntu 18.04 ships with 3.6 and only has builds up to 3.7.

  python3-dev (3.6.5-3) header files and a static library for Python (default)
  python3.6-dev (3.6.9-1~18.04ubuntu1.1 [amd64, i386], 3.6.5-3 [arm64, armhf, ppc64el, s390x]) [security] Header files and a static library for Python (v3.6)
  python3.7-dev (3.7.3-2~18.04.1 [amd64, i386], 3.7.0~b3-1 [arm64, armhf, ppc64el, s390x]) [universe] [security] Header files and a static library for Python (v3.7)

I made a PR that changes the `python3-dev` to `python3.7-dev` in the layer-definitions/layers/ubuntu1804. This would be a large improvement for pulling in OSS software. However I left a note about something that concerns me on the PR. It looks like some things use ubuntu1804 for RBE while the base image is using ubuntu1604 for everything. Python 3.7 should be backwards compatible but I don't know if native libraries will play nice with that. Just something we should look for before that hits master.

For a more long term discussion (that resolves the previous concern as well) it looks like the only ubuntu versions that have 3.8+ are 19.10 and 20.04LTS. Maybe we should look to moving the entire image into 20.04? To do this it looks like you pull base layers from GCR by hash. Unfortunately that gcr doesn't contain an Ubuntu 20.04LTS base image (I couldn't find one when searching this).

Of course the other option would be going the google/dropbox route and moving away from a distribution-managed package and just compile the python runtime from source. I don't know if some people would approve of that though. Or we could look into using distroless and build a completely distroless  container bazel container that only contains bash, gcc/llvm, python{2,3}, java{8,11}, golang, etc and just cherry pick the exact versions we want.

Thanks,

- Josh

[Ulf Adams]

My mistake, I was thinking of gcr.io/bazel-public/ubuntu1804-bazel-java11.

It looks like l.gcr.io/google/bazel is using gcr.io/gcp-runtimes/ubuntu_16_0_4 as the base image (https://github.com/GoogleCloudPlatform/layer-definitions/blob/master/layers/ubuntu1604/base/deps.bzl). Who is maintaining that?

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-dev/3f7cf62f-f683-48e0-9711-60f7f853e39bn%40googlegroups.com.

[Or Shachar]

So I think we lost the momentum here...  

Where is it standing? Are we still not sure who maintains the base image?

[Philipp Wollermann]

The Bazel OSS team will take ownership of the Bazel Docker container in the future and we expect this to be ready in time for the Bazel 4.0 release. We can resolve these kind of issues in the new container then. 👍

Feel free to subscribe here for progress: https://github.com/bazelbuild/continuous-integration/issues/1060

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-dev/587a4b90-16a4-46f4-b91f-0d189ceb192bn%40googlegroups.com.

--

Philipp Wollermann | Software Engineer | phi...@google.com
Google Germany GmbH | Erika-Mann-Straße 33 | 80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg