Cannot run python containers on Google Cloud Build
624 views
Skip to first unread message
Sagar Gokhale
Feb 23, 2022, 10:05:34 AM2/23/22
to Google Cloud Developers
Hey all,
I cannot seem to run python containers built to run as a user, on google cloud build. As soon as I remove the USER (and related commands) from the Dockerfile, everything works.
The container works outside Google cloud build just fine (verified by pulling the exact container built locally and running it)
The container works outside Google cloud build just fine (verified by pulling the exact container built locally and running it)
The build exits with an error like this:
ModuleNotFoundError: No module named 'google'
If I use pipenv to install dependencies instead of requirements.txt, then this:
ModuleNotFoundError: No module named 'pipenv'
I've tried searching around, but here's the only reference to something similar (but this involves cloud run):
Any help would be appreciated!
Thanks,
Sagar
PS: Here's the dockerfile, build config if it helps:
Dockerfile:
FROM python:3.8.12-buster as base
WORKDIR /app/
COPY . /app/
RUN groupadd -r appuser && useradd -g appuser -m -u 1234 appuser
RUN chown -R appuser:appuser /app
USER 1234
ENV PATH="/home/appuser/.local/bin:${PATH}"
RUN pip install --upgrade pip
RUN pip install -r requirements.txt --user
FROM base as release
CMD ["./run.sh"]
Build config:
WORKDIR /app/
COPY . /app/
RUN groupadd -r appuser && useradd -g appuser -m -u 1234 appuser
RUN chown -R appuser:appuser /app
USER 1234
ENV PATH="/home/appuser/.local/bin:${PATH}"
RUN pip install --upgrade pip
RUN pip install -r requirements.txt --user
FROM base as release
CMD ["./run.sh"]
Build config:
steps:
- name: 'gcr.io/cloud-builders/docker'
args: ["build", "-t", "repo-url:${COMMIT_SHA}", "."]
- name: 'gcr.io/cloud-builders/docker'
args: ["push", "repo-url:${COMMIT_SHA}"]
- name: "repo-url:${COMMIT_SHA}"
args:
- "./run.sh"
- "${COMMIT_SHA}"
- "${TAG_NAME}"
- name: 'gcr.io/cloud-builders/docker'
args: ["build", "-t", "repo-url:${COMMIT_SHA}", "."]
- name: 'gcr.io/cloud-builders/docker'
args: ["push", "repo-url:${COMMIT_SHA}"]
- name: "repo-url:${COMMIT_SHA}"
args:
- "./run.sh"
- "${COMMIT_SHA}"
- "${TAG_NAME}"
run.sh simply runs a python script - 'python myscript.py' - or when using pipenv, 'pipenv run myscript.py'
The failure will be anywhere I try to import anything I expect to be installed by pip, for ex:
from google.cloud import storage
from google.cloud import storage
George (Cloud Platform Support)
Mar 1, 2022, 11:33:56 AM3/1/22
to Google Cloud Developers
Hello,
You are right, authentication is based on a service account, not user. You may profit from related information to be found on the "Building Python applications" documentation page. Additional information is offered on the "Building container images" page.
Reply all
Reply to author
Forward
0 new messages