Currently we don't provide anything specific for users to be able to connect to the different toolforge APIs from within jobs and webservices, to do so you have to do a bare http request like:
tools.wm-what@wm-what-59d64fb59c-q6wm9:~$ curl -v \ -X POST \ -H "content-type: application/json" \ --data '{"name": "test", "imagename": "python3.11", "cmd": "env", "mount": "all"}' \ --insecure \ --cert $TOOL_DATA_DIR/.toolskube/client.crt \ --key $TOOL_DATA_DIR/.toolskube/client.key \ https://api.svc.tools.eqiad1.wikimedia.cloud:30003/jobs/api/v1/jobs/
This would be different to implement in both, the pre-built images and buildservice generated ones.
Pre-build images
- Install the packages always
- Would mean that we have to regenerate the images whenever we release a new package
- Should be easy to add them
- Let users install them per-environment (not sure it makes sense), this is easy for python (pip install) but other langs might not be doable (we would need to provide many bindings)
- We don't have a nice way of doing this (having single-binaries would help)
Buildservice
- Install the packages always and automatically:
- Using a specific buildpack
- Might still require us building ubuntu packages
- We might be able to workaround with venvs + scripts
- If we had single binary deployments this would be way easier xd
- Using a specific buildpack
- Hardcodding it inside the apt-buildpack somehow - probably not as it only triggers with Aptfile
- Same as the next point
- Let the user specify the packages in the Aptfile
- This means enabling toolforge repos (easy)
- This will require rebuilding the packages for ubuntu jammy + expose the repository (a bit more troublesome)