Page MenuHomePhabricator

Investigate PEP 503 repo for production deployment of python wheels
Open, Needs TriagePublic

Description

Python code in production shares similar challenges, one of which is to bend the packaging system to our constraints. ORES has a mostly robust and performant solution, recently improved in T181071, but we'd prefer to standardize on a common strategy for storing and installing wheels in this secure environment.

An internal pip repo, conforming to PEP 503 and passed to pip using --index-url might solve the first half of this problem. Then, for the installation we might want to have scap do the heavy lifting, telling it to "install_from_requirements_txt" or something.

Event Timeline

awight created this task.Apr 18 2018, 6:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 18 2018, 6:31 PM

By using SSDD, this would be obsolete. Because the containers will ship all of the dependencies alongside the code. @akosiaris if my assumption is correct, we can probably close this.

@Ladsgroup I don't think that's correct. There still needs to be a way to install dependencies into containers at some stage in the build process, assuming that there's a non-zero number of libraries that are packaged by us and shared by more than one app.

awight removed a subscriber: awight.Mar 21 2019, 4:03 PM