search

bazel-contrib / rules_oci

Bazel rules for building OCI containers
Apache License 2.0
305 stars 159 forks source link

Minimal flask app failing #713

Closed qdii closed 1 month ago

qdii commented 1 month ago

I’ve tried to put together a minimal flask app using the recommendations I gathered from Aspect documentation namely:

While running the python binary works fine, using docker to run the image I built with rules_oci fails with:

❯ docker run qdii/myapp:0.0.1
Traceback (most recent call last):
  File "/myapp/myapp", line 580, in <module>
    Main()
  File "/myapp/myapp", line 565, in Main
    ExecuteFile(
  File "/myapp/myapp", line 360, in ExecuteFile
    _RunExecv(python_program, main_filename, args, env)
  File "/myapp/myapp", line 386, in _RunExecv
    os.execv(python_program, argv)
FileNotFoundError: [Errno 2] No such file or directory: '/myapp/myapp.runfiles/rules_python~~python~python_3_11_x86_64-unknown-linux-gnu/bin/python3'

Steps to reproduce:

  1. git clone https://github.com/qdii/minimal-flask-app
  2. Modify repository attribute inside myapp/BUILD to point to a Dockerhub repository you control.
  3. blaze run //myapp:push to build and push the image to this registry
  4. docker run <your image>.

What happens: The error above is produced. I expected the same output as blaze run //myapp

qdii commented 1 month ago

What is intriguing is that the hermetic python interpreter is present on the docker image, as can be inspected with dive qdii/myapp:0.0.1 or using docker:

 docker run -it --entrypoint "/bin/bash" qdii/myapp:0.0.1 "-c" "stat /myapp/myapp.runfiles/rules_python~~python~python_3_11_x86_64-unknown-linux-gnu/bin/python3"
  File: /myapp/myapp.runfiles/rules_python~~python~python_3_11_x86_64-unknown-linux-gnu/bin/python3
  Size: 20944       Blocks: 48         IO Block: 4096   regular file
Device: 9ch/156d    Inode: 41449532    Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/ UNKNOWN)   Gid: (    0/ UNKNOWN)
Access: 2023-01-01 08:00:00.000000000 +0000
Modify: 2023-01-01 08:00:00.000000000 +0000
Change: 2024-10-10 05:45:17.165399421 +0000
thesayyn commented 1 month ago

I am not sure what rules_oci needs to fix here. Sounds like there is a problem in your container image.

FWIW there is a new api in rules_py that might work for you; https://github.com/aspect-build/rules_py/blob/main/docs/py_image_layer.md

qdii commented 1 month ago

After a bit of debugging with Eric Hauser on Slack, we found that py_binary provides a python interpreter that is linked against glibc, while the Alpine image ships with musl.

I think it's unrelated to rules_oci, so feel free to close the bug. However if you have any pointer on how to convince Aspect bazel to provide a musl-linked interpreter, that would be awesome :)

thesayyn commented 1 month ago

However if you have any pointer on how to convince Aspect bazel to provide a musl-linked interpreter, that would be awesome :)

I don't think that's possible, as this would involve building cpython from source and link against musl libc. Even then there is no guarantee all the python packages will work as they might still depend on glibc.

thesayyn commented 1 month ago

Closing this as there is nothing for us to fix here.