Google Cloud's Artifact Registry is a powerful tool for managing your application's dependencies. This guide demonstrates how to create a Cloud Build pipeline to enable Docker to access Python packages stored in Artifact Registry. By following these steps, you can securely manage dependencies and streamline deployments.
Use gcloud auth to generate an access token that will allow the Docker build process to authenticate with the Artifact Registry. Here's how you can do this:
steps: # Generate Artifact Registry token - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk' entrypoint: bash args: - '-c' - | art=$(gcloud auth print-access-token) echo "$art" > /workspace/artifact_registry_token echo "$art"
Once the token is generated, it can be passed to the docker build process as a build argument. Here's how:
- name: gcr.io/cloud-builders/docker id: Build env: - 'btf=/workspace/artifact_registry_token' entrypoint: bash args: - '-c' - | docker build \ --build-arg ARTIFACT_REGISTRY_TOKEN=$(cat $btf) \ --build-arg PROJECT_ID=$PROJECT_ID \ -t test-image:latest \ -f Dockerfile .
The Dockerfile is configured to use the token to download Python packages from Artifact Registry:
# syntax=docker/dockerfile:1 FROM python:3.11-slim ARG ARTIFACT_REGISTRY_TOKEN ARG PROJECT_ID # Keeps Python from buffering stdout and stderr ENV PYTHONUNBUFFERED=1 WORKDIR /app RUN pip install --no-cache-dir -r requirements.txt COPY . . # Install dependencies using the token RUN pip install \ --index-url https://pypi.org/simple \ --extra-index-url https://oauth2accesstoken:${ARTIFACT_REGISTRY_TOKEN}@us-central1-python.pkg.dev/${PROJECT_ID}/python-packages/simple/ \ "your-package-name==your-package-version" # Expose the application port EXPOSE 8080 # Command to run the application CMD ["uvicorn", "main:app", "--port=8080", "--host=0.0.0.0"]
Finally, define other configurations such as machine type, logging, and substitutions:
options: machineType: E2_HIGHCPU_8 substitutionOption: ALLOW_LOOSE logging: CLOUD_LOGGING_ONLY substitutions: _PACKAGE: your-package-name==your-package-version _REPOSITORY: python-packages _LOCATION: us-central1 _PROJECT_ID: your-project-id
To organize your builds better, include meaningful tags:
tags: - gcp-cloud-build - artifact-registry - docker-python-packages
This setup ensures that your Docker builds in Cloud Build can securely pull Python dependencies from your Artifact Registry using an access token. Adjust the provided configuration to your project-specific details, such as package names, repository URLs, and deployment targets.
Implementing this pipeline will improve security and make dependency management seamless for your projects.
The above is the detailed content of How to Create a Cloud Build to Allow Docker to Download Python Packages from Artifact Registry. For more information, please follow other related articles on the PHP Chinese website!