Open in app

Sign in

Write

Sign in

Using private Python Azure Artifacts feeds in Alpine Docker builds

bitsofinfo
DevOps Dudes
Published in
2 min readJun 3, 2021

--

This one will be relatively short, figured I’d post this for anyone else who was struggling with use case.

Your goal: your application needs to use a Python module that is available in a private Azure Artifact’s feed and you want to pip install this module in a Alpine based docker build.

Was recently working on a project where I had this exact use case. From experience, things can always get slightly more complicated when trying to build Docker images that depend on things behind private artifact repositories; security of your repository secrets being the biggest of these issues and (not leaking them into image layers) …. however when integrating with Azure Artifact feeds…. this becomes even more complicated because the underlying Pip authentication mechanism has dependencies on .NET libraries, which coupled with *nix based builds, can be less that smooth.

In any case the basic gist of what you need to do is as follows (supporting links below):

#1 Setup your Private Azure Artifacts feed and push your python modules there

#2 Create a PAT token with “Packaging: READ access”, and store the token embedded in a URL in a file that you do NOT check into git and secure with “chmod 400” in the format:

https://<feedname>:<pattoken>@pkgs.dev.azure.com/<org>/<project>/_packaging/<feed>/pypi/simple/

#3 Craft your Dockerfile that contains a build layer that creates your Python environment, installs all the dependencies necessary for the private Azure Artifacts feed authentication + all your python module requirements. The Dockerfile should also have a release layer that copies the prepped virtual environment from the build layer. Here is an example Dockerfile that does all of this you can use as a reference: https://gist.github.com/bitsofinfo/dca033c0552a7aa0a957abd3cbc2b29c

#4 Build the Dockerfile referencing the PAT token that you created and secured in a file as described above that sits next to your Dockerfile

docker build . -t myapp:test --secret id=pip.url.secret,src=pip.url.secret.file

At this point you should have a image that has successfully pip installed your modules from your private Azure Artifacts feed.

References

Get started with Python packages in Azure Artifacts - Azure Artifacts

This guide will walk you through using Azure Artifacts to publish and consume Python packages to and from your feed…

docs.microsoft.com

microsoft/artifacts-keyring

'artifacts-keyring' is a relatively thin wrapper around artifacts-credprovider. Make sure to also look at that…

github.com

Install .NET on Alpine - .NET

This article describes how to install .NET on Alpine. When an Alpine version falls out of support, .NET is no longer…

docs.microsoft.com

Originally published at http://bitsofinfo.wordpress.com on June 3, 2021.

Python
Azure Artifacts
Azure
DevOps
Docker

--

--

bitsofinfo
DevOps Dudes

Written by bitsofinfo

39 Followers

stream of engineering: https://github.com/bitsofinfo

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams