A package of containerized feedstock maintenance operations
To use this package, you should run it through the corresponding Python package.
First, install the package:
conda install -c conda-forge conda-forge-feedstock-opsThen for your feedstock, you can call commands like this:
from conda_forge_feedstock_ops.rerender import rerender
commit_msg = rerender(path_to_feedstock)This package works by running commands inside of a container on-the-fly in order to perform operations on feedstocks in the presence of sensitive data.
Data can be input into the container via one of three mechanisms
- Passing data as arguments over the command line.
- Passing data via
stdin. - Mounting a directory on the host to
/cf_feedstock_ops_dirin the container. This mount is read-only by default.
Data is returned to the calling process via one of two ways
- The container can print a json blob to
stdout. This json blob must have only two top-level keys,erroranddata. Any output data should be put in thedatakey. Theerrorkey is discussed below. - The container can put data in the
/cf_feedstock_ops_dirif it is not mounted as read-only.
IMPORTANT: The container can only print a valid json blob to stdout.
All other output should be sent to stderr.
Errors can be handled via
- Exiting the container process with a non-zero exit code.
- Setting the
errorkey in the json blob sent tostdout.
Errors in running the container raise a ContainerRuntimeError error.
In order to make your own container that uses this package, you should copy and edit
the Dockerfile in this repo.
There are a few important points to keep in mind when doing this.
- The container runs using a non-root user. This is an important security measure and should be kept.
- The container uses an entrypoint to activate an internal conda environment and then run a command via
exec. - The
/cf_feedstock_ops_dirshould be declared togitas safe in order to allow git operations.