Im trying to use AWS Codeartifact as my pip repo. every time I build a docker image I need to login or generate token, I tried this: How to use AWS CodeArtifact *within* A Dockerfile in AWSCodeBuild
but in each build the pip.conf file is different (new token) which breaks the docker cache.
for now I want to avoid base image with all the packages pre-installed.
anyone has a solution for this problem?
thx!
looks like docker buildkit is the answer.
Makefile:
docker_build:
@$(eval CODEARTIFACT_AUTH_TOKEN := $(shell aws codeartifact get-authorization-token --domain your-domain --domain-owner your-id --region your-region --query authorizationToken --output text --duration-seconds 900))
@pip config set global.index-url "https://aws:${CODEARTIFACT_AUTH_TOKEN}@<your-domain>-<your-id>.d.codeartifact.<your-region>.amazonaws.com/pypi/your-repo/simple/"
cp ~/.config/pip/pip.conf /tmp/pip.conf
DOCKER_BUILDKIT=1 docker build --progress=plain --secret id=pip.conf,src=/tmp/pip.conf -t tmp_docker_image .
Dockerfile:
FROM python:3.8.8-slim-buster
WORKDIR /code
ADD requirements.txt /code/requirements.txt
RUN --mount=type=secret,id=pip.conf,dst=/root/.pip/pip.conf \
pip install -r ./requirements.txt
I have tested it couple of times, changed the token on each run, looks good.
this one helped: https://dev.to/hugoprudente/managing-secrets-during-docker-build-3682