Recently, we met a deployment problem in heroku python environment.

In heroku python deployment, it will execute pip install requirements.txt and install packages in the file. But when you have a private package, everything goes complicated.

What we want to do is to install our private package which is on the github. Just making one of the following commands success:

pip install git+https://github.com/my_account/myrepo.git pip install git+ssh://github.com/my_account/myrepo.git pip install git+https://{username}:{password}@github.com/my_account/myrepo.git

The complicated thing here is that you don't want to commit any credential or password in git because it causes to many security issues. So how to let heroku know the credential in build is the key-point of this problem.

Third-Party Buildpack Solutions

In fact, there are some third-party buildpacks supporting setting github tokens or ssh-keys in the environments:

heroku-buildpack-github-netrc ssh-private-key-buildpack

But after our discussion, we decide not to use third-party buildpacks because the following reasons

maintenance: everyone who joins related projects needs to know the buildpack and maintain them if anything changes. security: we don't know what things happen if we do not review the code.

(I've reviewed the code, both of them are pretty simple and pretty useful. You can config your credentials in environment variables and the buildpacks will set for your purpose.)

Solution without Using Third-Party Buildpacks

With some survey on the heroku buildpacks, we found a good solution that helps us solve this problem. To learn the solution, we need to know more about how heroku python buildpack works first. Herkuo python buildpack will execute the following commands in order:

bin/detect bin/pre_compile bin/compile : in this step, it will execute pip install -r requirments.txt here. bin/post_compile bin/release

With the knowledge, we tried the steps:

Setup environment variables GITHUB_USER and GITHUB_PASSWORD Put the file bin/pre_compile with link generation code like: # !/bin/bash echo "Generate myrepo to requirements.txt" MY_REPO_GIT="git+https://${GITHUB_USER}:${GITHUB_PASSWORD}@github.com/my_account/myrepo.git" echo MY_REPO_GIT >> requirements.txt

and it will generate private repos link with user information to requirements.txt before executing bin/compile . Finally it can install all things your want with this solution.

Failed Try

We've tried to use setup.py to do customization in installation but it didn't work because heroku team thinks setup.py can do everything and it's unsafe if exposing all build environment settings on it.

本文开发(python)相关术语:python基础教程 python多线程 web开发工程师 软件开发工程师 软件开发流程

代码区博客精选文章
分页:12
转载请注明
本文标题:Codementor: Deploy Private Github Python Packages on Heroku without Exposing Cre ...
本站链接:https://www.codesec.net/view/611120.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(python) | 评论(0) | 阅读(103)