Mopy
mopy is a docker buildkit frontend to package and build your python app into a minimal best practice docker image. You don't have to be a docker pro anymore! 🐋
Install / Use
/learn @cmdjulian/MopyREADME
mopy - build python based container images the easy way
🐳 mopy is a YAML bases alternative to the Dockerfile format for creating best practice Python based container
images.
As a buildkit frontend, mopy does not need to be installed. It is seamlessly integrated and run
by docker buildkit
(respectively docker).
Create best practice docker images for packaging your python app with ease, without beeing a docker pro!
Mopyfile
Mopyfile is the equivalent of Dockerfile for mopy. It is based on yaml and assembles a python specific dsl.
Start by creating a Mopyfile.yaml file:
#syntax=cmdjulian/mopy # [1] Enable automatic Mopy syntax support
apiVersion: v1 # [2] Mopyfile api version
python: 3.9.2 # [3] python interpreter version
build-deps: # [4] additional 'apt' packages installed before build
- libopenblas-dev
- gfortran
- build-essential
envs: # [5] environment variables available in build stage and in the final image
MYENV: envVar1
indices: # [6] additional pip indices to use
- url: https://mirrors.sustech.edu.cn/pypi/simple # public index without authentication
- url: http://my.pypi.org:8080/simple # url of the index, http and https are supported
username: user # optional username, if only username is present, only the username is used
password: secret # optional password, this is only taken into account if a username is present
trust: true # should the index be added to the list of trusted hosts, use with caution (useful for self-signed certs or http links). Defaults to false, can be omitted.
pip: # [7] pip dependencies to install
- numpy==1.22 # use version 1.22 of 'numpy'
- slycot # use version 'latest' of 'slycot'
- git+https://github.com/moskomule/anatome.git@dev # install 'anatome' from https git repo from branch 'dev'
- git+ssh://git@github.com/RRZE-HPC/pycachesim.git # install 'pycachesim' from ssh repo on 'default' branch
- https://fallback.company.org/simple/pip-lib.whl # include `.whl` file from url
- https://user:secret@my.company.org/simple/pip-lib.whl # include `.whl` file from url with auth (not recommended, use index with auth instead, as these credentials are visible in the sbom if selected)
- ./my_local_pip/ # use local fs folder from working directory (has to start with ./ )
- ./requirements.txt # include pip packages from 'requirements.txt' file from working directory (has to start with ./ )
sbom: true # [8] include pip dependencies as label
labels: # [9] additional labels to include in final image
foo: bar
fizz: ${mopy.sbom} # allow placeholder replacement of labels
project: my-python-app/ # [10] include executable python file(s)
The most important part of the file is the first line #syntax=cmdjulian/mopy. It tells docker buildkit to use the
mopy frontend. This can also be achieved by setting the frontend to solve the dockerfile by the running engine itself.
For instance for the docker build command one can append the following build-arg to tell docker to use mopy without
the in-file syntax directive: --build-arg BUILDKIT_SYNTAX=cmdjulian/mopy:v1. However, the recommended way is to set it
in the Mopyfile, as this is independent of the used builder cli.
The frontend is compatible with linux, windows and mac. It also supports various cpu architectures.
Currently i386, amd64, arm/v6, arm/v7, arm64/v8 are supported. Buildkit automatically picks the right version
for you from docker hub.
Available configuration options are listed in the table below.
| | required | description | default | type |
|-----|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|-------------------------|
| 1 | yes | instruct Docker to use Mopyfile syntax for parsing this file | - | docker syntax directive |
| 2 | no | api version of Mopy file format. This is mainly due to future development to prevent incompatibilities | v1 | enum: [v1] |
| 3 | yes | the python interpreter version to use. Versions format is: 3, 3.9 or 3.9.1 | - | string |
| 4 | no | additional apt packages to install before staring the build. These are not part of the final image | - | string[] |
| 5 | no | additional environment variables. These are present in the build and in the run stage | - | map[string][string] |
| 6 | no | additional list of index to consider for installing dependencies. The only required filed is url. | - | index[] |
| 7 | no | list of pip dependencies to install | - | string[] |
| 8 | no | add an sbom label. For details see the sbom section | true | boolean |
| 9 | no | additional labels to add to the final image. These have precedence over automatically added | - | map[string][string] |
| 10 | no | relative path to a Python file or folder. If the path points to a folder, the folder has to contain a main.py file. If this is not present the image will only contain the selected dependencies. If this is present, the project or file gets set as entrypoint for the final image | - | string |
Index
| name | required | description | default | type | |----------|----------|-------------------------------------------------------------------------------------------------------------|---------|---------| | url | yes | url of the additional index | - | string | | username | no | optional username to authenticate. If you got a token for instance, as single factor, just set the username | - | string | | password | no | optional password to use. If username is not set, this is ignored | - | string | | trust | no | used to add the indices domain as trusted. Useful if the index uses a self-signed certificate or uses http | false | boolean |
The example folder contains a few examples how you can use mopy.
