robd003 · July 7, 2023 06:28
diff --git a/housekeeping.py b/housekeeping.py
 #!/usr/bin/python
 """'Finalize' the distroless image of an emissary build."""

 # Standard Library Imports
 import os
 import stat
 import subprocess
 import sys
 import tarfile
 from itertools import chain
 from pathlib import Path
 from shutil import rmtree
 from urllib import request

 # Ensure we're at the proper "starting point" before
 # we begin unpacking the packages tarball
 os.chdir("/")

 # Use Python's `tarfile` module to unpack the "installed"
 # packages, mirroring the way they were packed up to begin
 # with just in reverse.
 artifact_tar = Path("/tmp/artifacts.tar.gz")
 artifacts = tarfile.open(artifact_tar, mode="r:gz")
 artifacts.extractall(".")
 artifacts.close()

 # Naturally, we'll also call `.unlink()` on the archive itself
 # once we're done extracting it. After all, c̶l̶e̶a̶n̶l̶i̶n̶e̶s̶s̶ ̶i̶s̶ ̶n̶e̶x̶t̶
 # t̶o̶ ̶g̶o̶d̶l̶i̶n̶e̶s̶s̶ only monsters publish bloated Docker images.
 artifact_tar.unlink()


 # Create some necessary symlinks
 for exe in Path("/opt/ambassador/bin").iterdir():
    if not Path(f"/usr/bin/{exe.name}").exists():
        Path(f"/usr/bin/{exe.name}").symlink_to(exe)

 for cmd in (
    Path(f"/usr/bin/{exe}")
    for exe in (
        "ambex",
        "entrypoint",
        "kubestatus",
        "watt",
        "agent",
        "apiext",
    )
 ):
    if not cmd.exists():
        cmd.symlink_to(Path("/opt/ambassador/bin/busyambassador"))


 # Make sure `ambassador.version` exists, as this build process
 # now skips it, technically
 Path("/opt/ambassador/python/ambassador.version").write_text("0.0.0\n\n")

 #pyyaml = Path("/tmp/install_pyyaml.py")
 reqs = Path("/opt/ambassador/python/requirements.txt")
 dev_reqs = Path("/opt/ambassador/python/requirements-dev.txt")
 #reqs.write_text(reqs.read_text().replace("pyyaml==5.4.1", "pyyaml>=6.0"))

 # While the base distroless image *does* provide
 # Python itself, it does *not* provide `pip` or
 # even `ensurepip`. Not to worry though, we'll
 # just snag the latest version of `get-pip` from
 # the Python Packaging Authority and use that
 get_pip = Path("/tmp/get-pip.py")
 get_pip.write_bytes(
    request.urlopen("https://bootstrap.pypa.io/get-pip.py").read()
 )
 subprocess.check_call([sys.executable, str(get_pip)])

 # Now that we have `pip`, we can us it to install
 # emissary's dependencies...
 subprocess.check_call([sys.executable, "-m", "pip", "install", "-r", str(reqs)])
 subprocess.check_call(
    [
        sys.executable,
        "-m",
        "pip",
        "install",
        "-r",
        str(dev_reqs),
    ]
 )
 subprocess.run(
    [
        sys.executable,
        "/opt/ambassador/python/setup.py",
        "install",
    ],
    cwd="/opt/ambassador/python/",
    check=False,
 )

 # ... and run the "installer" we created earlier in the
 # `package-factory` image to install PyYAML...
 #subprocess.check_call([sys.executable, str(pyyaml)])

 # Ensure the `ambassador` Python packages are importable
 Path("/usr/local/lib/python3.11/site-packages/ambassador.pth").write_text(
    "/opt/ambassador/python/\n"
 )

 # ̶N̶o̶t̶ ̶c̶l̶e̶a̶n̶i̶n̶g̶ ̶u̶p̶ ̶t̶e̶m̶p̶o̶r̶a̶r̶y̶ ̶f̶i̶l̶e̶s̶ ̶g̶o̶e̶s̶ ̶a̶g̶a̶i̶n̶s̶t̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶I̶ ̶k̶n̶o̶w̶
 # ̶ ̶t̶o̶ ̶b̶e̶ ̶r̶i̶g̶h̶t̶ ̶a̶n̶d̶ ̶t̶r̶u̶e̶,̶ ̶a̶n̶d̶ ̶I̶ ̶w̶i̶l̶l̶ ̶s̶o̶o̶n̶e̶r̶ ̶l̶a̶y̶ ̶y̶o̶u̶ ̶i̶n̶t̶o̶ ̶t̶h̶i̶s̶ ̶b̶a̶r̶r̶e̶n̶
 # ̶ ̶e̶a̶r̶t̶h̶ ̶t̶h̶a̶n̶ ̶e̶n̶t̶e̶r̶t̶a̶i̶n̶ ̶t̶h̶e̶ ̶f̶o̶l̶l̶y̶ ̶o̶f̶ ̶a̶l̶l̶o̶w̶i̶n̶g̶ ̶t̶h̶e̶m̶ ̶t̶o̶ ̶r̶e̶m̶a̶i̶n̶ ̶i̶n̶ ̶t̶h̶e̶
 # ̶ ̶f̶i̶n̶a̶l̶ ̶p̶u̶b̶l̶i̶s̶h̶e̶d̶ ̶i̶m̶a̶g̶e̶ ̶f̶o̶r̶ ̶a̶ ̶m̶o̶m̶e̶n̶t̶ ̶l̶o̶n̶g̶e̶r̶ Keep it clean folks
 rmtree("/tmp")
 Path("/tmp").mkdir(mode=0o777, exist_ok=False)

 # Ensure everything else that Emissary expects exists where it's expected to
 Path("/ambassador/sidecars").mkdir(mode=0o777, parents=True, exist_ok=True)
 Path("/ambassador/snapshots").mkdir(mode=0o777, parents=True, exist_ok=True)
 Path("/ambassador/envoy").mkdir(mode=0o777, parents=True, exist_ok=True)
 Path("/tmp/ambassador").mkdir(mode=0o777, parents=True, exist_ok=True)
 Path("/tmp/admin_access_log").touch(mode=0o777, exist_ok=True)

 for script in Path("/opt/ambassador/python/").glob("*.py"):
    Path(f"/ambassador/{script.name}").symlink_to(script)

 st = os.stat("/opt/ambassador/python/entrypoint.sh")
 os.chmod("/opt/ambassador/python/entrypoint.sh", st.st_mode | stat.S_IEXEC)

 for item in chain(
    Path("/ambassador").rglob("**/*"),
    Path("/tmp").rglob("**/*"),
 ):
    os.chmod(item.resolve(), 0o777)

 os.symlink('/opt/ambassador/bin/envoy-static-stripped', '/usr/bin/envoy')

 os.chmod("/tmp", 0o777)
 os.chmod("/ambassador", 0o777)
 os.chmod("/tmp/ambassador", 0o777)

 Path("/ambassador/housekeeping.py").unlink(missing_ok=True)
	#!/usr/bin/python
	"""'Finalize' the distroless image of an emissary build."""

	# Standard Library Imports
	import os
	import stat
	import subprocess
	import sys
	import tarfile
	from itertools import chain
	from pathlib import Path
	from shutil import rmtree
	from urllib import request

	# Ensure we're at the proper "starting point" before
	# we begin unpacking the packages tarball
	os.chdir("/")

	# Use Python's `tarfile` module to unpack the "installed"
	# packages, mirroring the way they were packed up to begin
	# with just in reverse.
	artifact_tar = Path("/tmp/artifacts.tar.gz")
	artifacts = tarfile.open(artifact_tar, mode="r:gz")
	artifacts.extractall(".")
	artifacts.close()

	# Naturally, we'll also call `.unlink()` on the archive itself
	# once we're done extracting it. After all, c̶l̶e̶a̶n̶l̶i̶n̶e̶s̶s̶ ̶i̶s̶ ̶n̶e̶x̶t̶
	# t̶o̶ ̶g̶o̶d̶l̶i̶n̶e̶s̶s̶ only monsters publish bloated Docker images.
	artifact_tar.unlink()


	# Create some necessary symlinks
	for exe in Path("/opt/ambassador/bin").iterdir():
	if not Path(f"/usr/bin/{exe.name}").exists():
	Path(f"/usr/bin/{exe.name}").symlink_to(exe)

	for cmd in (
	Path(f"/usr/bin/{exe}")
	for exe in (
	"ambex",
	"entrypoint",
	"kubestatus",
	"watt",
	"agent",
	"apiext",
	)
	):
	if not cmd.exists():
	cmd.symlink_to(Path("/opt/ambassador/bin/busyambassador"))


	# Make sure `ambassador.version` exists, as this build process
	# now skips it, technically
	Path("/opt/ambassador/python/ambassador.version").write_text("0.0.0\n\n")

	#pyyaml = Path("/tmp/install_pyyaml.py")
	reqs = Path("/opt/ambassador/python/requirements.txt")
	dev_reqs = Path("/opt/ambassador/python/requirements-dev.txt")
	#reqs.write_text(reqs.read_text().replace("pyyaml==5.4.1", "pyyaml>=6.0"))

	# While the base distroless image does provide
	# Python itself, it does not provide `pip` or
	# even `ensurepip`. Not to worry though, we'll
	# just snag the latest version of `get-pip` from
	# the Python Packaging Authority and use that
	get_pip = Path("/tmp/get-pip.py")
	get_pip.write_bytes(
	request.urlopen("https://bootstrap.pypa.io/get-pip.py").read()
	)
	subprocess.check_call([sys.executable, str(get_pip)])

	# Now that we have `pip`, we can us it to install
	# emissary's dependencies...
	subprocess.check_call([sys.executable, "-m", "pip", "install", "-r", str(reqs)])
	subprocess.check_call(
	[
	sys.executable,
	"-m",
	"pip",
	"install",
	"-r",
	str(dev_reqs),
	]
	)
	subprocess.run(
	[
	sys.executable,
	"/opt/ambassador/python/setup.py",
	"install",
	],
	cwd="/opt/ambassador/python/",
	check=False,
	)

	# ... and run the "installer" we created earlier in the
	# `package-factory` image to install PyYAML...
	#subprocess.check_call([sys.executable, str(pyyaml)])

	# Ensure the `ambassador` Python packages are importable
	Path("/usr/local/lib/python3.11/site-packages/ambassador.pth").write_text(
	"/opt/ambassador/python/\n"
	)

	# ̶N̶o̶t̶ ̶c̶l̶e̶a̶n̶i̶n̶g̶ ̶u̶p̶ ̶t̶e̶m̶p̶o̶r̶a̶r̶y̶ ̶f̶i̶l̶e̶s̶ ̶g̶o̶e̶s̶ ̶a̶g̶a̶i̶n̶s̶t̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶I̶ ̶k̶n̶o̶w̶
	# ̶ ̶t̶o̶ ̶b̶e̶ ̶r̶i̶g̶h̶t̶ ̶a̶n̶d̶ ̶t̶r̶u̶e̶,̶ ̶a̶n̶d̶ ̶I̶ ̶w̶i̶l̶l̶ ̶s̶o̶o̶n̶e̶r̶ ̶l̶a̶y̶ ̶y̶o̶u̶ ̶i̶n̶t̶o̶ ̶t̶h̶i̶s̶ ̶b̶a̶r̶r̶e̶n̶
	# ̶ ̶e̶a̶r̶t̶h̶ ̶t̶h̶a̶n̶ ̶e̶n̶t̶e̶r̶t̶a̶i̶n̶ ̶t̶h̶e̶ ̶f̶o̶l̶l̶y̶ ̶o̶f̶ ̶a̶l̶l̶o̶w̶i̶n̶g̶ ̶t̶h̶e̶m̶ ̶t̶o̶ ̶r̶e̶m̶a̶i̶n̶ ̶i̶n̶ ̶t̶h̶e̶
	# ̶ ̶f̶i̶n̶a̶l̶ ̶p̶u̶b̶l̶i̶s̶h̶e̶d̶ ̶i̶m̶a̶g̶e̶ ̶f̶o̶r̶ ̶a̶ ̶m̶o̶m̶e̶n̶t̶ ̶l̶o̶n̶g̶e̶r̶ Keep it clean folks
	rmtree("/tmp")
	Path("/tmp").mkdir(mode=0o777, exist_ok=False)

	# Ensure everything else that Emissary expects exists where it's expected to
	Path("/ambassador/sidecars").mkdir(mode=0o777, parents=True, exist_ok=True)
	Path("/ambassador/snapshots").mkdir(mode=0o777, parents=True, exist_ok=True)
	Path("/ambassador/envoy").mkdir(mode=0o777, parents=True, exist_ok=True)
	Path("/tmp/ambassador").mkdir(mode=0o777, parents=True, exist_ok=True)
	Path("/tmp/admin_access_log").touch(mode=0o777, exist_ok=True)

	for script in Path("/opt/ambassador/python/").glob("*.py"):
	Path(f"/ambassador/{script.name}").symlink_to(script)

	st = os.stat("/opt/ambassador/python/entrypoint.sh")
	os.chmod("/opt/ambassador/python/entrypoint.sh", st.st_mode \| stat.S_IEXEC)

	for item in chain(
	Path("/ambassador").rglob("*/"),
	Path("/tmp").rglob("*/"),
	):
	os.chmod(item.resolve(), 0o777)

	os.symlink('/opt/ambassador/bin/envoy-static-stripped', '/usr/bin/envoy')

	os.chmod("/tmp", 0o777)
	os.chmod("/ambassador", 0o777)
	os.chmod("/tmp/ambassador", 0o777)

	Path("/ambassador/housekeeping.py").unlink(missing_ok=True)