From 7f131531a5c8a747f96e6cf8c2003c26fa0f08db Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 20 Jun 2023 06:25:22 +0000 Subject: automatic import of python-sagemaker-studio-image-build --- .gitignore | 1 + python-sagemaker-studio-image-build.spec | 792 +++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 794 insertions(+) create mode 100644 python-sagemaker-studio-image-build.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..82b7bd2 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/sagemaker_studio_image_build-0.6.0.tar.gz diff --git a/python-sagemaker-studio-image-build.spec b/python-sagemaker-studio-image-build.spec new file mode 100644 index 0000000..c03f1ac --- /dev/null +++ b/python-sagemaker-studio-image-build.spec @@ -0,0 +1,792 @@ +%global _empty_manifest_terminate_build 0 +Name: python-sagemaker-studio-image-build +Version: 0.6.0 +Release: 1 +Summary: Build Docker Images in Amazon SageMaker Studio using AWS CodeBuild +License: MIT-0 +URL: https://github.com/aws-samples/sagemaker-studio-image-build-cli +Source0: https://mirrors.aliyun.com/pypi/web/packages/e7/22/304e74f0afc681545eee1376d32190225889e8275f7a0c2a17c647446b5f/sagemaker_studio_image_build-0.6.0.tar.gz +BuildArch: noarch + + +%description +## SageMaker Docker Build + +[![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) +[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) + +This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. + +### Usage + +Navigate to the directory containing the Dockerfile and simply do: + +```bash +sm-docker build . +``` + + +Any additional arguments supported with `docker build` are supported + +```bash +sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar +``` + +By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket + +These can be overridden with the relevant CLI options. + +```bash +sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 +``` + +The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. + + +### Installing + +Install the CLI using pip. +```bash +pip install sagemaker-studio-image-build +``` + +Ensure the execution role has a trust policy with CodeBuild. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "codebuild.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "codebuild:DeleteProject", + "codebuild:CreateProject", + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogStream", + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": [ + "logs:GetLogEvents", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogGroup", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ecr:CreateRepository", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:UploadLayerPart", + "ecr:ListImages", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage" + ], + "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" + }, + { + "Sid": "ReadAccessToPrebuiltAwsImages", + "Effect": "Allow", + "Action": [ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Resource": [ + "arn:aws:ecr:*:763104351884:repository/*", + "arn:aws:ecr:*:217643126080:repository/*", + "arn:aws:ecr:*:727897471807:repository/*", + "arn:aws:ecr:*:626614931356:repository/*", + "arn:aws:ecr:*:683313688378:repository/*", + "arn:aws:ecr:*:520713654638:repository/*", + "arn:aws:ecr:*:462105765813:repository/*" + ] + }, + { + "Sid": "EcrAuthorizationTokenRetrieval", + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject" + ], + "Resource": "arn:aws:s3:::sagemaker-*/*" + }, + { + "Effect": "Allow", + "Action": [ + "s3:CreateBucket" + ], + "Resource": "arn:aws:s3:::sagemaker*" + }, + { + "Effect": "Allow", + "Action": [ + "iam:GetRole", + "iam:ListRoles" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::*:role/*", + "Condition": { + "StringLikeIfExists": { + "iam:PassedToService": "codebuild.amazonaws.com" + } + } + } + ] +} + +``` + +If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: + +```json + { + "Sid": "VpcAccessActions", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs" + ], + "Resource": "*" + } +``` + +### Development + +Checkout the repository. + +```bash +make install +``` + +#### Testing locally +To build locally, use one of the example Dockerfiles in the *examples* directory + +```bash +ROLE_NAME=<> +(cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) +``` + +```bash +(cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) +``` + + +#### Testing on SageMaker Studio + +To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +black . +make -k s3bundle +``` + +From a "System Terminal" in SageMaker Studio + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . +pip install sagemaker_studio_image_build-x.y.z.tar.gz +``` + +## Security + +See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. + +## License + +This library is licensed under the MIT-0 License. See the LICENSE file. + +%package -n python3-sagemaker-studio-image-build +Summary: Build Docker Images in Amazon SageMaker Studio using AWS CodeBuild +Provides: python-sagemaker-studio-image-build +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-sagemaker-studio-image-build +## SageMaker Docker Build + +[![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) +[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) + +This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. + +### Usage + +Navigate to the directory containing the Dockerfile and simply do: + +```bash +sm-docker build . +``` + + +Any additional arguments supported with `docker build` are supported + +```bash +sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar +``` + +By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket + +These can be overridden with the relevant CLI options. + +```bash +sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 +``` + +The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. + + +### Installing + +Install the CLI using pip. +```bash +pip install sagemaker-studio-image-build +``` + +Ensure the execution role has a trust policy with CodeBuild. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "codebuild.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "codebuild:DeleteProject", + "codebuild:CreateProject", + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogStream", + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": [ + "logs:GetLogEvents", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogGroup", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ecr:CreateRepository", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:UploadLayerPart", + "ecr:ListImages", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage" + ], + "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" + }, + { + "Sid": "ReadAccessToPrebuiltAwsImages", + "Effect": "Allow", + "Action": [ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Resource": [ + "arn:aws:ecr:*:763104351884:repository/*", + "arn:aws:ecr:*:217643126080:repository/*", + "arn:aws:ecr:*:727897471807:repository/*", + "arn:aws:ecr:*:626614931356:repository/*", + "arn:aws:ecr:*:683313688378:repository/*", + "arn:aws:ecr:*:520713654638:repository/*", + "arn:aws:ecr:*:462105765813:repository/*" + ] + }, + { + "Sid": "EcrAuthorizationTokenRetrieval", + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject" + ], + "Resource": "arn:aws:s3:::sagemaker-*/*" + }, + { + "Effect": "Allow", + "Action": [ + "s3:CreateBucket" + ], + "Resource": "arn:aws:s3:::sagemaker*" + }, + { + "Effect": "Allow", + "Action": [ + "iam:GetRole", + "iam:ListRoles" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::*:role/*", + "Condition": { + "StringLikeIfExists": { + "iam:PassedToService": "codebuild.amazonaws.com" + } + } + } + ] +} + +``` + +If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: + +```json + { + "Sid": "VpcAccessActions", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs" + ], + "Resource": "*" + } +``` + +### Development + +Checkout the repository. + +```bash +make install +``` + +#### Testing locally +To build locally, use one of the example Dockerfiles in the *examples* directory + +```bash +ROLE_NAME=<> +(cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) +``` + +```bash +(cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) +``` + + +#### Testing on SageMaker Studio + +To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +black . +make -k s3bundle +``` + +From a "System Terminal" in SageMaker Studio + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . +pip install sagemaker_studio_image_build-x.y.z.tar.gz +``` + +## Security + +See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. + +## License + +This library is licensed under the MIT-0 License. See the LICENSE file. + +%package help +Summary: Development documents and examples for sagemaker-studio-image-build +Provides: python3-sagemaker-studio-image-build-doc +%description help +## SageMaker Docker Build + +[![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) +[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) + +This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. + +### Usage + +Navigate to the directory containing the Dockerfile and simply do: + +```bash +sm-docker build . +``` + + +Any additional arguments supported with `docker build` are supported + +```bash +sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar +``` + +By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket + +These can be overridden with the relevant CLI options. + +```bash +sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 +``` + +The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. + + +### Installing + +Install the CLI using pip. +```bash +pip install sagemaker-studio-image-build +``` + +Ensure the execution role has a trust policy with CodeBuild. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "codebuild.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "codebuild:DeleteProject", + "codebuild:CreateProject", + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogStream", + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" + }, + { + "Effect": "Allow", + "Action": [ + "logs:GetLogEvents", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" + }, + { + "Effect": "Allow", + "Action": "logs:CreateLogGroup", + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ecr:CreateRepository", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:UploadLayerPart", + "ecr:ListImages", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage" + ], + "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" + }, + { + "Sid": "ReadAccessToPrebuiltAwsImages", + "Effect": "Allow", + "Action": [ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Resource": [ + "arn:aws:ecr:*:763104351884:repository/*", + "arn:aws:ecr:*:217643126080:repository/*", + "arn:aws:ecr:*:727897471807:repository/*", + "arn:aws:ecr:*:626614931356:repository/*", + "arn:aws:ecr:*:683313688378:repository/*", + "arn:aws:ecr:*:520713654638:repository/*", + "arn:aws:ecr:*:462105765813:repository/*" + ] + }, + { + "Sid": "EcrAuthorizationTokenRetrieval", + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject" + ], + "Resource": "arn:aws:s3:::sagemaker-*/*" + }, + { + "Effect": "Allow", + "Action": [ + "s3:CreateBucket" + ], + "Resource": "arn:aws:s3:::sagemaker*" + }, + { + "Effect": "Allow", + "Action": [ + "iam:GetRole", + "iam:ListRoles" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::*:role/*", + "Condition": { + "StringLikeIfExists": { + "iam:PassedToService": "codebuild.amazonaws.com" + } + } + } + ] +} + +``` + +If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: + +```json + { + "Sid": "VpcAccessActions", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs" + ], + "Resource": "*" + } +``` + +### Development + +Checkout the repository. + +```bash +make install +``` + +#### Testing locally +To build locally, use one of the example Dockerfiles in the *examples* directory + +```bash +ROLE_NAME=<> +(cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) +``` + +```bash +(cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) +``` + + +#### Testing on SageMaker Studio + +To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +black . +make -k s3bundle +``` + +From a "System Terminal" in SageMaker Studio + +```bash +export DEV_S3_PATH_PREFIX=s3://path/to/location +aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . +pip install sagemaker_studio_image_build-x.y.z.tar.gz +``` + +## Security + +See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. + +## License + +This library is licensed under the MIT-0 License. See the LICENSE file. + +%prep +%autosetup -n sagemaker_studio_image_build-0.6.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-sagemaker-studio-image-build -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Tue Jun 20 2023 Python_Bot - 0.6.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..7a1fdbf --- /dev/null +++ b/sources @@ -0,0 +1 @@ +b878958845c4ca971863f8a6e4eded5e sagemaker_studio_image_build-0.6.0.tar.gz -- cgit v1.2.3